Archives

Individual Impacts of the Cyber Threat

Throughout Cybersecurity Awareness Month, we have explored key topics related to the dynamic, global cyber threats our nation faces today and how to manage the growing intersection between cyber and physical threat management. We have discussed how the cyber threat environment has evolved and become more sophisticated and increasingly impactful over time, exposing vulnerabilities in systems, platforms, and infrastructure. To conclude this month, we will be discussing how the cyber threat landscape has expanded and how it can impact individuals, families, and communities as well as private and public sector organizations.

As the scope of the cyber threat broadens, individuals are increasingly facing impacts from cyber incidents: Source

AN EMERGING THREAT

Cybersecurity has gained attention as a threat to infrastructure and systems in recent years, with several high-profile cyber attacks against major businesses, local governments, and federal agencies. The United States alone suffered an estimated 65,000 ransomware attacks in 2020. This onslaught of attacks has led private and public sector organizations to increase their system hardening measures and enhance cyber preparedness. However, as bad actors in the cyber field become more sophisticated, the scope of their attacks has expanded to include attacks with more direct impacts to everyday citizens and individuals, in addition to those against companies or governments.

Recent cyber incidents have shown the capacity of the cyber threat to create devastating consequences for individuals, both by targeting individuals directly, and by targeting systems critical to life safety and security. Following a recent ransomware attack on a hospital, a lawsuit alleges that the hospital’s failure to contain and report the incident adequately led to the death of a patient. In addition to attacks on hospitals, hackers have exploited medical technology vulnerabilities by using malware and ransomware to threaten data and systems connected directly to users’ medical devices (e.g., insulin pumps).

Impacts on individuals have also been seen in telecommunications, with cyber attacks limiting phone service in communities and in schools. The Wake County Public School System experienced a partial phone system outage following a cyber attack. The City of Walla Walla, Washington also experienced a disruption in phone service following a distributed denial-of-service (DDoS) attack. The potential downstream impacts of telecommunications outages, such as limitations on contacting emergency or other essential services, are severe. 

Attacks on school networks have become increasingly common as well, with attackers targeting students’ data for identity theft. This challenge is often exacerbated by limited reporting requirements for schools, meaning that parents may not be aware if their student’s information was exploited. The potential for outages related to cyber attacks also poses a risk to educational systems, as classes and other educational resources are increasingly provided online as a result of the COVID-19 pandemic.

EMERGING SOLUTIONS AND PROMISING PRACTICES

As we experience an increase in the frequency and severity of cyber attacks targeting or impacting individuals, private and public sector organizations will need to reconsider the meaning of cybersecurity and cyber preparedness to include not only the protection of their services, but also the protection of individuals who rely on them. Hagerty can support the implementation of promising practices and emerging solutions that are protecting users from the evolving cyber threats. 

  • Cyber Assessments: Enhancing your application of promising practices and emerging solutions should begin with a cyber assessment that includes an inventory of what resides on your network and identifies the level of protection and preparedness currently established by the organization or individual. It is important to understand the different levels of security that home and work devices may have and the cyber hygiene best practices that can enhance your protection. While the value of impenetrable passwords is clear, two-factor identification continues to see amplified importance after incidents such the Colonial Pipeline attack. Hagerty applies a comprehensive approach towards cyber assessments, ensuring data collection efforts that involve stakeholders and a thorough review of relevant documentation.
  • Cyber Policies: Individuals and organizations should ensure that they have developed cyber policies that assert responsibilities and principles associated with cybersecurity. With the growing threat from ransomware, it is critical to maintain and regularly test offline backups of data, as this measure can help ensure continued access to data and eliminate the need to pay ransom in the first place. Strong cyber policies help to reinforce cultural values for cyber threat awareness and prevention as well as supporting the implementation of cyber preparedness and response plans.
  • Cyber Plans: Hagerty supports the development of cyber plans with distinct focus areas, whether that be preparedness or response. Individuals and organizations should ensure a collaborative approach to planning that brings staff representing emergency management, business continuity, information technology/operational technology (IT/OT), and executive leadership together to determine which other partners must be engaged to maintain a coordinated approach to implementing action throughout the jurisdiction. With the increasing number of individuals who are also made victims by cyber attacks, the practice of planning is not restricted to organizations, and when a similar framework is followed, individuals can significantly increase their protection.
  • Cyber Training and Exercises: With cyber threats targeting individuals through increasingly frequent and sophisticated spear phishing attempts and individual vulnerabilities being exploited to target and disrupt organizations, the value of cybersecurity training and exercises is greater than ever. Hagerty has supported clients in building upon previous preparedness efforts to enhance organizational capabilities for cyber preparedness and response. Both bottom-up and top-down approaches offer value to building readiness against cyber threats. For instance, top-down efforts that focus on organizational leadership offer a unique opportunity for leadership to demonstrate that cyber is a strategic priority.

BUILDING A CULTURE OF CYBER THREAT READINESS

In addition to these promising practices and emerging solutions, contributing to a culture of cyber threat readiness is a key way to engage stakeholders and make progress toward reducing the impacts of cyber threats on individuals. Communicating the value and impact of cyber hygiene and other preparedness measures plays a critical role in establishing education and investments related to cybersecurity as a priority. 

Hagerty’s solution to cyber program management utilizes the Cyber Nexus Approach, which integrates existing practices and cultural values with the latest practices that build readiness against cyber threats. Whether your organization’s executive leadership is seeking support with building this culture, or you are seeking assistance with leveraging improvements in the maturity of your culture’s regard for cybersecurity, Hagerty is ready to help you strengthen your posture and reduce the impacts of cyber threats on your organization and those who rely on it.

Erin Bajema is Hagerty’s cyber sector co-lead and an emergency management professional with experience supporting several areas of emergency preparedness as an analyst, planner, evaluator, and instructional systems designer. Ms. Bajema has served on projects in a diverse range of subjects, including disaster recovery planning, housing, continuity of operations, hazard mitigation, active threat, evacuation, damage assessment, and cybersecurity.

Austin Barlow is Hagerty’s cyber sector co-lead as well as a planning, training, and exercise project manager with a background that includes disaster fieldwork, employment in support of all levels of government, and formal training and education in the development and implementation of emergency management policy. Mr. Barlow has led and supported national-scale projects, programs, and technologies, with a focus on strengthening whole community partnerships, addressing vulnerabilities, and building critical capabilities.

Managing Security Threats in the Cyber and Physical Realms

Emergency management and security practitioners have long worked to combat physical security threats, including those posed by active threat events. As our world becomes increasingly digital, these practitioners are facing an emerging threat type outside the physical realm: cybersecurity. As October is Cybersecurity Awareness Month, Hagerty wants to encourage the personnel and partners dedicated to emergency management to consider how cyber risk is evolving and they can use their existing skill sets to help combat that risk. Cyber risk is now a global security challenge.

