Weathering the cyber storm
- By Byron Love
- Nov 07, 2019
“Prepared, Not Scared” was the theme for the September National Preparedness Month that encouraged organizations to take disaster and emergency planning seriously. The Department of Homeland Security advises individuals, businesses and communities alike to prepare by assessing the threat, creating a response plan and practicing that plan to build resilience and remain safe whatever natural disasters or extreme weather events Mother Nature throws their way.
Cyber storms, however, happen far more frequently than natural disasters.
Unlike with weather events, there are no mature response protocols for cyber storms, such as digital espionage or ransomware, virus and denial of service attacks. These storms can and eventually will victimize all types of organizations. Consider just a few of the many attacks that took place in 2019:
- A ransomware attack disrupted Baltimore city services for weeks and cost the city at least $18.2 million.
- A virus attack on the Philadelphia online court system disrupted the city's ability to administer justice.
- Twenty-two local governments were victims of a coordinated ransomware attack in Texas.
- A Fortune 500 hotel chain fell victim to a Deep Panda digital espionage attack that exposed its customers' personal information to the Chinese government.
- A leading cyber protection services provider reported that it suffered a breach of sensitive customer data that included email addresses, passwords and security certificates.
While the 2019 hurricane season winds down at the end of November, cyber storms will continue. Experts estimate that cyber storms will continue batter vulnerable critical infrastructure and cause economic and security disasters at an unimaginable scale. The proliferation of cyberattacks is expected to run up $5.2 trillion in damages over the next five years, far outweighing the $306 billion lost in the U.S. yearly to natural disasters. As threat actors become more seasoned, the nation's critical infrastructure is at risk, endangering transportation systems, power grids, food and water supply systems, dams and health care systems and putting millions of lives at risk.
One way to combat these attacks is through incident response that addresses preparation through eradication and recovery. Advanced artificial intelligence and machine learning can deliver automated incident response solutions for routine incidents, freeing up scarce security analysts to conduct complex threat analysis. Additionally, automated threat intelligence platforms enable security analysts who support the DHS, and over 100 federal agencies, to quickly identify and eradicate threats on government networks.
In additional to deploying advanced technology to fight cyberattacks, organizations must train teams of security analysts to apply cyber solutions and analysis methodologies to assess cyber threats, develop data driven playbooks for responding to those threats and implement playbooks in times of cyber crisis. Only then will organizations be “Prepared, Not Scared” of cyber disasters and confidently weather the cyber storms ahead.
Byron Love is a senior program manager, cyber protection services, at Raytheon Intelligence, Information and Services.