The cyber security industry, including Neuways, often talks about how a disaster can spell the end for a business.
Whether it’s a cyber attack or a data breach, an office fire or hardware failure – statistically, only 10% of businesses without a business continuity & disaster recovery (BCDR) plan survive a disaster.
But what do these statistics actually mean to you?
After all, the likelihood is that it won’t happen to you… right?
It is true that there was a time when the level of cyber risk was significantly lower than it is now, but that was a long time ago, when businesses relied less on IT and the internet.
This is not the case now – IT is the lynchpin behind many businesses’ operations, and with increased reliance comes increased risk.
This is best illustrated by looking at the following three cases – all of which were world leaders in their respective industries.
- SolarWorld led the way in solar panel technology due to its unique intellectual property – setting the business apart from its competitors.
- Westinghouse’s Nuclear powered most nuclear reactor designs in the global industry, making the business an enormous player in the energy sector.
- Finally, ATI Metals was – and remains to be – a key supplier of highly durable materials for the aerospace, defense, and energy sectors.
Enter Cyber Crime
Specifically APT1 – a state-sponsored cyber crime group operating out of China.
APT1 pursued an aggressive, sustained campaign against the three businesses, using well-crafted and socially engineered spear-phishing strategies to infiltrate the targets.
This phishing strategy bore fruit – granting APT1 access to SolarWorld, Westinghouse, and ATI Metals’ systems and allowing the cyber criminals to install a variety of secret backdoors.
This provided instant access to their victims’ data whenever they wanted it – and, crucially, the backdoors were virtually impossible to detect once installed.
”There were thousands of emails exfiltrated, many with sensitive data that would pose to serve all kinds of unfair advantages,” commented Ben Santarris, Director of Strategic Affairs.
Many of these emails contained trade secrets, including confidential intellectual property information and pricing models – not to mention personal data that could be used to directly harm SolarWorld.
As of 2017, SolarWorld was declared bankrupt as their trade secrets found their way into the products of competitors.
“…the conspirators stole, among other things, proprietary and confidential technical and design specifications… for those nuclear power plants that would enable any competitor looking to build a similar plant to save on research and development costs in the development of such designs.”
U.S. Department of Justice
This allowed Chinese competitors to price Westinghouse out of the market – using their own designs against them.
Essentially, Westinghouse designs, the envy of many in the nuclear industry, were stolen because somebody in the business clicked on an email that they shouldn’t have. The one advantage WestingHouse possessed over its competitors was lost in a single click, and in 2017 the business was declared bankrupt.
A simple error brought down an industry empire.
“Defendant WEN stole network credentials for virtually every employee at the company, which would have allowed wide-ranging and persistent access to ATI’s computers.”
U.S. Department of Justice
With instant access to virtually all of the machines within ATI, hackers were able to steal enormous amounts of business critical information. This information found its way into competitors’ hands and blunted the competitive advantage enjoyed by ATI.
Over a period of 4 years, ATI’s sales of $2.3bn plummeted to $1.2bn and continued to drop.
ATI Metals continues to trade, albeit at 50% of its value prior to suffering their data breach. It is, however, the only business of the three to survive.
Your Business and Cyber Risk
The point is this – cyber crime must feature significantly in your overall risk management strategy, whether you’re an industry leader or not. Acknowledging the dangers that cyber crime poses is the first step to securing your business against disaster.
Cyber warfare has changed. Cyber criminals are no longer disorganised individuals with a talent for hacking, or simple lone wolves looking to disrupt. Nor are cyber criminals simply seeking to steal a couple of credentials to sell on the dark web.
Commercial cyber warfare and theft of intellectual properties are very real threats to businesses.
And as our Managing Director, Martin, recently wrote – data is the currency of business and must be stored, secured, and protected at all costs.