Security threats are expanding their reach beyond purely physical attacks and into cyber assets: Source

As we examine the newly broadening aperture for threat management, consider the following incidents:

  • On Christmas Day of 2020, a recreational vehicle was intentionally detonated in Downtown Nashville, causing injuries and long-term damage to property, forcing over 60 businesses in the area to close. 
  • In January 2021, a hacker gained remote access to a computer associated with a water treatment plant in the Bay Area and deleted programs that were used to treat drinking water. While the incident was resolved in time to avoid serious impacts, the event could have resulted in illness, mass panic, and supply chain concerns.

Although each of these incidents has a different cause, both events had the potential to trigger cascading delays, damage to property, loss of life, and significant economic impacts. Knowing this, emergency managers and their partners can apply their experience developing physical security preparedness and response principles to the cyber threat.

UNDERSTANDING THE THREAT LANDSCAPE

While we often hear about physical security threats, such as active shooters and acts of terrorism, the emergence of cyberattacks represents not only an evolution of these known threats, but an expansion of the existing risk. In other words, criminals who wish to carry out acts of violence or commit crimes no longer need to leave their homes to do so. Moreover, those with nefarious intentions can now carry out attacks without access to the resources or organizational support that physical security threats may require.

The threat we now face is complex. The perpetrators of cyberattacks range from skilled hobbyists and small organized criminal groups to nation-state actors. Perpetrators have also demonstrated an ability and willingness to operate locally or at scale, from using electric vehicle charging points as a backdoor to home networks, to holding 45% of United States East Coast’s diesel, petrol, and jet fuel as part of the Colonial Pipeline ransomware incident that occurred earlier this year. Cyberattack victims also span sectors and are not always the most obvious targets. In some cases, nation-states have exploited expansive supply chain networks, including small businesses, in order to steal sensitive defense industrial information and undermine national security.

Cyber breaches can impact your organization’s finances, operations, or reputation, and the accumulated cost is not always easy to quantify. Following a cyberattack, organizations may have to consider whether they can afford to pay a ransom, whether they are able to restart operations, or whether they can ever rebuild the trust of customers. In addition, unlike the accoutrements associated with robust physical security, comprehensive cybersecurity can be challenging to demonstrate to your customers and the public.

Thinking about the impacts of cybersecurity on your organization can feel overwhelming. However, it is often the absence of basic cybersecurity preparedness protocols that can put your operations at risk. The Colonial Pipeline attack impacted the movement of over 10 million barrels of product, resulting in cascading fuel shortages across the Eastern Seaboard. Hackers held the firm to ransom thanks to the theft of a single password, enabled by the failure to use multi-factor authentication on a virtual private network. Robust cybersecurity measures and a quick, considered response can be the difference between success and failure.

HOW HAGERTY CAN HELP

Hagerty is here to help.  Our team of experts are on hand to support your organization as it prepares for and responds to the emerging cyber risks your organization faces. Our offerings will allow you to understand the threats and translate them into concrete remedial actions, such as cyber disruption plans, communications protocols, business continuity strategies, risk assessments, and more.

  • Programmatic Assessments: If your organization is unsure where to start in combating physical and cyber security threats, Hagerty can assess your current policies and procedures and offer tangible recommendations for improvement. 
  • Funding: Hagerty has a wealth of experience in identifying and securing funding in support of planning, training, and exercise activities. We are here to help you fund your preparedness and response activities.
  • Planning: Hagerty’s experience developing emergency preparedness operations plans in a range of sectors can ensure your policies account for the known unknowns, ultimately building your organizational resilience. Hagerty has worked with governmental and non-governmental organizations across the nation to develop planning products that establish functional procedures for threat preparedness and response based on best practices.
  • Exercises: Hagerty’s robust exercise design practice  includes experience in developing exercises that test capabilities in both physical and cyber threat response. These activities have resulted in actionable after-action reporting and enhanced organizational readiness.

Using these capabilities, Hagerty stands ready to enhance your organization’s cyber and physical security preparedness as you work to protect your organizations against risk. Visit https://www.cyberthreatready.com/ to learn more.

Making cyber preparedness a priority, and building capabilities together, we can all be #CyberThreatReady.

Erin Bajema is Hagerty’s cyber sector co-lead and an emergency management professional with experience supporting several areas of emergency preparedness as an analyst, planner, evaluator, and instructional systems designer. Ms. Bajema has served on projects in a diverse range of subjects, including disaster recovery planning, housing, continuity of operations, hazard mitigation, active threat, evacuation, damage assessment, and cybersecurity.

Austin Barlow is Hagerty’s cyber sector co-lead as well as a planning, training, and exercise project manager with a background that includes disaster fieldwork, employment in support of all levels of government, and formal training and education in the development and implementation of emergency management policy. Mr. Barlow has led and supported national-scale projects, programs, and technologies, with a focus on strengthening whole community partnerships, addressing vulnerabilities, and building critical capabilities.

Jonathan Davis is a Managing Associate at Hagerty Consulting, where he works on energy, security, and cyber issues. Mr. Davis recently joined Hagerty from the British Government.

Kelly Girandola is a Managing Associate in the Preparedness Division where she has contributed to a diverse portfolio of projects within Hagerty’s Security and Threat Management Sector, including multiple Complex Coordinated Terrorist Attack programs. Prior to joining Hagerty, Kelly worked for the Department of Homeland Security (DHS) as a Special Assistant to the Secretary in Washington, DC.

The Hagerty Advantage – Our People: Austin Barlow, Erin Bajema, and Agnieszka Krotzer

October is Cybersecurity Awareness Month and an important time to better understand the cyber risks you, families, businesses, and communities may face. Here, the Hagerty Cyber Team explains what they think are the most pressing cyber risks businesses and communities face today, answer questions about what led them to Hagerty, and discuss what they find rewarding about being in the field of cybersecurity.

How did your career path lead you to Hagerty Consulting?

Austin: I’m driven by two main things: opportunities to build a culture of preparedness and the integration between emergency management and emerging technologies. My passion for helping communities prepare for, respond to, and recover from disasters really cemented itself through my year of service as a Federal Emergency Management Agency’s (FEMA) Corps Team Leader. After my experience with FEMA Corps supporting New Jersey’s response to and recovery from Hurricane Sandy, I supported New York City Emergency Management’s (NYCEM’s) Ready New York program and became interested in education, training, and exercises. My Master of Public Administration (MPA) program at George Washington University (GWU) brought me back in touch with a former mentor from my time with American Red Cross and he introduced me to the world of consulting, where I met some of the wonderful role models and colleagues that would eventually familiarize me with Hagerty! Now I get to support Hagerty’s Preparedness Division by applying my experiences and expertise with planning, training, and exercises.

Erin: I started my career with Hagerty after graduating with a Bachelor’s in Global Studies, with a focus in security and cooperation. I had some experience in the nonprofit sector, but I was brand new to emergency management. Since then, I’ve had the opportunity to work on projects spanning our preparedness services, including plan development, exercise design, and instructional design. Some of my first projects were in cyber disruption planning, which led me to develop a deep interest in the interconnection between cybersecurity and overall community preparedness. 

