Monetary damages through cyber attacks?

It is more reality then a ghost story for CIOs and CISOs
It is possible that cyber-attacks cause’s monetary damages as we have seen recently at the German government if the infrastructure or better to say the running systems on the infrastructure are heavily manipulated or damaged. In fact of that it is not secure just to reset the infrastructure because of the risk of getting infected again. This circumstances leads to high investments.

Considering technical possibilities the case study “Business Blackout” shows different scenarios of cyber-attacks at the American power grid and the possible impact. Even with a careful estimation the monetary damage was over $240 bn (around €219 billion), in worst case the monetary damage was up to $1000 bn (around 91.5 billion). Beside of the monetary damages there would be also heavy damages in the social structure of the country.

You are thinking now about that you are not responsible for a government IT or a whole power grid?

Well then let us take a look at the findings of the expert survey of intel security. They asked IT responsible for significant organizations and companies from the United States and Europe. 9 of 10 people said that they are victims at least once per year. But the average was of 20 cyber-attacks per year. 59% of them were talking about physical damages while 33% said that their provided services were disturbed and 25% approved that their data were compromised. Interesting at this is also the vulnerability. 2/5 of the questioned people think that they are not more or less vulnerable then in the past three years. 1/3 think that they got better in defend their systems while 1/4 is pretty sure that they got more vulnerable. But as the survey surprise show is BYOD not a factor for this problem, it is (and we are also convinced in it) the factor human which is the weakest part in chain.

How about you? Do you got attacked? Or maybe you don’t know it?

It doesn’t matter in which position and for whom or what you are working the only difference is about the awareness. Managers, employees or IT specialists with an open ear and in best case with one or two open eyes protect your company better the any anti-virus scanner. The methods to get into your organization are multifaced and change rapidly and your data and information has mostly a higher monetary value as they looks.

Sources: http://www.mcafee.com/us/resources/reports/rp-aspen-holding-line-cyberthreats.pdf https://www.lloyds.com/~/media/files/news%20and%20insight/risk%20insight/2015/business%20blackout/business%20blackout20150708.pdf