The Chernobyl nuclear power plant dodged what could have been another major disaster this summer, thanks to quick thinking scientists who manually overrode the computer systems.
But the cause of this close call was entirely different than the catastrophic accident in 1986. This time, it was a computer virus, in the second massive wave of powerful cyber attacks this summer.
It was far reaching, hitting Europe, Scandinavia, India, the US and beyond.
Among the targets were also a Danish energy corporation, US pharmaceutical giant Merck, a Russian oil company, as well as shutting down Ukrainian government offices, subway turnstiles, and supermarket cashier machines.
Cyber attacks can happen to any size organization, anywhere, according to Kal Kurm, of Palo Alto Networks, one of the largest cyber security players in the world.
Attackers have compromised smaller enterprises in order to get to the larger target, he notes. For example, the Target retail store breach from a few years ago was initially a breach of the HVAC organization, that had access to Target systems.
Cyber security breaches, in general, are on the up tick, Kurm cautions.
“Our research indicates there is an increase in attacks. Organizations also tend to report breaches now, whereas historically most have tried to keep quiet where possible,” he says.
The result is that now, more than ever before, private, confidential and sensitive information can and will end up in the wrong hands.
Companies “need to have a mentality that this can and will happen to them at some point,” says Kurm.
Even mega-spending on security and highly skilled employees cannot stop the problem.
“Home Depot, Target, Sony all had large budgets and teams of people. It still happens. Organizations need a good plan to combat breaches, but also need a plan to recover.”
That’s why every business should have preparedness and a security plan.
That includes a bi-annual penetration test – a simulated hack – to ensure proper computer network security, as well as keeping on top of computer updates.
“Employee education is important too. That said, breaches still happen,” Kurm says.
Unfortunately, even though $84 billion is spent on cyber security around the world, according to management consulting firm Accenture, many companies are still leaving the door wide open for attack.
Last year IBM and Ponemon Institute surveyed 2,400 IT and security professionals, who revealed they did not have a cyber security plan for their organization. Two-thirds conceded that their company would crumble if hacked.
Additionally, research from IBM and Ponemon Institute showed that a typical breach will cost a company more than $7.3 million this year, up from $5.8 million in 2014. Globally, nearly a half-billion dollars was lost in cyber attacks in 2016, according to business insurer Hiscox.
Most famously, Yahoo’s security breach was serious enough that it sold the company to Verizon at a $350 million discount.
The two typical “big bucket solutions” of alert monitoring – scanning who’s in the network – and perimeter protection, such as firewalls, are “good to detect any breach, but prevention focused systems are always better,” says Kurm
The prime security vulnerability, he warns, are people.
“Individuals can do things maliciously for many reasons, however, the biggest threat is the accidental use case. Sending information home to a Gmail account to work on later, copying to USB drive, opening an email that looks legit,” he says.
“Most attackers now do not use brute force attacks through systems. They wait for someone to open a door for them either on purpose but most by accident.”
What’s more, a single security breach could mean the end of a small business.
Besides data being corrupted or stolen, some of the other consequences of being attacked are loss of an “organization’s reputation, and executive levels can be prosecuted,” and ultimately, an organization’s shut down.