Agnieszka: I joined Hagerty after receiving my Bachelor’s degree in International Politics with a concentration in national security and a minor in Arabic. I have experience working and interning with academic institutions, nonprofit organizations, and think tanks, mostly focused on research. Although I loved researching emerging threats, I wanted to concretely see how I could apply the concepts I was learning in a way that would help people, which is where Hagerty came in. I joined Hagerty as a Preparedness Associate in February 2021, supporting the active threat and cyber sectors. Since then, I have worked on plans, training, and exercises preparing for a range of threats, from a domestic terrorist attack to a nationwide attack on the electricity grid.

What do you find most rewarding about working in the field of emergency management, especially as a cyber professional?

Austin: Our world is shifting and evolving constantly, and it takes a lot of work from the whole community to remain resilient against the emergent threats that are growing with us. With the expanding role of cyberspace in our lives, the pace of technological change can feel staggering. I am grateful to be able to merge my interests and abilities in a way that allows me to support others with building capabilities and staying resilient against cyber incidents.

Erin: I find the ability to empower communities to make incremental changes that lead to long-term resilience as part of my job to be incredibly gratifying. This has been the case across the projects I’ve supported, from pre-disaster recovery planning, to active threat drills, to cybersecurity planning. When the world feels overwhelming, I take comfort in the ability to support those incremental changes that make communities more prepared to withstand disasters. This is no different with cybersecurity; as more and more of our lives move online and into the cloud, cyber incidents have the ability to affect so much more than just data and systems. I’m grateful that my job allows me to support progress toward creating more cyber secure communities.

Agnieszka: One of my favorite aspects of working in emergency management is engaging directly with stakeholders to create plans, trainings, and exercises that address critical threats in a way that best serves their communities. I have really enjoyed educating communities on complex concepts like cyber preparedness in a way that is relevant to their specific roles and their specific community. Beyond just delivering products, my teams at Hagerty have always strived to empower stakeholders with the knowledge and tools to create more resilient communities themselves, and I am grateful to be a part of that effort.

What do you think are the most pressing cyber risks businesses and communities face today?

Austin: Cyber attacks are growing in sophistication and variety, and we need to be prepared for that landscape to continue to evolve, as new threat vectors form and previous points of security become vulnerable or weaponized. Broadly speaking, the most pressing cyber risk that businesses and communities face today is: disruption. It is critical for businesses and communities to incorporate cyber incident considerations into efforts to plan, organize, train, exercise, and improve. Similar to emergency management, cybersecurity cannot succeed in a vacuum, and efforts involving the whole community are needed to maintain continuity in the face of future causes of disruption.

Erin: In our increasingly digital world, both business and communities are facing unprecedented cyber risks; both in the quantity of threats and the attack vectors available to malicious actors. However, I think one important risk to note is the risk that cyber-kinetic threats, or those threats with cascading impacts on both cyber and physical infrastructure, pose. These events have shown time and time again the need for pre-event coordination and communication, and I think those capabilities are something almost any business or community can work to enhance.

Agnieszka: I believe that one of the most pressing cyber risks to communities is the lack of understanding of cyber threats. Although cybersecurity is highly technical, community-level cyber preparedness should not be difficult to understand. We need to teach our communities how to protect themselves from data breaches or getting hacked in the same way that we teach our communities to stop, drop, and roll during a fire.

How can individuals do their part to be more cyber-aware?

Austin: The language of cyber, so to speak, is growing increasingly relevant. With that in mind, this is a question where I want to encourage learning how to fish, rather than simply offering a fish. I’d encourage embracing conversations and news topics that drift into unfamiliar or technical areas, and ask questions or research answers along the way. Next time you see or hear “cyber” mentioned, tune-in!

Erin: As fundamental as it sounds, basic cyber hygiene at home and at work are critical. As the cyber threat landscape becomes more complex and cyber threats become more sophisticated, the basic good habits of personal cybersecurity become all the more important. Being aware of your passwords, your authentication systems, and which of your home devices are connected to the internet is a great place to start!

Agnieszka: I think it is so important to understand how to protect your privacy online. If you have never done a full audit of what information about you is available to the public and what information you have given to companies (e.g., social media or fitness apps), I would highly recommend it. Google yourself (then try different search engines as the results will be different!) and think about what information you don’t want to be easily accessible or breached. Some simple things like deleting old social media posts, using an email address with no personal information in it, and disabling certain app permissions can make a big difference in the long run.

What are you passionate about outside of work?

Austin: I love to cook. I often find myself using food and kitchen related analogies at work. The kitchen is where I find space to be creative with ingredients and processes, and it’s fun being able to taste the outcomes. My other great passion is martial arts – I have been practicing Aikido since my high school years. I find sword-work particularly therapeutic.

Erin: After so much time spent inside in the past few years, I’ve rediscovered my love of nature. I spend as much time as I can hiking and camping in my free time!

Agnieszka: I love to bake! I worked as a baker in a cake pop shop in high school and the habit stuck. I recently baked my first apple pie of the season and am looking forward to more fall treats.

Austin Barlow is a planning, training, and exercise project manager with a background that includes disaster fieldwork, employment in support of all levels of government, and formal training and education in the development and implementation of emergency management policy. Mr. Barlow has led and supported national-scale projects, programs, and technologies, with a focus on strengthening whole community partnerships, addressing vulnerabilities, and building critical capabilities. 

Erin Bajema is an emergency management professional with experience supporting several areas of emergency preparedness as an analyst, planner, evaluator, and instructional systems designer. Ms. Bajema has served on projects in a diverse range of subjects, including disaster recovery planning, housing, continuity of operations, hazard mitigation, active threat, evacuation, damage assessment, and cybersecurity.

Agnieszka Krotzer is a preparedness associate at Hagerty. Formerly, she served as a Targeting/Open-Source Intelligence Analyst Intern with D4C Global LLC, responsible for researching intelligence practices in the Middle East related to nuclear proliferation to brief clients engaged in vulnerable industries. Her work in international relations has shaped her approach to preparedness, and she serves Hagerty on a series of projects related to after action reporting (AAR) and COVID-19 response and recovery.

THE HAGERTY ADVANTAGE – OUR PEOPLE: Rob Denaburg

October is National Cybersecurity Awareness Month (NCSAM), and, throughout the month, we are highlighting Hagerty employees working to support our cybersecurity needs. During this fifth and last week of NSCAM we highlight Rob Denaburg, a Senior Managing Associate on Hagerty’s Preparedness Team and a Hagerty’s Cyber Team Member.

Briefly tell us about yourself – how did your career path lead you to Hagerty Consulting?

I came to DC after graduate school without a job lined up because I knew I wanted to be in the nation’s capital. From there, my career took me down a few different paths – counterterrorism, management consulting, cybersecurity, and, most recently, a focus on critical infrastructure security and disaster response. For nearly the past four years, I examined threats to critical infrastructure resilience and the challenges associated with responding to complex catastrophes to help clients develop and implement solutions to them.

