{"id":3934,"date":"2015-05-12T18:16:42","date_gmt":"2015-05-12T18:16:42","guid":{"rendered":"http:\/\/kasperskydaily.com\/b2b\/?p=3934"},"modified":"2020-02-26T18:54:40","modified_gmt":"2020-02-26T16:54:40","slug":"business-continuity-risks","status":"publish","type":"post","link":"https:\/\/www.kaspersky.co.za\/blog\/business-continuity-risks\/3934\/","title":{"rendered":"Business Continuity Risks"},"content":{"rendered":"

Kaspersky Lab hosted the Kaspersky Cybersecurity Summit 2015<\/a> in Singapore this April, dedicated to enterprise IT Security challenges \u2013 and solutions<\/a>.<\/p>\n

The motto for the event was: \u201cBusiness under attack: adapting to the inevitable\u201d. Enterprises are targeted, of course,<\/a> but in some cases \u2013 given the amount and sophistication of threats \u2013 companies don\u2019t have to be targeted to become victims. We now live in the world of \u201cwhen\u201d, not \u201chow\u201d, and that\u2019s what the Kaspersky Security Summit is about, among other things.<\/p>\n

Risks to business continuity #enterprisesec<\/p>Tweet<\/a><\/blockquote>\n

The most advanced and sophisticated threats tend to emerge at the enterprise level, where criminals are hunting for the \u201ctop prizes\u201d such as secret and highly sensitive information valued at millions, or access to corporate banking accounts where millions are stored. After these advanced hacking techniques are successful at the enterprise level, criminals start using them against\u00a0lower-level targets. Among the recent examples \u2013 Carbanak APT: the eventual attacks on ATMs have been preceded by the massive \u201crecon\u201d operations to gather and analyze data.<\/p>\n

Working the cyberthreats at the enterprise level we are almost certainly capable of mitigating them at any other level, too.<\/p>\n

One of the key areas of focus and responsibility for the enterprise CIOs is, of course, the continuity of the business. Certainly not the only one, but for a large business its continuity is especially critical. Processes should not halt; every interruption will have dramatic and long-playing repercussions. Especially when it comes to a larger businesses: restarting everything and restoring it to normal requires huge efforts \u2013 just imagine stopping and then relaunching an entire array of production lines or halting and then relaunching logistic processes.\u00a0A large enterprise with lean processes \u2013 ordering, production, shipments \u2013 suddenly experiences a severe interruption because of a certain cyberincident: one of its departments systems go offline, the entire company experiences heavy drawbacks, and direct and indirect losses, and so do its partners.<\/p>\n

Just because of a single piece of nefarious code.<\/p>\n

Another good \u2013 if not extreme \u2013 example here is a successful cyberattack on industrial systems, SCADA or even PLC, that effectively halts production lines. Industrial networks were considered more secure because of higher isolation from public networks. But 35% of all cyber incidents there happen because of malware attacks; and that malware arrives on USB sticks or injected through third party software and firmware. Moreover, today\u2019s industrial systems were often\u00a0built without an \u201cIT security-in-mind\u201d approach \u2013 a design flaw which was not at the time these systems were\u00a0built.<\/p>\n

\"slide3\"<\/p>\n

A simpler example would be a potent DDoS attack that cripples entire data centers, or knocks them out\u00a0of commission: even if just a single entity leasing that data center facilities are targeted, overkills are numerous. What is more troubling is that downtime may be too long for all affected parties: almost every fifth cyber incident takes longer than 24 hours to recover, which is absolutely unacceptable for anyone, especially large enterprises.<\/p>\n

One of the charts in my keynote today (see below), shows major risk factors for business continuity:<\/p>\n

\"slide2\"<\/p>\n

The first group of risk factors include such external causes as malware outbreaks that may happen on desktop, mobile or virtual environments, unless those are properly secured; DDoS attacks that are aimed to disable customer-facing services such as online registrations, ticketing, etc. Today, the truth is even grimmer: there are sophisticated DDoS attacks that may be launched against any online service, including non-public ones.<\/p>\n