If a cyber attack occurred tomorrow, could your organization continue to function? Odds are the answer is no.
In a survey by Spy-Ops, less than 1% of organizations have planned for a cyber attack. What is even more shocking is that less than 1% has business continuity plans that address the threat of a terrorist attack. Both of these events are now foreseeable threats and as such require all organizations to create strategies to minimize these risks. Failure to prepare for these events could bring charges of negligence from all of those who are negatively impacted.
For companies in America, the issue of liability for cyber-attacks is a significant risk, said Edward Maggio of Spy-Ops.
Many business organizations are waiting for specific regulations to require action before they implement procedures and safeguards to a cyber-attack. The reality is that with so many publications like this one and other like news article, academic journals or material from a conference available to the public now puts an organization on notice that a cyber-attack is foreseeable.
Since cyber-attacks are now foreseeable acts that can cripple a business organization, the failure to mitigate an attack can rise to the level of negligence in U.S. civil courts, Maggio stated. He then went on to say: The we didn’t know defense is no longer working in the realm of liability for cyber-attacks.
Resilience engineering is a relatively recent term given to a collection of activities designed to create the ability for organizations to continue to operate under extremely adverse conditions such as a cyber attack. These activities are rapidly evolving into what is sure to become industry Best Practices and some security experts believe it will soon become a regulatory requirement.
Technolytics estimates that a one day interruption of eBusiness could easily exceed $35 billion. If a cyber attack were to occur now or in the near future, it would surely send the already shaky economy into a tail-spin. This is considered Economic Warfare that is just one of the fifteen modalities of UnRestricted Warfare (URW).
Business, Government and Industry need to build resiliency into their systems and operations if we are to be secure.
1) The issue of liability is something I’d never thought about, very interesting.
2) I suspect that the preparedness numbers are so low because non-international SMEs were included; from a macroecon perspective it’s ok if the Indiana Motorparts Co. is out of business for a while.…
3)Numbers such as Technolytics remind me of the heydays of the first internet boom…if we only get 1% of the potential global market for wireless bras, we’ll provide a 500% ROI. A one day interruption of eBusiness, exactly who and how is anyone going to achieve this?
4) I suspect the biggest concrete threat would be for Mastercard-Visa-AMEX to all lose their payment transaction capacity, it only takes so many days before people start taking food, if their cards don’t work. The question is whether there is any attack that could accomplish this, I venture to say, no.
I say think ahead & plan now.
The need is NOW or soon.
Why wait.
Get organized now & do Sim Runs.
Then U can see your IT IS weakness alone.
ALL companies.
esp Fortune 500 size.
or MNCs.
NO excuse.
Can impact Bottom line & Security alone.
Wellpoint aka Blue cross does have a business continuity site.
I am in it right now. Former NSA monitoring site. Kind of cool actually.
You guys are looking on a very micro level with idea that a single person will take down a single piece of the global network. To me, cyber attacks can be used as a method of conducting war.
Right now China (DA will love reading this) has probed and attacked numerous websites. This includes shutting down the official White House website.
So what if they have the capacity (and it seems quite plausible) to cripple our entire network infrastructure? You are talking about reverting back to the old paper transaction way of doing things which we are really no longer equipped for.
With our military at bare bones as it is, how easy would it be to ramp up production on everything and create government contracts for outsourcing production with the ability to communicate over a network?
So imagine one day of zero dollar transactions in the US. A state sponsor of such an event such as China could cause crippling effects to our economy. Further eroding our ability to conduct war operations.
Spare fibers mean nothing if the equipment sitting in the racks are locked up and can’t function properly.
DC2
Adam and other interested. We saw for the very first time the threat of a cyber attack listed in financial filings required by the SEC as a qualifying statement in the area of risks that would negatively impact the companies ability to meet the projected numbers. One of the Big 4 auditors signed was involved in the filing. The company is not a eBusiness but used the web for customer care and order tracking information as well as working with their B2B channel partners. This indicated that a cyber attack is a foreseeable risk and since one publically traded company identified the risk and the Big 4 auditor agreed — the rest will soon have to follow.
Now for your comment about ISPs capabilities. AT THIS TIME A DDoS at the 21GB per second scale against the backbone would impact performance. A DDoS attach would take hours if not days to block all the IP addresses. THERE IS NO SILVER BULLET to block or recover form a DDoS. BTW — a STORM based botnet with the 50 to 80 million computers currently infected could generate in excess of 46GB to 65 GB per second attack rate.
ADAM if you really want to get into the details drop me an email and we can get on the phone. kgcoleman@technolytics.com
Charly
It already happened in Estonia. The backs were hit so had by the 21gb per second DDoA attack that credit and debit card processing was disrupted during the three week attack!
This is all crap. It’s really just scared tactics from the insurance companies and security contractors. Those of us that acually run systems for large companies (Apparently I am allowed to tell people that I work for a ‘Major International Financial Institution’) know that this is all pretty much crap. Attacking single sytems with large bot or storm attacks can be bad specially if that business relies heavly on the internet (Most businesses don’t, most run via LANs) AND didn’t plan for that kind of attack.
Ever wonder why Microsoft, Amazon, Ebay, Slashdot, google, etc never go off line. Do you think it’s because they are not a target? Or do you think it’s more likley they have systems in place to deal with the attacks.