While I learned an incredible amount, worked closely with an outstanding mentor, and developed a genuine passion for resilience-related work, I’d been doing so from a very high-level, policy-focused perspective. I recently decided that I wanted to work with organizations on the ground and directly assist clients implement the policies and procedures I had been previously recommending to further improve their disaster preparedness. I came to Hagerty at the end of September to do just that.

What is something every individual or business should know about cybersecurity?

Cybersecurity is a constant and all-inclusive effort. There is no such thing as securing a system or network and being done with it. Adversaries will keep looking for new tactics and techniques to penetrate your defenses. Organizations must stay vigilant and keep looking for novel ways to counter innovative offensive strategies. Even as network security improves, attackers are increasingly targeting product supply chains and individual employees to try to gain a foothold. So, everyone within an organization must do their part to keep ahead of the bad guys.

What do you find most meaningful about the work you do here at Hagerty?

For many natural and manmade hazards, the question is not “if” but “when” an organization or government agency will be affected. As a member of Hagerty’s preparedness team, I know that we’re putting our clients in a position to succeed at a time when their ability to mitigate impacts and respond to a crisis are the most essential. In many cases, our work will help them save lives and minimize other societal and economic impacts when disaster strikes.

Rob Denaburg is an experienced consultant with a concentration in critical infrastructure security and disaster response. Mr. Denaburg has worked with public and private sector clients to minimize the societal, economic, and national security impacts of catastrophic infrastructure outages. He has advised policymakers and industry leaders on how to build resilience against severe natural and manmade hazards, and navigate cross-sector interdependencies in sustaining and restoring lifeline services.

The Future of Connected Devices: Building Resilience Against Catastrophic Impacts

Over the course of National Cybersecurity Awareness Month (NCSAM), Hagerty’s cyber team has discussed ways that individuals and organizations can enhance their cyber preparedness and resilience. As the month draws to a close, we look toward the future of connected devices and discuss a critical element of cyber resilience: protecting against the risk of sophisticated cyber-attacks causing catastrophic impacts to lifeline infrastructure. This post provides an overview of emerging cyber threats and the steps you or your organization can take to bolster cyber resilience and protect your infrastructure against them.

Internet of things and IT/OT Vulnerabilities

The connected devices we are increasingly integrating into our everyday lives provide countless benefits, but also create additional cyber risks. The rapid proliferation of internet-connected devices known as the Internet of Things (IoT) is creating economic efficiencies, reducing environmental impacts, and offering added functionality and convenience, from smart homes to entire smart cities. However, this proliferation broadens potential attack surfaces and introduces new cyber vulnerabilities.

This trend of connectivity is also occurring in the lifeline infrastructure sectors we rely on to sustain public health and safety, the economy, and national security. The industrial and operational technology (OT) systems that are fundamental to the operation of our power grids, water and wastewater systems, communications networks, and other lifeline infrastructure are increasingly connected to information technology (IT) networks. As with consumer and business applications, this IT/OT convergence provides greater efficiency, along with improved situational awareness and remote operation capabilities; however, this connectivity also increases OT systems’ cyber vulnerabilities. More specifically, adversaries could leverage this connectivity to gain access to industrial networks, disrupt infrastructure operations, and even cause physical damage.

The Threat Landscape

The ability to penetrate and mis-operate OT systems is a key step in the evolution of cyber-attacks against lifeline infrastructure. Adversaries are developing sophisticated cyber capabilities to leverage these vulnerabilities with the goal of disrupting industrial processes and systems to cause outages – and in some cases, physical damage. The following trends and emerging attack vectors highlight the growing potential for destructive cyber-attacks on infrastructure systems that result in cascading failures:

  • Threats to the United States (US) Homeland: A summary of the 2018 National Defense Strategy warns that the US homeland is “no longer a sanctuary,” and that we should anticipate attacks on lifeline infrastructure in future conflicts. US intelligence agencies believe that our near-peer adversaries in the cyber realm (e.g., Russia and China) already have the ability to cause localized infrastructure disruptions and are continually improving their cyber-attack capabilities. Those adversaries likely have incentives to hold their most disruptive capabilities in reserve to avoid the identification of countermeasures.
  • Industrial Control System (ICS) Attacks: Adversaries are increasingly designing malware that targets ICS and other OT assets that organizations use to operate their infrastructure. Recent high-profile incidents have hinted at the potential impacts of major cyberattacks on infrastructure systems. The 2015 and 2016 attacks on Ukraine’s power grid caused brief but relatively widespread outages, demonstrating capabilities that could be employed for increasingly destructive attacks in the future. In the years since, ICS attacks have grown more frequent and more severe.
  • Compromising Infrastructure Supply Chains: Adversaries are seeking to corrupt the supply chains for hardware, software, and firmware components in all lifeline sectors. Nearly all infrastructure systems rely on similar ICS hardware and software components produced by a small number of vendors. Compromising just one of those vendors could introduce vulnerabilities in a wide range of organizations. Cyberattacks that leverage corrupted ICS supply chains could affect a great number of infrastructure systems in multiple sectors across the nation simultaneously.
  • Re-Attacks During Restoration: Unlike a hurricane or other natural disasters, the end of the hazardous condition means the end of new first-order impacts on infrastructure systems. However, if adversaries can use cyber-attacks to cause infrastructure outages, they will likely have the access and capabilities to conduct follow-on attacks that disrupt restoration efforts. These disruptions can be particularly problematic in the electric industry; as power outages persist, other lifeline systems that depend on grid-provided electricity may exhaust their backup power capabilities, causing catastrophic cascading failures.
  • Opportunistic Cyberattacks: Similar concerns exist in the aftermath of natural disasters. While an adversary is unlikely to attack US lifeline infrastructure – risking severe US retaliation – in the wake of just any natural hazard, if a major earthquake or hurricane struck US systems in the midst of a regional geopolitical conflict, adversaries could greatly exacerbate the impacts of that event by conducting attacks on lifeline systems as restoration progresses.
  • Cascading, Cross-Sector Outages: One major issue that crosses all potential risks and threats is the growing interdependency between infrastructure sectors. These sectors and the lifeline infrastructure they serve are increasingly interdependent and vulnerable to cascading failures. For example, while nearly all critical systems rely on power to operate, the electric industry also requires fuel for power generation (i.e., natural gas), water, transportation, and other services to function. Without power, these sectors will not be able to provide the services that grid operators need to produce power.

Adversaries are likely to target these interdependencies in an attempt to create widespread, long-lasting, and mutually reinforcing outages. Unlike natural hazards, adversaries can carry out attacks that strategically impact single points of failure or attack multiple sectors simultaneously to exploit interdependencies. Simultaneous disruptions in multiple sectors have the potential to pose enormous challenges for infrastructure owners and operators.

