Jul 10 2015

Inspecting Cyber Events Of July 8

By now, you’ve probably seen and heard a wealth of coverage pertaining to the cyber events that took place on July 8, 2015 and are known to have impacted the New York Stock Exchange and United Airlines, at the very least.

Many people are reading of the reports and hearing one of two scenarios-these were very large and debilitating glitches-albeit oddly coincidental. Or that these were orchestrated attacks that could be part of a larger-scale cyber war. We know at least that the NYSE is blaming their issues on problems with new software, but whether that is actually the case or a smokescreen is anyone’s guess.

After hearing those possibilities, the next thought you have likely focuses on “what should we do?”  Which is only natural, but is counter to what I am about to get into. As with any other crisis or emergency type situation, often what you don’t do ends up being as critical as those which you do. In this case, we will discuss what you should not do.

First and foremost? Don’t panic. Seems obvious, but it’s always worth repeating. Until a deeper forensic analysis has been done, nothing is known. It could end up that one or both outages really was a result of coincidental glitches that just by random chance happened to be on the same day in the same time frame. The digging could reveal that one was an accident and one was an attack. Or that both were attacks. We simply don’t know, so now is not a time to panic.

Second, don’t let a good issue go to waste. In other words, while it could be an accident or an attack, either way it did not happen to you but just because you were not directly impacted does not mean you can’t take advantage of the situation. Times like these are great to remind staff that DR plans need to be kept current, and things like backups should be up to date, stored properly and managed. Also, it’s an excellent reminder that you actually need to drill your staff on how to respond should a breach be discovered. If you never practice it, you will be in a bad spot if and when things actually hit the fan, and it’s your first time running off of the script? Things will not go according to plan, more often than not.

Lastly, don’t ever think you are too small of a firm to be a target. No target is too small for someone. While you might not attract the interest of a nation state, you may for one reason or another fall into someone’s crosshairs. Just because you think you are small, uninteresting and under the radar relative to a hacker’s desired targets doesn’t actually mean you are. And “flying under the radar” really isn’t a great defense.

Be prepared, be vigilant. Even be paranoid. A little paranoia isn’t always a bad thing.