What does the new cyber reality look like?
The cyber stakes changed for businesses in 2017. Nation states targeted private companies. Corporations lost billions in market capital. CEOs were toppled from office.
This is the new cyber reality.
In 2018, two emerging trends will complicate this dynamic even further—tough new regulations and frightening new vectors of attack.
FireEye and Marsh & McLennan, both leaders in our respective sectors, have collaborated to produce a cyber white paper specifically for c-suite executives and public company board members. As part of Marsh & McLennan, Bluefin Professions is now able to share this report with our clients.
Executives and board members start on unfamiliar terrain in two ways. First, with limited exceptions, we are digital immigrants — not digital natives. We are more likely to have studied humanities in college than computer science. IT executives at our companies brief us, but, unlike so many other operational or financial areas, we may not have an intuitive feel for the right answer.
Second, throwing more money at the problem will not make this issue go away. Most companies can double their IT security budgets and still be exposed. The recently disclosed “Meltdown” and “Spectre” vulnerabilities — potentially impacting computers around the globe — highlight this point.
So we are all engaged in a race without a finish line. In this report, we share five tangible, and practical, suggestions for your consideration. Our collective objective is enhanced cyber resilience—not perfection.
Three Events in 2017 that changed the Cyber landscape
- On May 12, 2017, the Wanna Cry ransomware attack cascaded across the globe, and we watched as a selfperpetuating “worm” jumped across networks and infected more than 300,000 computers in 150 countries. In the United Kingdom alone, more than 80 National Health System hospitals were impacted, resulting in cancelled surgeries and diverted ambulances.Tom Bossert, the homeland security advisor to President Donald Trump, attributed the attack to North Korea: “North Korea has acted especially badly, largely unchecked, for more than a decade... WannaCry was indiscriminately reckless.”
- A month later in June 2017, the NotPetya virus was launched in Ukraine and rapidly spread across the world. NotPetya’s “wiper” malware was even more nefarious than the WannaCry ransomware because the infected data was destroyed rather than merely held hostage. Consumer Three events in particular changed the cyber stakes in 2017. goods manufacturers, transport and logistic companies, pharmaceutical firms and utilities reportedly suffered over $1 billion in economic losses in the aggregate.
- The summer of cyber woe peaked in August when a well respected consumer credit reporting agency reported the loss of personal records for almost 150 million people. The reaction was swift and severe. Within days, the market cap loss exceeded $5 billion. The Federal Trade Commission and both houses of Congress launched investigations. The company’s chief information officer, chief information security officer, and later, chief executive officer, all stepped down in the aftermath of the breach.
So, in our opinion, 2017 goes in the record books as the worst year in cyber security history.
Download and read the full report here.Sources1 “Ransomware attacks leave insurers and businesses exposed,” by Patricia L. Harman. (PROPERTYCASUALTY360.COM, June 1, 2017). (accessed at http://www.propertycasualty360.com/2017/06/01/ransomware-attacks-leave-insurers-and-businesses).2 “It’s Official: North Korea Is Behind WannaCry,” by Thomas P. Bossert, WALL STREET JOURNAL (Dec. 18, 2017) (accessed at https://www.wsj.com/articles/its-official-north-korea-is-behind-wannacry-1513642537).3 See NotPetya Ransomware Attack Causes $375M Loss for Pharma Giant Merck, Approaching $1B In Total Damages,” (SNIP.COM 11/2/2017). (accessed at https://www.snip.today/post/notpetya-ransomware-attack-causes-375m-loss-pharma-giant-merck-approaching-1b-total-damages/).“Shipping Company Maersk Says June Cyberattack Could Cost It Up To $300 Million,” (CNBC Aug 16, 2017). (accessed at https://www.cnbc.com/2017/08/16/maersk-says-notpetya-cyberattack-could-cost-300-million.html).“NotPetya’s Cost to FedEx: $400 Million and Counting,” (THE SECURITY LEDGER, Dec. 22, 2017). (accessed at https://securityledger.com/2017/12/notpetyas-cost-fedex-400-million-counting/).4 “Retail Upheaval, Data Breaches and Tech Innovations.” (WSJ, Dec. 2017). (accessed at https://www.wsj.com/articles/retail-upheaval-data-breaches-and-tech-innovations-1513703018)