Ukraine Cyberattack a Warning to U.S. Companies By Floyd Arthur DOC
-
Upload
floyd-arthur -
Category
Documents
-
view
212 -
download
0
description
Transcript of Ukraine Cyberattack a Warning to U.S. Companies By Floyd Arthur DOC
Ukraine Cyberattack a Warning to U.S. Companies
By Floyd Arthur
On Dec. 23, 2015, hundreds of thousands of homes and businesses in the
Ukraine lost electrical power for six hours following what is now being
called a well-coordinated, well-planned cyberattack. Referring to the attack
on the power-grid as the first of its kind, SANS Industrial Control Systems
described the takedown as a multi-faceted effort that involved:
Cyberattacks
remotely switching off breakers to cut the power supply
exploiting malware already in the system to prevent utility company
employees from detecting the outage
flooding phone lines to prevent customers from reporting that the power
was out
The malware also damaged the system server, preventing the affected
power companies from quickly restoring service and making investigation
more difficult.
Although Ukrainian authorities have yet to release a full report, and
questions about the malicious code used to implement the cyberattack
Carmoon Group Ltd. Business Insurance Hempstead New York Page 1
remain, the cybersecurity firm iSIGHT Partners has attributed it to the
Russian hacker group Sandworm. In an interview with Ars Technica, John
Hultquist, head of iSIGHT's cyber espionage intelligence division said, "It's
the major scenario we've all been concerned about for so long."
U.S. Utility Companies Warned of Cyberattack Dangers
In the wake of the attack, the U.S. power industry’s Electrical Information
Sharing and Analysis Center issued a warning to power companies that they
needed to review their cyber-defense systems and “do a better job” of
preventing cyberattacks, according to a Reuters report. The warning did not
identify any critical shortcomings in the U.S. power grid, nor did it indicate
that the group felt there was an imminent danger of a similar incident on
U.S. soil. According to EIS spokesperson, Kimberly Mielcarek, "There is no
credible evidence that the incident could affect North American grid
operations and no plans to modify existing regulations or guidance based on
this incident."
Increasing Awareness of Cyberattack Threat
Perhaps the most disturbing aspect of the Ukranian cyberattack was how
easy it was. According to Robert Lipovsk, senior malware researcher at the
Ukrainian software-security firm ESET, "The alarming aspect of this attack
was that the infection vector” [for the malware] was phishing, the practice
of using email with a malicious attachment to gain access to a computer,
“which is quite a trivial way to get in.”
In fact, cyber-security firms advise that employee carelessness, such as
opening email attachments from unknown senders of using insecure
passwords on private computers used at work, is one of the biggest threats
Carmoon Group Ltd. Business Insurance Hempstead New York Page 2
to a business’ cybersecurity. According to experts who weighed in at
a Guardian roundtable last October, another is the failure of company
leadership to understand the threat. “One of the real dangers is that many
leaders don’t realise their organisations have become digital,” said one
participant. They “probably started their careers when their business was
paper-based, and in their minds that’s how the business still works.”
Communication and education (at all organizational levels), the group
agreed, is the key to an effective cyber security program, whether the
company is protecting customer data or access to a power grid. The group,
which included industry leaders such as Nigel Harrison, non-executive
director of the Cyber Security Challenge UK, Andrew Rogoyski, vice-
president of cybersecurity services at CGI, and Emma Philpott, chief
executive at the IASME Consortium, also urged businesses to:
Encourage all employees to set strong passwords and change them regularly
Update hardware, firmware and software as needed
Regularly patch firewalls
Change the default password on WiFi routers and gateways
Educate leadership and employees about cybersafety
Mandate that employees who use their own devices at work install firewalls
and antivirus software.
All across the globe, cybercriminals are becoming more adept at planning
and implementing cyberattacks, and no business, no matter how small, is
immune. A strong IT security program and educated employees is the best
defense against hackers, but having cyber liability insurance to protect your
firm is important as well. Find out more about this essential form of
coverage by contacting one of our business insurance experts today. Call us
at 516-292-3780 Monday through Friday 9 a.m. to 6 p.m., or request a free
consultation online now.
Carmoon Group Ltd. Business Insurance Hempstead New York Page 3