Are you prepared for a cyber attack?
On Thursday morning the New York Times announced that, over the past four months, Chinese hackers have been perpetrating a campaign of attacks on the paper’s computer systems.
Here are more details from the Times article, written by Nicole Perlroth, that broke the story:
The timing of the attacks coincided with the reporting for a Times investigation, published online on Oct. 25, that found that the relatives of Wen Jiabao, China’s prime minister, had accumulated a fortune worth several billion dollars through business dealings.
Security experts hired by The Times to detect and block the computer attacks gathered digital evidence that Chinese hackers, using methods that some consultants have associated with the Chinese military in the past, breached The Times’s network. They broke into the e-mail accounts of its Shanghai bureau chief, David Barboza, who wrote the reports on Mr. Wen’s relatives, and Jim Yardley, The Times’s South Asia bureau chief in India, who previously worked as bureau chief in Beijing.
Not the first
The Times is not the only major news outlet to be attacked this year. The BBC’s Farsi-language service in London was disrupted not two days after the company announced huge growth in the audience for its Persian TV service, and the international news service Reuters actually had hackers succeed in publishing a false announcement stating Saudi Arabia’s foreign minister had died.
While many signs indicate that the attacks against news outlets and government-associated companies could be politically motivated, essentially cyber-spying, what’s to stop hungry and morally-deficient corporations from doing the same to the competition?
It’s up to you
Even if you don’t think it does, your organization’s computer network holds information that is plenty valuable enough to steal. Design specs, release dates, shipping schedules and vendor contacts are just a few of the items that your competitors would very much like to have in their possession.
How about those dirty or incriminating emails (someone’s got them on their machine!) that could be used for blackmail or simply aired to trash your reputation?
A dedicated and skilled hacker could literally have access to every piece of information that crosses your network for years without ever being detected. Every credit card number, company cards and customers’. Every email, Tweet and Facebook message sent from a company computer, personal or work related. Every discussion with customers. Every new idea. Every disagreement. Every. Single. Thing.
Cybersecurity and crisis management
If you haven’t already included cybersecurity risks in your crisis management planning, you’re well behind the curve. We’re not talking installing an antivirus on all of the computers, either. According to the Times, attackers installed 45 pieces of custom malware on their systems, only one of which was identified by the Symantec antivirus used by the newspaper.
One of the best things you can do to help reduce the impact of cybersecurity risks is get your IT and PR/crisis management departments talking. Together, they should be able to put together a plan of action for preventing, detecting and defeating cyber threats, as well as the business crises that are likely to accompany them.
It’s also crucial to put aside time to educate anyone with access to your network regarding safe internet use, signs their computer has been compromised and the common methods used by hackers to get their foot in the door, many of which are not tech-based at all but rather revolve around social engineering, or the art of manipulating people into performing actions or releasing information they otherwise shouldn’t.
Incidents of cyber attacks are skyrocketing as our world relies increasingly on the Internet for even basic functions. Protect your organization from cybersecurity risks, start preparing today.
For more resources, see the Free Management Library topic: Crisis Management
[Jonathan Bernstein is president of Bernstein Crisis Management, Inc., an international crisis management consultancy, author of Manager’s Guide to Crisis Management and Keeping the Wolves at Bay – Media Training. Erik Bernstein is Social Media Manager for the firm, and also editor of its newsletter, Crisis Manager]