Kevin Coleman is a senior fellow at the Technolytics Institute and former chief strategist at Netscape. (File)
Corporate, government, military and intelligence agency systems are the heart and brain of these organizations. What if the systems just were not available?
This is not about DDoS attacks; it is about locking up the systems or the data. A question was posed to the management of multiple organizations that I am sure made them stop and think: How long could their organization last without having access to their systems/data before irreparable or significant harm was caused? Stop and think about it for a moment. There have been a couple of cases where this happened. The general consensus was not long (hours, a day or two at best).
Cyber attackers have taken control of an organization’s systems, encrypted the data and demanded a ransom be paid before they released their seized records. Remember the 2009 incident involving 8 million patient records? This is not as uncommon as you might think. The threat has become so intense that even Popular Mechanics magazine has covered it.One report stated that cyber extortion attempts account for 80 percent of all cyber attacks in Mexico and 60 percent in India.
One cleared cyber attack analyst said, “Current activity takes ransomware to a new level and the extortion methods will only become harsher and more destructive.”
He’s right! Cyber security giant McAfee stated in their Q1-2013 Threat report that ransomware was one of the top issues in that report’s period of coverage. This is a growing criminal activity!No one knows their motivations for sure, but one would have to consider that cyber terrorists might use this technique as a means to fund their organization’s activities in the physical and cyber worlds. After all, reports out of the UK stated that one cyber terrorist groupused stolen credit card data to fund their operation, so this would not be that big of a leap. As one cyber vulnerability is addressed, creative hackers find new, innovative ways to practice their tradecraft. Is this in your business continuity or your cyber attack response plans?Just how long could your organization last without your data?