Everything in cyber

Non-Healing Wound: The Real Damage from Cyber ​​Attacks

When discussing the time dimension in cyber attacks, two issues are usually addressed: one - the speed of identification and response to an event, and the other - the time it takes to recover from an attack, but the real impact is long-term and destructive.

Yotam Gutman

19/06/2022

Sunday, June 19, 2022, 11:00 p.m.

• Share on Facebook

• Share on WhatsApp

• Share on Twitter

• Share on Email

• Share on general

• Comments

  Comments

When discussing the time dimension in cyber attacks, two issues are usually addressed: one - the speed of identification and response to an event, and the other - the time it takes to recover from an attack.

As for the speed of identification and response to the incident, things are clear.

Generally, it is possible (at least in retrospect) to recover the moment of intrusion into the organization and from it measure how long it took until the organization's systems identified the attack, alerted it and until the security teams dealt with the attack.

This time is usually measured in seconds, minutes and hours.

However even after a "final event" has been announced it can take a long time for the organization to fully recover, and this time can be measured in weeks, months and even years.

What kind of influence are we actually talking about?

More on Walla!

The climate crisis is already here, but there is one important way to delay it

In collaboration with the JNF

Not a simple story at all (Photo: ShutterStock)

• Image -

  A cyber attack can have a devastating image effect on an organization, which in the immediate term may drive customers away and cause direct economic damage (cancellation of subscriptions) and indirect (damage to the share price).

  Past experience shows that the organization's handling of the incident has a decisive impact on public attitudes.

  Organizations that have admitted to cyber incidents in a fast-paced, transparent and honest manner have generally not suffered from reputational damage, sometimes quite the opposite.

  In any case, such harm, even if it did occur, seems to be forgotten after a while and the reputation of organizations, in general, is not harmed by cyber attacks.

• Economic -

  A cyber attack harms the body that absorbs it.

  It causes direct expenses, such as launching external response and negotiation teams, purchasing the equipment and software needed to operate the event, activating cyber insurance (which raises the premium when renewing) and more. To provide services, to carry out transactions and in large part loses money because it is unable to function normally.These troubles are compounded by another trouble in the form of fines that the regulator can impose on the aggrieved organization if it is proven not to have done enough to prevent the attack.

• Stock value -

  There are various studies that show that the stock value of companies that suffer from cyber attacks is harmed in the short-to-medium period of time and then recovers.

  Even if in the long run the company's value (its share price) is not harmed, a drastic drop in the value of the stock causes economic damage to shareholders, institutional investors and also to employees who see the value of the shares and options in their hands plummet.

  Certainly it does not contribute to the image of the company.

• Full functioning of the information systems in the organization - this is the "forgotten" aspect of cyber attacks.

  Most enterprise systems (servers, end stations, communications equipment and enterprise systems) are put back into operation within hours or days - with or without the information stored in the backup (if there was no proper backup then valuable information is often lost in the process).

  But, different organizations, especially public organizations, have a variety of information systems of different types.

  Some of them are very difficult to repair or restore.

  Dedicated software and hardware must be ordered, expert professionals brought in and sometimes there is no escape and new systems must be purchased to replace those that have been damaged.

  These processes take a long time - sometimes even months and years, and harm the quality of service provided to customers.

  When it comes to public bodies such as municipalities, hospitals, etc., the repair time lengthens and the damage increases - and those who suffer in the end - are the citizens.

  They are the ones who receive less good service (long waiting times for queues,

Here are some examples

• Baltimore City Hall

  - May 2019. City Hall was attacked by the Robin Hood heretical group.

  The city's IT systems have been shut down, including email systems.

  The rehabilitation lasted for many months and its total cost ranged from $ 10 million to $ 18 million (when the amount of the initial ransom requested was less than $ 1 million).

• Hillel Yaffe

  - October 2021.

  The hospital was attacked by assailants with an economic motive.

  Negotiations with them agreed on a ransom of NIS 3 million, but the state refused to pay it and the organization's systems were fatally damaged.

  The recovery was long and slow and included a series of urgent tenders for the purchase of equipment that was necessary for the operation of the hospital, such as a server that supports the CT system in the hospital.

  The Ministry of Health recently completed an investigation that revealed that the total cost of operating the event and returning the hospital to full fitness cost the taxpayer more than NIS 32 million - about 10 times the original ransom amount.

• Gloucester Municipality

  - December 2021. The municipality was attacked at the end of last year, and even today, six months after the incident, the information systems dealing with the licensing of construction and assistance to those entitled to full-functioning public housing have not returned.

  The municipality has allocated an additional budget of about half a million dollars to repair further damage from the incident.

The break-in cost the taxpayer more than NIS 32 million.

Hillel Yaffe (Photo: Reuven Castro)

Yotam Gutman (Photo: Sentinel One)

I am not arguing that the ransom should be paid (insofar as these are required at all, and it is not an attacker who simply steals or terrorizes for another purpose).

I do argue that in most cases an ounce of protection is worth a pound of repair.

At low costs (relative to repair costs and damage) the attacked organizations could implement modern defense systems that would detect the attack at an early stage, thwart it or at least contain the damage in a small part of the organization so that investigation and repair operations (even if external experts are involved) could Be carried out quickly and efficiently and thus return the organization to activity in the shortest possible time.

• technology

• Cyber

Tags

• Cyber