As potential cyber vulnerabilities and impacts grow in line with offensive cyber capabilities, cyber-attacks on lifeline infrastructure that cause cascading failures are increasingly possible. However, it is important not to overstate current threats. While daunting, achieving the complex attack scenarios described above would require extreme sophistication. Therefore, while these ‘worst-case’ scenarios are theoretically plausible, a successful attack of this scale and magnitude is currently unlikely.

Building Cyber Resilience

While the threat of catastrophic impacts from a cyber-attack is significant, infrastructure owners and operators, government agencies, and the people they serve can take steps to bolster their resilience against sophisticated cyber threats. Resilience is not the ability to stop all disruptions before they occur; while system hardening and other protections are crucial, no cyber defenses are perfect. Hagerty defines resilience as:

A community’s ability to withstand, recover from, adapt to and/or advance despite acute shocks and long-term stressors.

To build resilience, the whole community must engage in efforts to secure their systems and work across sectors to protect against and mitigate catastrophic impacts. Communities can take the following steps to build their cyber resilience:

  • Securing connected devices: Rather than attempting to reverse the trend of increasing internet connectivity, individuals, product developers, and infrastructure organizations should work to ensure the security of those devices. At an individual level, keeping internet-connected devices updated with the latest software and avoiding phishing scams that may provide network access to attackers can help reduce potential vulnerabilities. The companies developing IoT devices should ensure they are designed and developed with security in mind. For infrastructure owners and operators, accounting for the increased risks to OT systems in cybersecurity plans and capabilities can help protect the lifeline infrastructure that sustains communities.
  • Engage in cross-sector planning and prioritization: When catastrophe strikes, no organization will be able to manage the crisis alone. Communities need to be aware of the functional interdependencies that exist and requirements for cross-sector support. In some sectors, multi-sector planning is taking place to understand these interdependencies and their implications in a disaster. For example, senior leaders from the electricity, communications, and finance industries convene in a Tri-Sector Executive Working Group to manage collective risks and build incident response playbooks. The Federal Emergency Management Agency (FEMA) has also created Emergency Support Function (ESF) #14 – Cross-Sector Business and Infrastructure to support cross-sector operations and manage competing priorities for scarce resources across sectors. Detailed pre-planning and coordination across all sectors will be necessary to improve our collective preparedness against major hazards and protect communities across the nation from the most severe impacts in future catastrophes.
  • Ensure supply chain integrity: While a great number of cyber threat vectors exist for lifeline infrastructure systems, a successful supply chain-based attack on ICS components in multiple interdependent sectors could lead to widespread cascading failures. Industry and government organizations have begun to set standards, create regulatory requirements, and establish best practices to improve cyber supply chain risk management (SCRM). Given the potential impacts of a supply chain-based attack, government agencies and infrastructure companies should sustain or advance efforts to ensure the integrity of their supply chains.

The current cyber threat landscape and interconnected nature of our increasingly digital world requires that individuals, governments, and infrastructure organizations work together to protect against potential cyber-attacks and their physical impacts. In doing so, we can help create a future of connected devices that contributes to economic optimization, environmental sustainability, and overall community health while remaining secure and resilient against cyber risks.

Hagerty Can Help

Hagerty’s team has expertise in both cybersecurity and infrastructure resilience. Hagerty can provide planning, training, exercise, and assessment services to support you and your organization in building cyber preparedness and reaching for resilience. For more information, contact us.

Rob Denaburg is a Senior Managing Associate in Hagerty’s Preparedness Division. Rob is new to Hagerty but has worked with public and private sector clients to minimize the societal, economic, and national security impacts of infrastructure outages. In a previous role, he advised policymakers and industry leaders on how to build resilience against severe natural and manmade hazards, especially sophisticated cyber-attacks on lifeline systems.

Erin Bajema is a Managing Associate in Hagerty’s Preparedness Division. Erin is emergency management professional with experience supporting several areas of emergency preparedness as an analyst, planner, evaluator, and instructional design administrator. She has served on projects in a diverse range of subjects, including disaster recovery planning, housing, continuity of operations, hazard mitigation, active threat, evacuation, damage assessment, and cybersecurity.

Michelle Bohrson is a Managing Associate in Hagerty’s Preparedness Division. She primarily supports pre- and post-disaster recovery planning and hazard mitigation planning projects. Additionally, Michelle earned her Master’s Degree in Urban and Regional Planning (MURP) from the University of Michigan and is based out of the Austin, TX office.

THE HAGERTY ADVANTAGE – OUR PEOPLE: Erin Bajema

October is National Cybersecurity Awareness Month (NSCAM), and, throughout the month, we are highlighting Hagerty employees working to support our cybersecurity needs. During this fourth week of NSCAM we highlight Erin Bajema, a Managing Associate on Hagerty’s Preparedness Team and a Cyber Deputy on Hagerty’s Cyber Team.

Briefly tell us about yourself – how did your career path lead you to Hagerty Consulting?

I started with Hagerty as an intern in our Austin office immediately after graduating with a Bachelor’s degree in Global Studies from St. Edward’s University in June 2018. I had worked for the non-profit sector previously, but I had no experience in emergency management. From there, I was able to learn all about the field hands-on, by jumping headfirst into a variety of preparedness projects as an intern, and then as an Associate in our Evanston office starting in August 2018.

I’ve been able to work on a diverse range of projects since then, from plan development on topics like pre-disaster recovery, damage assessment, cost recovery, post-disaster housing, and cybersecurity—to exercise design and facilitation. Coming into the field with fresh eyes allowed me to really think critically about the role of emergency management, and to learn and develop my own expertise by doing, which was perfect for me as an experiential learner. I was promoted to Managing Associate in January 2020, and since then I’ve had the opportunity to explore our federal service line in supporting the Federal Emergency Management Agency (FEMA) Workforce Development Division and to dive into more projects supporting the electrical grid, the private sector, and local governments. I’m excited to continue to learn and grow in this incredible field!

What is something every individual or business should know about cybersecurity?

I think the most important thing I learned when I started working with clients on cybersecurity projects is that you don’t need to be a tech wizard to practice good cyber hygiene or protect yourself from cyber threats. As our world becomes increasingly interconnected, it falls to each of us to take the initiative to protect our devices, stay vigilant for malicious cyber activity, and stay up to date as the threat landscape evolves. Cyber incidents have the ability to impact so many parts of our lives and so many areas of the emergency management field, so it’s critical that we all do our part to move cyber preparedness forward. 

What do you find most meaningful about the work you do here at Hagerty?

To me, there’s great power in taking small steps. What feels most gratifying to me about the work I do here at Hagerty is helping our clients make those small steps that lead to better preparedness that can ultimately save lives, protect our critical infrastructure, and build more resilient communities. It often feels so easy to get overwhelmed with the state of the world, but it’s affirming to me to know that the work I do can help real people and affect change.

Erin Bajema is an emergency management professional with experience supporting several areas of emergency preparedness as an analyst, planner, evaluator, and instructional design administrator. Ms. Bajema has served on projects in a diverse range of subjects, including disaster recovery planning, housing, continuity of operations, hazard mitigation, active threat, evacuation, damage assessment, and cybersecurity.

