Cyberattacks don’t just affect an enterprise’s data — in fact, they can affect business’ ability to operate. In some industries, this could mean loss of life!
There is one topic at the forefront of every industry event and every conversation I have with executives across the globe: cybersecurity. Computers, smartphones, tablets, and Internet of Things devices are connecting millions of businesses to billions of citizens, all while producing an incredible amount of data daily; it’s no wonder cybersecurity is a top priority in industries around the world.
I recently traveled to Israel to attend Rimini Street’s StreetSmart annual client event. This incredible proceeding brought together Rimini Street clients from various industries in both the public and private sectors, all of whom share a common passion for digital innovation. Unsurprisingly, conversations turned to cybersecurity and the omnipresent threat of cyberattacks. Here are some of the key take-aways from those conversations:
Cyberthreats can cause long-term damage to businesses
Cyberattacks are becoming more common and increasingly disruptive with every passing year, affecting businesses and governments in very material ways. Such attacks have immediate ramifications on organizations (financially or otherwise), but there can be a public relations fallout that endures for weeks or even years. For a CISO, CIO or even a CEO, front page news coverage of an attack represents just the start of a very bad time. The unease it creates in consumer relations can result in cancellations which affect the bottom line. For example, a bank may be hard-pressed to keep customers after the media reports a major breach.
And the risk of cyberthreats is not going away. If anything, it is increasing, especially attacks on ERP systems. McKinsey analysts report that although many executives may not fully appreciate the vulnerability of their ERP systems, supply chain attacks rose 42% in Q1 2021, and industrial control and operational technology attacks more than tripled in 2020.
Cyberattacks can target public welfare
When we imagine the types of cyberattacks, we often think of stolen personal information or industry or government secrets, or just blatant credit card fraud. Cyberattacks are personified as a shadowy figure in a hoodie who targets computer information systems, computer networks, digital infrastructure, or personal devices to make a few bucks — an image burned in our collective mind thanks to pop culture movies like Hackers and The Matrix. The truth is that hackers do not wage cyberwarfare solely against enterprise IT, as many would assume. They also levy their attacks against the enterprise’s customers and supply chain.
Such was the case for a hospital in the Ministry of Health network, a Rimini Street client that operates hospitals in Israel and France. This hospital was a victim of a cyberattack (possibly a DeepBlueMagic ransomware strain) that affected not only their digital communications and operations but also vulnerable citizens who depended on the organization for care.
When the hospital’s network was attacked, its digital systems went down, which affected thousands of medical professionals and even more private citizens. New patients could not be registered. Doctors could not access previous medical records, which inhibited them from making proper diagnoses and planning operations for their patients. Can you imagine being a patient entering the operating block when the systems went down? The toll exacted by the cyberattack was more than financial — it was humanitarian.
The Ministry’s hospital was able to survive the attack by blocking all the affected systems and moving to manual-only work while they recovered system by system until they had all back and working. The consequences could have been truly massive given how much health care is automated. The cyberattack was much more than an “IT problem” and extended far beyond a simple virtual, unpalpable, silent attack designed to damage the enterprise.
Could something like this apply to your business and your customers?
As citizens, who are consuming and relying on IT systems daily, whether through banking or other services platforms, shopping, travelling, monitoring our kids daily moves, etc…, we are more demanding each year, expecting information and systems to be always available and fast. We don’t expect or even tolerate that our trusted service provider goes down for even a few minutes. The fact that they may have been the victim of a cyberattack is not a good excuse and frankly… this brings a lot of concern and risks to the partnership.
I recently met with one of the many city councils we support and asked them about their security posture. They are a fast-growing city, so much more prone to all types of cyberattacks. Can you imagine the fallout from a hacker taking down a city’s systems? Suddenly, citizens couldn’t register their kids for school or record the birth of a new-born. They couldn’t submit a home visitation request for care of an elderly parent or start service to collect their garbage bins. The list of issues is much longer than the few I mentioned. You would certainly make the first page of the paper and your happy days at the city council could sadly be counted!
Understand how a cyberattack could impact your business
“Future of ERP: Ways to Bolster Security as You Move ERP to the Cloud” notes that “It’s certain that over the next five years criminals will continue to up their game and further infiltrate critical enterprise data stores, so ERP security strategy should be a priority.” Burying your head in the sand is not an option if you’re a CISO, CIO or CEO — you must be prepared for online attacks.
Putting in place robust systems, being innovative and digital are essential. Building good layers of security and developing a modern approach to security, with zero-day protection, are also critical. However, to avoid the business continuity risk of getting blind-sided when (not if) your enterprise is hacked, include how to recover from of a cyberattack in your business continuity and disaster recovery planning. This means assessing the business continuity risks and then updating (or creating!) your continuity and recovery plans. Be sure to include impacts on – and strategies for ensuring the following:
- Your ability to conduct business
- Your ability to remain compliant with government and other requirements
- Your financial commitments are met: incoming and outgoing
- Potential humanitarian issues (e.g. putting customers, constituents, users at personal risk)
- Other factors that are unique to your industry, geography, geopolitical environment, etc
Looking for thought-provoking, educational IT content? Check out Street Wise, your one-stop shop for authoritative articles, interviews, blogs, and more from industry leaders on today’s hottest topics.
You might also like:
- Read: CISO’s Guide to Security
- Solution: Global Security Services