Movies and television contribute to the popular image of hackers — solitary misfits disrupting business as usual from a poorly lit basement — and for the romantic notion that their actions are often cool, even if criminal.
In reality, cybercrime is anything but romantic — it’s becoming increasingly deadly. Cyber terrorism has grown up since “Hackers” popularized that myth decades ago: Now state sponsored cyber criminals operate in highly organized rings around the world — launching targeted killware that, true to its name, aims to cause physical harm. Cybercrime today is more sci-fi and action thriller than rom-com.
From targeting water and food supplies to transportation and hospitals, organized cybercrime attacks critical infrastructure. Designed to destroy, killware is the nuclear threat of cyber warfare — with increasingly wider-reaching consequences. The next war may be started remotely with a single click.
While killware has been around for decades, it’s growing more targeted — and more deadly. After an attempted hack of a water treatment facility in Florida, U.S. Homeland Security Secretary Alejandro Mayorkas warned the public that killware is increasing in frequency and gravity. Had the attack been successful, the damage to public health and safety could have been astronomical. And the lingering question is, “Was that attack just intended to test current defenses?"
Informational Technology (IT) and Operational Technology (OT) have become increasingly integrated since the widespread adoption of cloud computing — and cyber risk is intermingled as well. Gartner predicts that by 2025 attacks on operational technology (OT) environments will be weaponized with the intent to cause physical harm or even death — costing over $50 billion per year.
OT devices — typically older, expensive, and cumbersome to update — were built without considering the cybersecurity risks of the future, making them an easier target for entry into other systems. And hacking into a single device can take down all of the devices in an OT system.
OT is also connected to IT systems that carry their own cybersecurity risk — in 2017 the WannaCry ransomware attack infected Windows systems. From there, malware infected 70,000 devices throughout National Health Services Hospitals in England and Scotland, disrupting hospital services, communications, stalling ambulances, and putting lives at risk.
From consistently patching and updating legacy systems to applying a comprehensive cybersecurity framework, organizations can begin to protect themselves from killware. Here’s how you can further reduce risk today:
Get Patched Up: Mitigate attacks by patching early and often.
Update Your Legacy Systems: Legacy systems are chock full of loopholes and vulnerabilities. It’s time to modernize your legacy systems — or even upgrade to a new system.
Invest in Anti-Malware Software: Secure all systems with endpoint security software.
OT Cybersecurity Staff Training: Monitor your OT systems at each of your facilities. Train and prepare your staff members so they know how to respond in the event of an attack.
Maintain a Secure Backup Architecture: In case of attack, you’ll be ready with proper backup.