DO YOUR PART, BE CYBERSMART: HEALTHCARE SYSTEMS SEE INCREASED ATTACKS WITH COVID-19

In last week’s National Cybersecurity Awareness Month (NCSAM) post, Hagerty discussed common cyber-attacks as well as the rise in individual and organizational cyber risk during this unprecedented year, and how individuals can improve their personal and professional cyber hygiene. Similarly, the healthcare sector has faced additional challenges and an uptick in cyber incidents in 2020.

COVID-19, HEALTHCARE, AND CYBER-CRIME

While cyber threats to the healthcare industry are not new, the COVID-19 pandemic and its impacts on individuals and organizations has increased the cyber risks for healthcare systems. The influx of new internet-connected devices (e.g., medical systems, equipment, sensors), unmanaged personal devices, and remote access points in healthcare facility networks increase their attack surface and vulnerabilities for attackers to exploit. Malicious actors are also using COVID-19 as the ‘lure’ for a growing number of phishing attempts. Additionally, COVID-19 may also provide additional incentives for cyber criminals and other adversaries to target healthcare facilities and systems.

COVID-19 Screening Tool: Source

In particular, attackers are increasingly using ransomware to target hospitals and other healthcare facilities. Ransomware is a form of malware that infects and restricts access to computers and data until or unless the targeted organization pays the attacker a ransom. In the healthcare sector, these attacks can impact information technology (IT) systems, patient data, medical response, and patient safety. Between July and October 2020, the daily average number of ransomware attacks across all sectors in the United States (US) was up by 98 percent. One sophisticated Ransomware variant known as Ryuk is affecting the healthcare industry more than any other sector in the US.

Some recent examples of cyber-attacks on healthcare systems highlight this trend.

  • Ransomware Attack on Large US Hospital Coalition: In September 2020, attackers hit Universal Health Services, which operates nearly 70 acute care and outpatient facilities nationwide, locking down servers and phone lines across associated hospitals and potentially exposing significant amounts of patient data and personally identifiable information. This attack follows dozens of similar incidents across the US.
  • Lethality of Ransomware Attacks on Healthcare Facilities: A ransomware attack targeting a German university which affected its hospital was the first in which a patient’s death was attributable to a cyber-attack. However, studies suggest that hospitals impacted by ransomware typically face an uptick in patient mortality – even if the effects are indirect.
  • Attacks on Other Healthcare Systems: In addition to hospitals, other healthcare organizations at the forefront of the global response to COVID-19 have fallen victim to cyber-crimes, including companies involved in clinical vaccine trials and development of rapid testing capabilities.
  • Attacks on Supply Chains: Attackers have also targeted the supply chains for healthcare companies’ software and hardware products, including products used to manage industrial control system assets and patient information in hospitals.
  • Emerging Ransomware Tactic: A new ransomware tactic is emerging called “double extortion,” in which attackers extract large quantities of sensitive commercial data before encrypting the victims’ databases, threatening to leak it unless the ransom is paid. This approach is an attempt to circumvent the use of frequent backups that companies can restore to as a common defense against ransomware.

WHY HEALTHCARE SYSTEMS

The healthcare sector is not merely being caught in the crossfire of normal cyber activity; attackers are choosing these targets because they believe the pandemic has increased healthcare facilities’ incentives to acquiesce to ransom demands. COVID-19 has increased intake rates, heightened patient load, and burdened intensive care unit (ICU) capacity in health systems worldwide. With this increased operating demand, attackers see an opportunity to extort hospitals and other healthcare facilities for a more significant and/or quicker payment.

CONSIDERATIONS FOR HEALTHCARE SYSTEMS

There are important steps that individuals and organizations in the healthcare sector can take to reduce and mitigate cyber threats. Hagerty has identified four important pillars to help organizations #BeCyberSmart:

  • Ensure Employee Awareness: Employees at hospitals and other healthcare facilities need to be able to identify and avoid phishing attempts and other tactics, techniques, and procedures that attackers use to gain access into their organization’s networks. Companies can help ensure their staff are prepared by conducting training and occasional testing.
  • Secure Networks and Devices: As hospitals and other healthcare facilities continue to adapt to teleworking and telemedicine, it is important to ensure that any changes to their network infrastructure and connecting new devices into their network is done with extreme vigilance. Where possible, the use of managed devices instead of connecting employee devices can reduce the risks to company networks. Segregating corporate/IT networks from operational technology networks can also help healthcare providers limit the impacts of potential network breaches.
  • Practice Cyber Hygiene: Basic cyber hygiene best practices can help secure healthcare organizations against attack. The National Institute for Standards and Technology (NIST) Cybersecurity Framework and associated standards and best practices provide a valuable starting point. Adhering to least privilege access controls, keeping software up to date, and frequent backups can go a long way in securing against ransomware and other malware.
  • Strengthen Incident Response Planning: Even with proper protections in place, organizations may still fall victim to a successful cyber-attack. Companies should ensure they are prepared for such a worst-case scenario. By developing an incident plan that clearly roles and responsibilities, processes and procedures, triggers and thresholds, and other aspects of incident response, companies can minimize the impact that a successful cyber-attack will have on their organization. Exercising these plans can further improve response capabilities.

HAGERTY CAN HELP

Hagerty has the experience and expertise to support organizations in cybersecurity preparedness efforts, as well as pandemic planning, business continuity, and Continuity of Operations (COOP). We stand ready to help with your organization’s assessment, planning, training, and exercise needs to enhance cybersecurity and emergency response strategies amid the evolving COVID-19 pandemic response. To learn more about our cybersecurity service line, contact us or visit our cybersecurity microsite to utilize our free Cybersecurity Assessment Tool that will evaluate your current cyber capabilities.

Rob Denaburg is a Senior Managing Associate in Hagerty’s Preparedness Division. Rob is new to Hagerty but has worked with public and private sector clients to minimize the societal, economic, and national security impacts of infrastructure outages. In a previous role, he advised policymakers and industry leaders on how to build resilience against severe natural and manmade hazards, especially sophisticated cyber-attacks on lifeline systems.

Ruth Anne Holiday is a Managing Associate at Hagerty, supporting both the Preparedness and Recovery Divisions. Ruth Anne was instrumental to Hagerty’s Long-Term Recovery Planning support for the City of Panama City, developing the City’s Unmet Needs Assessment which quantified Hurricane Michael’s impact on the community. Ruth Anne serves on the Situational and Status Blog Team, providing timely updates on major events and disasters impacting communities around the nation. Prior to Hagerty, Ruth Anne supported community-building preparedness initiatives and COOP activities, exercise and workshop development, and strategic recovery planning.

DO YOUR PART, BE CYBERSMART: HOW CYBER HYGIENE CAN PROTECT YOU

October is National Cybersecurity Awareness Month (NCSAM), so now is a great time to focus on ways to protect and secure your cyberspace. Throughout the month, the Hagerty Cyber Team will provide educational resources with the goal of increasing individual and business cybersecurity awareness in a world where cyber hygiene and security online is essential.