And as I have said before, give me a break on the global disaster because of internet based attacks. It’s a fantacy designed to make money for people that should know better.
Hi Kevin, DC2 etc.,
Yes, cyber attacks do occur, but on a micro level. Why China gets brought up as a potential attacker of US infrastructure I haven’t got the faintest idea — except to scare people. If the U.S. cannot do business for a day/week, China would lose out too. China’s growth then gets compromised, which leads to increased internal destabilization — not something the Chinese leadership wants. So, yes, the Chinese are good, but why on earth would they do it?
As to Estonia, I have been told the attacks were far more serious then was publicly reported, but again, there’s a vast difference between having degraded performance and nothing — and I’ve yet to read/hear anything that would convince me that anyone has the capability to achieve ‘nothing’. But, I’m more than interested in hearing/seeing otherwise.
Kevin– you should start paying Ward and Christian for the ad space, if you’re not already. Hope “Resiliency Engineering”™ buys you a new plasma widescreen.
Let’s get this out right now. I get no financial reward from doing this. In fact about 1/3 of my time is giving closed briefings (FREE) to governmental agencies and private organizations on internet threats. I was proud of what we accomplished at Netscape and I find it necessary to help defend what i/we had a hand in creating. So there is my motivation. I do not want the U.S. to go through what Estonia did. I do not want to see the hundreds of organizations I created their eBusiness strategies be hit and harmed by such attacks.
Are we in politics here?
Why is it that when someone has a credible message, and attacks against that message are refuted, we attach the character of the messenger?
I guess we haven’t learned our lesson yet.
DC2
Great Point DC2
People are in denial just how vulnerable we are all. Most people do not realize that last year, a new software vulnerability was reported every 69 seconds and that was a big improvement over the year before. In one closed door meeting with a Fortune 500 company the mood and tone changed from “it can’t be that bad” to “It is so bad — much worse that I ever imagined.” We are in a critical situation now. Public and private cooperation is needed to respond to this global threat and the interaction on here is typical to that which is going on at a very high level in corporate boardrooms and executive offices around the beltway.
To go a step further, I believe it is acceptable for risk to be identified. The business world has done a exceptional job of risk management. I am assuming that the DD (not for politicians who have already proven otherwise) is managing this risk. To avoid confusion I defined RM as
–identifying a possible outcome
–determine the cost fix mitigate
Capability/intent is part of the risk evaluation.
then why is it that the only place I’ve seen this write up is in or on mil.com. get it out there. put it in the media, newspapers.put it out over the internet. not only mil.com but microsoft ‚google,any and all public information areas. people need to be led to water before they can drink. are haven’t you noticed
good points.
Get organized now & do Sim Runs.
Then U can see your IT IS weakness alone.
ALL companies.
esp Fortune 500 size.
or MNCs.
NO excuse.
We are a leading golf products manufacturer of China, which holding the most advanced golf equipments and machine, with many years
We specialize in producing and supplying all kinds of top golf products, including: golf club: golf driver, golf wedge, golf hybrid, golf fairway wood, golf wood, golf head, golf irons, golf putter; golf accessories: golf shoes, golf clothes, golf apparel, golf bag, golf hat, golf gloves, golf glasses and other golf accessories. And they can be made in various famous brands as your like. golfgogo
No can not forget is your own heart after all, now playing a game of this is that I will not go depends on what other people say, criticize what they play their own. I always warn my own cheap hellgate gold. Often in the game, mixed how could not be right and wrong. Men not like Men, women not like women, like the cruel woman curse street. He playing is certainly not satisfactory or heat defects. In the game he is find his own metamorphosis of the heart. For you, do not have to care about too much.
1) The issue of liability is something I’d never thought about, very interesting.
I only want to say that, we are playing the game is not the game playing us, game only used for the entertainment, do not let ourselves feel so tried, do not because some cheap 2moons dil then affect the feeling. Sincere treatment of others, you will get many of my friends.
Now when boy heard his colleagues buy cabal alz or discuss which place can buy the cheap Cabal Alz, he often thinks of the girl, but he knows that all things already finished.
no time play this game again, although this is network, but playing together a long time, there is a soul of the same feeling, and every time you think of a buy dofus kamas, now also do not see in you.
sometime we can get many equipment, return the city we can sell these equipment than get some cronous money, we together to chat and kill the monster, The e friendship more and more good at the same time our level were advance too.
One day, I was so bored, and go to other regions to stroll, then I discovered that in the first region have many people, and there was so busy. To there, I had discovered that have many people to hit, and they were as much as 20 levels and buy last chaos gold
For companies in America, the issue of liability for cyber-attacks is a significant risk,
They let me next time to play the game together with them, when the next time to play the game I together to play with them, they found that my level was high, they asked me why, I told them because the FFXI Gil.
After that I think we should use cheap linden, I think even so, we can not only play games
buy cheap nokia n95 experience without nokia mobile learning is better than learning without excperi-ence. I have nokia 6300 but one lamp wait which my feet are guided; and that bose headphones is the lamp of experience. I know of no way of judging of the future but by the apple touch past. http://www.leadsoftstore.com/