Cyberattacks can paralyze a company’s activity
Table of Contents
Security incidents can undermine business continuity and paralyze a company’s activity, generating substantial losses
87% of SMEs fear that a cyber-attack could paralyze a company’s activity. This figure from a study on the challenges facing companies regarding cybersecurity is extremely graphic.
It is not only large multinationals that may suffer service interruptions and see their business continuity undermined.
Why? In 2024, almost all companies are fully digitized. Computers, IoT devices, servers, applications, software… They are all critical assets for companies and essential for their operations.
Most companies cannot carry out their activities if they cannot use their IT systems.
Below, we will explain the keys to cyber-attacks that can paralyze a company’s activity and the importance of having cybersecurity services in place to prevent this type of incident or limit its impact.
1. Stealing data and paralyzing a company’s activity.
It is enough to read the news to know that new cyber-attacks against companies occur daily to steal data on their customers, partners and employees. Some of the most notorious security incidents this year, such as the one suffered by the DGT, have involved the theft of personal information to commit a wave of digital fraud against citizens.
However, this trend should not make us lose sight of the fact that some cyber-attacks lead to information breaches and can even paralyze a company’s activity.
The Italian division of Synlab, a multinational company that provides diagnostic and medical testing services in more than 30 countries, had to take its IT systems offline to prevent the spread of a ransomware attack and limit the scope of the security breach it caused.
As a result, Synlab had to suspend both laboratory analysis of the samples it had already collected and the collection of new samples. In other words, by using ransomware, the malicious actors could not only access thousands of patients’ personal and even medical data. Still, they were also able to paralyze the company’s business.
2. Disconnect IT systems to isolate malicious actors and expel them before they can do more damage
The incident suffered by Synlab Italia is evidence of the usual evolution of most attacks that succeed in paralyzing a company’s activity. First, criminals gain access to a company’s systems. Then, they use malware to accomplish their malicious goals. The company’s security mechanisms detect hostile activity, and any affected systems are taken offline to reduce the impact and contain the malicious actors.
For example, this happened in a recent incident suffered by Microchip Technology, a US company that manufactures microchips for more than 120,000 companies in multiple sectors: industry, automotive, aerospace, defense, etc…
As a result of disconnecting some of its systems, Microchip Technology was unable to handle new orders from its customers, and its factories’ activity slowed down.
Something similar happened after the cyber-attack suffered by DP World Australia, the main operator of the country’s ports, which handles 40% of its maritime cargo. Due to a cyberattack, the company interrupted its operations on November 10, 2023. It was not until November 13 that it was able to resume its normal activity and needed another week to release the containers accumulated during the paralysis of its activity.
To make matters worse, this incident occurred on the eve of Christmas, a critical period for maritime traffic. Not only did DP World Australia suffer the consequences, but the repercussions extended to thousands of businesses.
3. Paying a ransom to restore systems
In some incidents, the inability to use corporate IT systems is not because the company has switched them off to contain the attack but because the malicious actors have taken control of them.
Thus, the American Radio Relay League (ARRL), a non-profit organization that brings together US amateur radio stations, suffered a large-scale cyberattack that affected its cloud and on-premise systems. Its computers and servers were rendered unusable. The hostile actors used ransomware. It should, therefore, come as no surprise that they offered ARRL access to decryption tools and prevented the data obtained from being made public in exchange for a ransom payment.
At the end of August, the organization acknowledged paying $1 million in ransom, a practice strongly discouraged by law enforcement authorities and cybersecurity experts.
This incident is particularly interesting because it did not involve a large company but a non-profit organization. Why did the hostile actors target it if it lacked the financial resources to pay ransom in the millions? Thanks to its insurance money, they were counting on the organization to pay the ransom.
So, it should come as no surprise that attacks aimed at paralyzing a company’s activity are directed not only against large corporations or public administrations but also against SMEs or social organizations.
Incidentally, despite paying the ransom, ARRL has not been able to restore all of its systems months after the incident. This also warns the public about the effectiveness of accepting blackmail from cyber criminals.
4. Putting business continuity at risk in multiple sectors
The previous cases also allow us to visualize another of the aspects we must consider regarding cyber-attacks that manage to paralyze the activity of a company. No economic sector is safe.
At the end of August 2024, Halliburton, a company that provides drilling equipment and oil services to the world’s leading energy companies, reported a security incident that forced it to take its IT systems offline and impacted its operations worldwide.
