Affect of Attacks on Partners

Thursday, April 9, 2015 @ 05:04 PM gHale


When the Shamoon virus struck Saudi Aramco a couple of years ago and wiped out 30,000 hard drives in the business enterprise, joint venture partners of the oil giant were shaking in their boots.

They knew an attack on a partner could mean big problems for them.

RELATED STORIES
BYOD, Cloud Security Risk Growing
DDoS Attacks Less Frequent, More Complex
Detected Vulnerabilities on Rise: Report
Insider Threat a Security Imperative

What they knew and others are learning is attacks on one organization can have a domino effect on partners, suppliers, vendors and even end users.

It’s a similar situation to that of electric grids a few decades ago, when a problem in one section would affect electric services throughout a much wider area, said Ray Rothrock, chief executive at Sunnyvale, CA-based security vendor RedSeal Inc., which just released a survey of C-level executives looking at the topic.

“Everything is interconnected,” he said. “You have to worry not just about your own network, but everything connected with it.”

According to the survey, 64 percent of respondents said a cyberattack would also affect other businesses, such as partners, vendors, customers, and other members of the supply chain.

Respondents also said a domino effect could extend to larger geographical areas — 59 percent, and potentially expose national vulnerabilities, at 56 percent.

Respondents also gave their opinions about what industries would end up affected by the ripple effect of a breach. Economic security was the top choice at 59 percent, followed by the financial industry at 53 percent, defense at 52 percent, national security at 47 percent, and energy and utilities at 46 percent. About a third selected health care, insurance, entertainment, retail, transportation, and education.

The bottom line is companies don’t just suffer from cyberattacks against their own infrastructure, but also ones against their partners, and that of other companies in their industry or geographical area.

“Good companies, with infinite resources, with the best engineers, with the best security systems, are still getting hacked,” Rothrock said. “All the bad guys have to do is get lucky once — and the company defending itself has to be lucky every single time.”

Now, when you add in the corporate partners and other connected networks, the risks seem even more insurmountable.

“We don’t have enough people,” said Rothrock. “These networks are so complex, they’ve been built by so many people, we don’t have the human capacity to understand them.”

This was the first year of the survey, which was to provide a baseline measure of the perceived ripple effects of cyberattacks.



Leave a Reply

You must be logged in to post a comment.