If You Connect It, Protect It

Today, you likely have access to an Internet-connected device. This year, due to the COVID-19 pandemic, most workplaces have gone partially or fully virtual; so, you likely have more than one device storing personal and/or sensitive information online. While your Internet-connected devices may vary (e.g., laptops, desktops, cellphones), if you apply basic principles of vigilance and protection, they can all be better prepared to safeguard against malicious activity.

CISA NCSAM Graphic

Some may think that cyber incidents largely target companies or governmental agencies. However, many individuals are victims of cyber-attacks that can result in stolen data, money, or even open the door into their workplace to gain corporate information.

Wi-Fi is a wireless networking technology that allows devices to interface with the Internet. It lets these devices exchange information with one another, creating a network of Internet connections and users.

Now more than ever, it is important for individuals, businesses, and communities to have readily available access to Wi-Fi; however, you must be careful of connecting to the Internet in a non-secure, public setting. Often, public Wi-Fi networks are not password protected, providing greater access to malicious actors seeking to attack your online accounts, devices, personal information, and data. Therefore, it is always safest to set up a secure, personal network with password protection. Many individuals may not be aware of their vulnerabilities online, but there are so many resources available to help bring awareness and safety.

If you are not already considering ways to protect yourself against potential cyber-related attacks, now would be the time to start thinking about it! Maintaining your cyber hygiene is essential to mitigating an attack. Think of a plan and put it to practice! The Federal Emergency Management Agency (FEMA) and the Cybersecurity and Infrastructure Security Agency (CISA) encourage individuals to be prepared for a cyberattack by practicing cyber hygiene.

Pulling from these materials, here are some habits that you can personally adopt that can help prepare for and even mitigate against a cyber incident:

  • Install credible anti-virus and anti-malware software onto your devices that regularly scan and alert you of anything suspicious.
  • Be mindful of your Wi-Fi connection. Your personal Wi-Fi that has a password is safer than non-secure, public Wi-Fi. For more information, read the Federal Trade Commission article Securing Your Wireless Network.
  • ALWAYS be aware of your cyber surroundings. If an email seems out of place or an offer seems too good to be true, it usually is.
  • Create strong passwords to help mitigate against cyberattacks.
  • Report attacks to the FBI’s Internet Crime Complaint Center.

What to Look Out For

Cyber incidents are often tailored to accomplish varying outcomes based on the characteristics of the targeted group. For example, attempting to acquire insider trade information from a large bank requires different tactics than stealing an individual’s personal financial information.

The following list includes some of the most common cyber-attacks to be aware of:

  • Phishing and Spear Phishing: This common tactic is employed through email. Here, the malicious actor can lure an individual into clicking on a link which looks legitimate but can grant them access to your device. You can avoid being a victim by double-checking links, and only contacting a person or business through the official and legitimate phone number or website.
  • Drive By: Hackers use this by placing a USB drive in a strategic area, usually one with substantial foot traffic, in the hopes that it will be picked up, and out of curiosity, be placed it in a computer. This usually unleashes malware that uploads a damaging virus. Never use hardware with unknown origins.
  • Denial-of-service (DoS) and distributed denial-of-service (DDoS): Unlike other forms of attack, DoS or DDoS provides minimum benefits to the malicious actor but provides mass disruption. When this attack occurs, a system is overwhelmed, and services are denied.
  • Man-in-the-middle (MitM): Malicious actors can inject themselves between the user and server to communicate directly while hiding behind the system.
  • Password: A user’s password is often a gateway to other personal identifiable information (PII). Passwords are often procured through unencrypted network access, open databases, social engineering ploy, or outright guessing. Creating strong passwords means using a combination of numbers, letters, symbols and not duplicating the same one for multiple accounts.
  • SQL injection: This attack requires the malicious actor to inject a SQL query into a data-base driven website to read or modify sensitive data.
  • Cross-site scripting (XSS): In this instance, the attacker might deploy cookies or malicious script into the user’s browser to extract information or conduct a hijacking session.
  • Eavesdropping: In these instances, attackers intercept network traffic to obtain PII.
  • Birthday: An attacker can manipulate the message digest (MD), replacing the user’s message with the attackers.
  • Malware: This happens when the attacker places malicious software into the user’s system without consent. To protect yourself, remember to take basic precautions.

Attacks also very frequently target the workplace and larger businesses. These certainly look different than if an attacker is targeting just an individual. One of the more typical types of cyber-attacks on a larger group or organization is called a Denial of Service (or DoS) attack. Common DoS attacks are when websites of places like governmental bodies or banks are flooded with heavy traffic, preventing legitimate users from accessing information or communication. Usually from your end, these attacks appear as slow network connections. However, they are much more malicious than that. To learn more about DoS attacks, you can read CISA’s article on Understanding Denial-Of-Service Attacks.

@US-CERT alert via Twitter

Equipping yourself with more cyber knowledge gives you a huge advantage online. In today’s increasingly digital world, NCSAM is a time to reflect on our individual cybersecurity – remember to always stop and think before you connect.

Hagerty Can Help

Hagerty Consulting, Inc. (Hagerty) has the experience and expertise to support organizations in cybersecurity preparedness efforts, as well as pandemic planning, business continuity, and Continuity of Operations (COOP). We stand ready to help with your organization’s assessment, planning, training, and exercise needs to enhance cybersecurity and emergency response strategies amid the evolving COVID-19 pandemic response. To learn more about Hagerty’s cybersecurity service line, contact us or visit our cybersecurity microsite to utilize our free Cybersecurity Assessment Tool that will evaluate your current cyber capabilities.

Joely Bertram is an Associate in the Preparedness Division working out of Hagerty’s office in Washington, D.C. Joely has experience assisting with standard operating procedures, planning exercises, and cybersecurity policy. At Hagerty, she has also worked on research and analysis pertaining to proposals and comprehensive emergency management plans.

Ruth Anne Holiday is a Managing Associate at Hagerty, supporting both the Preparedness and Recovery Divisions. Ruth Anne was instrumental to Hagerty’s Long-Term Recovery Planning support for the City of Panama City, developing the City’s Unmet Needs Assessment which quantified Hurricane Michael’s impact on the community. Ruth Anne serves on the Situational and Status Blog Team, providing timely updates on major events and disasters impacting communities around the nation. Prior to Hagerty, Ruth Anne supported community-building preparedness initiatives and COOP activities, exercise and workshop development, and strategic recovery planning.

National Cybersecurity Awareness Month: Do Your Part, Be Cyber Smart

The Internet touches almost all aspects of our daily lives. Now more than ever, we are spending increasing amounts of time online and connecting more devices to the Internet, making our cyber space safety and security even more important.

The lifeline systems we rely on daily are also increasingly connected to the Internet, making them more vulnerable to risks from cyberattacks. Despite significant and continued progress by infrastructure operators in the energy, water, communications, transportation, and other critical sectors to harden their systems, our adversaries are seeking to exploit this connectivity to carry out disruptive attacks.

