In the aftermath of a natural disaster, such as a storm, wildfire or earthquake, businesses enter crisis mode. It’s in this period, when leaders are scrambling to deal with damage or losses, that cyber criminals are likely to strike.
Natural catastrophes can set the stage for cyberattacks because they leave people and organizations vulnerable, warned Mark Hubbard (pictured), SVP – IT, First Onsite Property Restoration.
Threat actors are seizing such opportunities to launch well-timed attacks. “They take advantage of the fact that there is tension in the organization and attention is focused on recovering from a catastrophic situation,” said Hubbard.
Aside from impacting businesses, cyber criminals could prevent first responders, utilities, or government agencies from mobilizing after the disaster, creating a domino effect of misery.
It’s critical that all organizations include a cybersecurity plan in their overall disaster recovery strategy, Hubbard told Insurance Business.
“The plan should not only cover the technology infrastructure that’s in place to support the business, it should also cover the business processes of the organization and the employees executing those business processes,” he said.
“[Cybersecurity] should be part of an end-to end business plan around disaster recovery.”
Natural disasters create footholds for cyber criminals to hack IT systems, according to Hubbard. Ransomware attacks, data breaches, and social engineering attacks are common weapons used to infiltrate vulnerable organizations.
When a storm causes IT infrastructure to fail, for example, an organization might begin running from their back-up systems. But if these systems don’t have robust protection in place, they become open to data breaches.
“They back up their data to be able to run from a disaster recovery site, and that’s where we would see some of the data breaches come from,” Hubbard said.
“If an organization’s strategy doesn’t include encrypting their backups, and they’re trying to get that data to another location, they may unintentionally lose data along the way.”
Additionally, employees might be distracted or emotionally distressed following a disaster, making them more likely to fall for social engineering attacks or click on phishing links, Hubbard warned.
“People are more apt to fall for those threats because they’re just trying to do whatever they can to recover from the situation,” he said.
Prevention and preparation are key to keeping businesses and individuals protected from cyber threats during a catastrophe.
One of the first – and best – steps leaders can take to prepare for cyber incidents is to test their business continuity and disaster recovery plans, according to Hubbard. These plans should be created and communicated well in advance of any threat and include employee education.
“Testing their back-up systems, ensuring they’ve got adequate plans in place, and doing tabletop exercises: these pre-planning processes are extremely important,” he said.
“They take some pressure off you [in the event of a disaster] because you’ll know who’s doing what, who you need to call, and how you need to respond.”
Employees should be reminded to monitor credible news sources and have their guard up when assessing emails or links that look suspicious.
In terms of infrastructure, organizations should have intrusion detection measures in place across systems, including back-ups, he suggested.
“It’s important to know your technology ecosystem so that you can rebuild or recreate that environment safely, making sure you’ve got controls in place around securely accessing your data and your system,” Hubbard said. “Recovering your infrastructure should be part of your recovery plan.”
The unpredictable and uncertain nature of disasters also means that recovery plans should allow some adaptability, added Hubbard.
“You need to have some level of flexibility because the catastrophic event might impact different parts of the business. You need to adapt to the situation that is emerging, but it should cover all your bases, including any third parties,” he said.
“You should have a good understanding of who those critical external partners are, the services they provide, and whether they might be impacted by [an event].”
The final component of a robust cyber risk mitigation strategy is cyber insurance, which Hubbard said is “absolutely critical” to empowering organizations.
“Cyber insurance helps you recover from the situation faster. It covers the costs of the actions that you need to take to get your business back up and running,” Hubbard said.
“While the requirements for getting cyber insurance are more stringent and premiums are going up, it provides organizations with the expertise and guidance to properly recover [from cyber incidents].”
How can organizations prepare for cyberattacks that strike after a natural disaster? Share your thoughts with us below.