Healthcare, industry, transportation, energy, communications… You don’t have to go far back to find examples in other sectors.
At the beginning of the summer, the Frankfurt University of Applied Sciences suffered a cyber-attack that impacted its day-to-day business. For example, online enrollment could not occur at a critical time for this activity because the systems were offline. The institution was also cut off from outside communication by email and telephone, and even the elevators stopped working due to fears of accidents.
5. When paralysis spreads through the supply chain
Given that most companies today rely on a variety of technology providers, we must keep in mind that paralyzing one company’s activity can damage thousands of organizations.
For example, in June, CDK Global, a company that provides management software to thousands of dealerships in the United States and Canada, suffered a cyber-attack that affected the operability of its software. As a result, many dealers had to revert to paper to market their vehicles and serve their customers’ needs.
Similarly, in some of the incidents we mentioned in the previous sections, there was also a replication of the effects of a cyber-attack on the supply chain. For example, given its relevance, the Halliburton incident reverberated throughout the global energy sector.
Similarly, a cyber-attack on Seattle-Tacoma airport, one of the most important airports on the West Coast of the United States, caused the check-in system to fail and many flights to be delayed for more than four days. This paralysis in activity had repercussions on the airlines operating at the airport, especially those that use it as a hub, such as Alaska Airlines and Delta Air Line.
We not only live in a fully digitalized world but also a highly interconnected one.
6. Million-dollar losses, reputational damage and legal disputes
What are the main consequences of cyber-attacks that put a company’s business at a standstill?
- Direct economic costs are associated with the investment that must be made to contain the attack and restore normality.
- Economic losses resulting from the paralysis of operations or their slowdown.
- The reputational damage undermines customer relationships and limits the company’s ability to attract new customers and partners.
- Administrative sanctions are applied if all the rules governing corporate cybersecurity are not complied with.
- Legal disputes with affected customers, employees or partners, especially in cases where confidential data is stolen in addition to paralyzing a company’s activity.
To all this, we must add the possibility that the paralysis of the activity of a company that operates critical infrastructures may lead to damage to people’s health.
7. Cybersecurity services to prevent, detect and respond to attacks
Given the severity of the consequences of malicious actors being able to cripple a company’s business, many organizations will be asking themselves, “What can we do to prevent these kinds of incidents?”
Companies have at their disposal a wide range of cybersecurity services that are designed to increase organizations’ defensive capabilities and optimize their attack detection mechanisms:
- Penetration testing services. To detect critical weaknesses affecting business assets that malicious actors can exploit.
- Vulnerability management. To manage vulnerabilities affecting corporate IT infrastructure throughout its lifecycle and prioritize mitigation.
- Emerging vulnerabilities service. To monitor the emergence of new vulnerabilities and act immediately to prevent zero-day attacks.
- Systems hardening. They allow the security level of a corporate technological infrastructure to be checked and propose improvements to increase its protection.
- Red Team services. Red Team professionals can design specific attack scenarios and test how an organization would respond to a security incident affecting its business continuity. In this way, the training of defensive teams can be improved, and valuable information can be obtained to improve the organization’s resilience to attacks.
8. Incident response is critical to avoid company paralysis
Beyond the relevance of the cybersecurity services we have just described, all companies need to have an incident response service to prevent paralysis of their day-to-day business. Or, at least, limit it in time and contain the attack’s impact.
The keys to proactive incident response
In this regard, opting for a proactive incident response with preparation is vital. Why?
- Cybersecurity professionals can respond to a cyberattack in less than 1 hour because they know the corporate infrastructure and have effective communication flows.
- Readiness assessments, compromise assessments, mock incidents, and threat analyses have been performed before an incident, providing invaluable information when responding to an attack.
- A comprehensive and customized incident response plan is available, which speeds up the deployment of measures to contain the attack.
- It is possible to understand the incident as quickly as possible, begin investigating it early, and identify the scope of the compromise to take appropriate action.
- Specific and customized measures are orchestrated to minimize the impact and proceed to expel the hostile actor from the corporate infrastructure. At the same time, we seek to ensure that it cannot re-compromise the company’s assets and that normalcy is restored.
- The information obtained during incident management is collected and analyzed to understand what happened and implement improvements to prevent a similar incident.
In short, cyber-attacks that manage to paralyze a company’s activity and damage its business continuity are the order of the day. No company, regardless of its size or sector, is free from them. Therefore, it is essential to have a proactive strategy to help prevent such incidents and manage them successfully if they do occur.