Tough Love: The Relationship Between Businesses and Cyberattacks

Production is up, profits are up, your new ICS Industrial Control system, which you installed last year, is working. Everyone is happy. Until one morning you come to work and your entire production line is down, shut, stuck like a broken-down car on the highway — you are going nowhere. Except this is far more serious because your business has just been taken over by hackers.r

You've been attacked, you've been hacked and your company is now in the hands of criminals. The fear, the uncertainty and the reality has just come to the surface and now panic and mayhem is just around the corner. You've realized that global inflation, recessions, supply chain issues and labor shortages are now the least of your worries because if you can't produce your goods, you essentially no longer have an active business.

This is the ever-increasing reality we have become accustomed to in the modern era where most manufacturers, factories, energy and industrial companies are controlling their businesses and processes by using Industrial Control Systems, such as SCADA systems and PLCs, for better functionality, to better operate and automate, keeping up with the demands of the modern world.

Industrial Control Systems (ICS) help manufacturers achieve consistent product quality across their entire production process. In simple terms, it can meet the demand for precise specifications and quality and to avoid human error. The upside of having Industrial Controlled Systems is that they massively improve efficiency, production and, therefore, the probability of increasing profits and, in most cases, staying two steps ahead of their competitors.

That's the upside. But with every upside, there are usually downsides. Today, it's the modern age threat to businesses and society in general. That threat is hackers and cyberattacks. And they are around every corner, looking, observing, exploring and exploiting cybersecurity weaknesses and employee vulnerabilities, ready to pounce on cybersecurity frailties. This is getting more common and is now a major concern for businesses.

What is the cause-and-effect relationship?

It's fair to say that there is definitely a cause-and-effect relationship here when it comes to the increase in cybercrime. Cyber criminals understand the low risk but high reward for targeting companies, which include phishing, ransomware, identity theft, illegal money requests (ransom requests) and, now, more sophisticated attacks, such as hacking into your network and effectively shutting down your plant, your e-commerce website, your chemical factory or the destruction of critical infrastructure.

A cyber criminal's low risk is that they hide behind a network but because they have the capability to cause huge damage, they know that they potentially can receive high rewards at low risk to themselves.

Picture this: You own a factory, nuclear power plant or a gas and oil company. What would you do as a CEO of a company to protect your business and its people? If it got shut down tomorrow by a cyber criminal, what would you do? You might do something irrational out of desperation and pay the hacker to give you back control of your business. Cyber criminals know this and will try to exploit you.

I want to give you some tough love because there are still many businesses that are not paying attention to their own cybersecurity vulnerabilities. I want to share with you a handful of cause-and-effect relationships related to cybercrime.

Ignorance (cause), lack of knowledge (cause), negligence, lack of care and diligence (cause), lack of cybersecurity awareness (cause), lack of willingness to protect the business (cause). As you can see, these are all causes that ultimately, cause hackers to hack into one's system.

The effect is the serious consequences of losing your business (effect), losing massive amounts of money (effect), loss of life due to damaged critical infrastructure (effects), loss of important confidential client data (effect), lawsuits from clients or vendors (effects), loss of business production costing companies millions (effects) and the loss of intellectual property (effect),

As you can see, the above are all examples of the cause-and-effect relationship of businesses being hacked. You might argue and say that this is just a theory. But it's not. Here are some real-life stats:

According to McAfee, cybercrime costs the global economy more than US$1 trillion, which is roughly 1 percent of global GDP.

By 2025, it forecasts that the global impact will cost US$10 trillion.

According to the FBI, in 2019 the cost to the US came to US$3.5 billion.

The average ransom demand is over US$100,000 and continues to grow each year.

And the threats are global. They are on your door stop, whether you care to admit it or not.

This data is free and readily available anywhere and I urge you to have a cybersecurity health check. Tough love is needed to enable you to have a prosperous and pain-free future.

As the old saying goes, be more concerned with what you don't know, rather than what you do know to avoid cyberattacks.