Cyber-attackers "greatest hits" and how to prepare

Cyber-attacks continue to increase, and the organisations being targeted are changing. Forty-three per cent of all Cyber-attacks are now aimed at small businesses. A business falls victim to a ransomware attack every 14 seconds, and the global cost of online crime is expected to be $6 trillion by end of 2021. Read more here.



Below are some famous cyber-attacks and their impact.

  • Yahoo 2017 - Russian intelligence stole usernames and passwords. Yahoo disclosed the attack publicly in different tranches, 500 million initially and then over another 500 million. The impact was the value of Yahoo when acquired and reduced their purchase price by $350 million (8%)

  • Target 2013 - HVAC external third party software connected into the broader enterprise was hacked by a criminal organisation, and credit cards were stolen (1-3 million of these were bought on the black market of the 40 million stolen). The response to the attack was poor, as staff were alerted by alarms but didn't follow through. The impact was the CEO and several other executives being fired.

  • Wannacry 2017 - an attack across several organisations that had not patched known vulnerabilities susceptible to the malware used. The hackers requested a bitcoin ransom, known as a ransomware attack. The impact was the NHS reverting to paper processes and turning patients away.

  • Anthem 2015 – 80 million people had their personal information stolen as this data was not encrypted. The FBI were involved immediately, and Anthem were praised for their response. Anthem had some very good practices, and it reduced the consequences; however, the impact was litigation of $115 million lawsuits for customers and shareholders.

  • Forty-six financial service firms 2011 to 2013 – Iran, where sanctions were being implemented due to a developing nuclear capability, flooded websites of these organisations with DDOS attack, rendering them inoperable. The government and industry collaborated to share best practices. The impact was the erosion of customer confidence.

For any organisation, the goal of Cyber-security is to protect confidentiality, integrity, and availability of organisational information systems.


How can an organisation prepare?

It begins with a correlation of information system elements (systems, network and data) with an organisation's mission, identifying the most critical elements based on the cost of disruption. There are three steps –

  1. Determine the mission / business process and recovery criticality – what is the impact of this if it is unavailable? What is the maximum time it can be offline?

  2. Identify resource requirements – to return to service, software, personnel, hardware and critical systems.

  3. Identify recovery priorities for system resources - arrange the systems in priority.


Preparation has two components; a combination of preventative measures to mitigate the threat of attack and an incident response plan to recover access to information systems in a timely manner when attacks occur.