Cyber Wellness Guide – Bringing risks to life

Take a look at how cyber security risk can affect your building with two scenarios drawn directly from real world incidents.

Scenario 1: Using data for extortion

An individual at ABC company received what appeared to be a standard PDF invoice by email from a trusted third-party supplier. This file however was malicious and simply disguised as an invoice by attackers. Once the payment was executed, the attackers gained access to the user’s machine. Local administrative credentials and user credentials were then harvested and used within the network environment. Since all backups were online and accessible, the attackers deleted all active backups and disabled the system.

A subsequent ransomware and file encryption campaign began at 3:00 a.m. on a Saturday evening and affected every single workstation and server in the environment. The IT provider was brought in to troubleshoot the issue only after the staff could no longer gain access.

Unfortunately, upon review, file and system image restoration was not possible due to lack of backups. A ransom screen appeared on all the workstations and servers and indicated that the entire organization had been compromised. The company panicked since they did not have an incident response plan, and reached out to a local cyber security firm for help. The organization would have to pay a six-figure ransom in order to get key systems back online so that their services would not grind to a halt. The cost and loss in business was severe, and now the company is developing better safeguards, creating an incident response plan and conducting user training on cyber security.

Scenario 2: Breach of information through an HVAC contractor

A major retailer faced a large-scale breach. When a third-party HVAC vendor plugged in his system at one of their retail locations to deal with routine maintenance work, hackers, who had gained access to his system, were then able to gain access to the retailer’s systems. Without adequate separation of network systems and information at the retailer, they were able to extend their access into the payment systems where card information of customers was stored. The retailer was not able to detect the breach and hence could not respond to it, until millions of people’s credit cards and information were compromised.

Multiple levels of failures occurred, including the level of access allowed to individuals and vendors, lack of separation between the different systems and segregation of critical information, and an inability to adequately detect or escalate unusual patterns.

After facing lawsuits, it has been widely reported that the retailer paid settlements in excess of US$18 million. This excludes their costs for litigation, curtailing the damage and recovery, not to mention loss of reputation and trust, which is estimated to have cost the retailer in excess of a hundred million dollars.

To download the complete BOMA Canada Cyber Wellness Guide click here

Related Blogs

Posted by Kathleen MacDonald | Monday November 15th, 2021
Launching The CRE Equity, Diversity and Inclusion Survey …It’s Time
Issuing a statement supporting Equity, Diversity and Inclusion was the first step for many commercial real estate (CRE) organizations. Then came the second step, forming an internal committee; and the...
Posted by Kathleen MacDonald | Monday November 15th, 2021
More than half of Canadians concerned about air quality at work
*Sponsored Content* Air quality top of mind for workers as they return to the office. It’s commonly said that we spend 90 per cent of our lives inside. For many...
Posted by Natalie Rekai | Thursday August 5th, 2021
Announcing the Circular Economy Guide for Commercial Real Estate
BOMA Canada is proud to announce the release of our Circular Economy Guide The Circular Economy - an economic model designed to remove waste and pollution, keep products and materials...