October is National Cybersecurity Awareness Month (NCSAM), providing all of us an opportunity to stop and think about our virtual presence and how we can better protect ourselves and our businesses online. This year’s campaign theme is Do Your Part: Be Cyber Smart and throughout the month, the Hagerty Cyber Team will be sharing some best practices and tips we have learned supporting our clients as they prepare for, respond to, recover from, and mitigate against cyber threats.

In 2017, Hagerty developed our Cyber Nexus Approach (CNA) — a programmatic approach to cyber incident management that conforms with national best practices and standards and harnesses the key expertise of critical stakeholders.

Information Technology Team

CNA is a framework for public and private sector organizations and companies responsible for building a cybersecurity program that empowers its users by ringing key cybersecurity stakeholders together to bridge knowledge gaps; and facilitating information-sharing and collaboration across areas of expertise while enabling each stakeholder to perform the tasks they do best.

By incorporating new stakeholders into what are conventionally considered information technology (IT) activities and exposing emergency managers to a novel approach to cybersecurity program management, CNA dissolves boundaries of individual roles to expand the responsibility of cyber preparedness across disciplines within an organization or jurisdiction and provides a collaborative and task-oriented framework to unify efforts across unique areas of expertise (such as management and technical support or emergency management and IT).

Meet the Hagerty Cyber Team!

To learn more about how Hagerty can help your organization visit cyberthreatready.com.

Spotlight on Cyber: The Role of Cybersecurity in COVID-19 Response

Throughout the response to the COVID-19 pandemic, cybersecurity has had an increasingly important role in providing platforms for essential services, protecting data and systems, and helping organizations adapt to a new normal. As services and data move online and into the cloud, there is a heightened focus on cybersecurity and how organizations can enhance their cyber preparedness capabilities. The following details three key ways that the role of cybersecurity has grown and evolved during the COVID-19 pandemic.

Kaitlyn Baker: Unsplash

The Evolving Role of Cybersecurity

  1. Increased Cyberthreats.

Cyberthreats have risen as cybercriminals seek to take advantage of the pandemic with malicious cyber activity. According to an alert from the Cybersecurity and Infrastructure Security Agency (CISA), cybercriminals used content related to COVID-19 to deploy malware, phishing attacks, and malicious domain names. Sentinel Labs also noted an increased number of attack campaigns using the Trickbot and Formbook platforms, with a focus on malicious applications targeted at teachers searching for online educational tools. Other attack types have used links purporting to contain information about COVID-19 family leave, tax relief, or package shipping.

Cyberthreats are expected to continue to rise as the pandemic persists. According to a report on the global cyberthreat landscape, the International Criminal Police Organization (INTERPOL) projects an increase in malicious cyber activity such as online scams in response to the economic downturn that has accompanied the pandemic. This rise in cyberthreats has increased the need for security measures, as well as emphasized the importance of recognizing the signs of a malicious link or download.

  1. Widespread Use of Online Services and Platforms.

Due to stay-at-home orders and social distancing measures, many services and functions have been moved online or into the cloud. As these services are relocated to online platforms, security measures must be put in place to protect them. With an increase in remote work, hijacking or “bombing” of video conferencing tools has become a common threat, allowing sensitive data to be accessed by unauthorized users and published to public forums. Some services that involve personal data, like driver license registration, have also been encouraged to move online to increase accessibility and limit unnecessary travel. This has created new vulnerabilities that must be counteracted with appropriate security measures.

The vulnerability of online platforms and data has created a higher demand for cybersecurity services, with an expected 12% compound annual growth rate in the cybersecurity market between 2019 and 2021 and 70% of organizations expecting to increase cyber security spending following the pandemic. This growth signals a greater role for cybersecurity within a diverse range of sectors; as more organizations choose to digitize services, they will require measures to secure their services, platforms, data, and users from cyberthreats.

Mati Flo: Unsplash

  1. Rising Need for Innovative Solutions.

During the pandemic, public and private sector entities have been called upon to develop new systems, policies, and protocols to meet emerging needs. Cybersecurity professionals have been vital to supporting the implementation of new and innovative programs. Some state governments, such as Montana, have introduced new chatbot systems to answer resident questions and reduce the number of support calls made to government offices.

In other cases, creating innovative solutions has involved addressing the cyber inequities revealed by COVID-19. As sectors such as education and healthcare move online, lack of access to broadband has deepened existing disparities. According to the EdWeek Research Center, 64% of school district leaders with a larger (more than 75%) proportion of low-income students said lack of technology access among students was a “major challenge” to teaching. In response, solutions to increase internet access, such as school buses retrofitted with WiFi hotspots, have been established. As stay-at-home orders and closures remain in effect, cybersecurity stakeholders will be key partners in creating solutions to meet emerging needs.

WHAT CAN YOUR ORGANIZATION DO?

As organizations continue their response to the COVID-19 pandemic, it is important to re-evaluate current protocols and postures, identify vulnerabilities, and implement solutions to address gaps in the area of cybersecurity. Consider the following recommendations for enhancing your organization’s cybersecurity for the current threat landscape:

  • Use a risk assessment to evaluate your organization’s vulnerabilities and prioritize ways to minimize risks. This provides your organization with a better understanding of its risks while allowing you to determine short, intermediate, and long-term goals for increasing cyber resilience while managing competing response priorities.
  • Foster collaboration between cybersecurity stakeholders and response partners. Diverse stakeholders will need to work together to identify effective solutions to emerging issues. Cybersecurity stakeholders should be prepared to coordinate with public and private sector partners to implement measures that contribute to cyber preparedness.
  • Establish a continuity of operations plan. As organizations seek to maintain their essential functions during the pandemic, continuity of operations (COOP) plans can serve a critical role in directing activities and defining roles and responsibilities. Organizations can use these COOP plans to identify priorities and ensure cybersecurity considerations are integrated in their operations.
  • Document lessons learned and areas for improvement. While many steady-state projects are currently on hold, organizations can plan for recovery by taking note of their gaps and successes in managing cybersecurity during pandemic response. Documenting lessons learned will support activities like cybersecurity planning, training, policy development, and exercise design in the future.

Hagerty Consulting, Inc. (Hagerty) has the experience and expertise to support organizations in cybersecurity preparedness efforts, as well as pandemic planning, business continuity, and COOP. We stand ready to help with your organization’s assessment, planning, training, and exercise needs to enhance cybersecurity and emergency response strategies in the midst of the evolving COVID-19 response. To learn more about Hagerty’s cybersecurity service line, contact development@hagertyconsulting.com or visit our cybersecurity microsite and use our free Cybersecurity Assessment Tool to evaluate your capabilities.

 

Erin Bajema is a Managing Associate in the Preparedness Division working out of Hagerty’s headquarters in Evanston, Illinois. Erin has supported planning and exercise design initiatives across a diverse range of subject areas including cybersecurity, pre-disaster recovery and redevelopment planning, cost recovery, housing, damage assessments, active threat, and air transit.