Why Severe Weather Events Act as a Welcome Sign for Hackers

Sep 8, 2022
Kenna Security

Share with Your Network

Just within the last month, record heat waves are roasting the west coast, deadly floods continue to pummel Pakistan, and states around the nation are beating back wildfires.  

There is no shortage of gut-wrenching headlines describing the latest catastrophic weather events. But as people watch on from the sidelines, a different kind of catastrophe is brewing—cyberattacks. True to post-pandemic norms, attackers are striking when organizations and communities are the most vulnerable, often after a natural disaster, which are in great supply. While Security and IT teams are distracted with evacuations, downed services, or managing their own personal safety, cybercriminals will swoop in and levy an attack in the hopes of capitalizing on weakened defenses or catching an unmanned environment.  

Patterns are starting to appear in storm-prone states like Louisiana and Florida that point to an increase in attacks following a hurricane. This is also true for landlocked areas that experience tornadoes or wildfires. With an uptick in the number of crippling natural disasters, attackers are having a field day.  

The cost of being caught unprepared 

As public entities become popular targets for cybercriminals, the widespread consequences of what happens when teams are caught unprepared is sinking in for many. Over this past Labor Day weekend, a ransomware group carried out an attack against the Los Angeles Unified School District, the second-largest school district in the nation. If it hadn’t been detected early on, the scenario would have caused massive disruption and inoperability for the district and its 40,000 students. In 2019, Albuquerque’s largest school district was forced to close for two days after a ransomware attack, costing nearly $18 million.  

But private companies aren’t immune to attacks that carry large-scale ramifications. IT environments and supply chains are becoming increasingly complex, upping the number of potential entry points for threat actors—and the number of impacted parties. One of the most famous examples in recent years is the Colonial Pipeline attack which locked up gas stations and distribution channels for days and resulted in a state of emergency for a brief period.  

Timing attacks to coincide with national holidays is a popular strategy since staffing is often thinned out during these stretches, leaving defenses weakened. This is why natural disasters act as a devastating welcome sign for hackers chasing down vulnerable targets. And the potential losses are immense, especially when public entities become the target; not only do the dire circumstances increase the price tag to take back control, but human lives are put at risk if emergency response systems are compromised.   

Top analysts underscore the need for resilience  

Earlier this year, Gartner released several ominous cybersecurity predictions for the near future, centered around how risk will shape our working world in the next two to three years. Considering the emerging trends between natural disasters and cyberattacks, two predictions stand out from the pack.  

Gartner predicts that by 2025, 70% of CEOs will establish a culture centered around organizational resilience to survive the heightened threat landscape. Beyond severe weather events, organizations will need to consider threats from increasing cybercrime, civil unrest, and geopolitical tensions. Traditional vulnerability or business continuity management won’t cut it in the fight against these future risks. Instead, organizational readiness and response needs to be coordinated across the entire environment, encompassing employees, leadership, customers, and vendors.  

Leveraging weather events to compromise data and wreak havoc on communities is the tip of the iceberg. Gartner anticipates that in two years, threat actors will be exploiting environments with the intent to cause human casualties.  

These sobering forecasts offer extreme caution as well as hope. Gartner underscores the importance of organizational resilience in the face of increasing dangers and the stark realities of the future. 

Invest in resilience to weather the storm 

Building security resilience is quickly emerging as a main priority for the public and private sectors. Business and security leaders view the ability to navigate unknown threats and change with confidence and bounce back from attacks as the key to ensuring long-term success. Security resilience ultimately provides protection and support for all other business-critical investments and assets, and is the linchpin to achieving organizational resilience. 

A recent PwC survey uncovered that risk management leaders are placing a strong focus on building resilience to better navigate the coming years. Of the Chief Risk Officers and risk leaders surveyed, 48% said they plan on improving collaboration along the main lines of defense, 44% are working to better their security posture, and 40% are working to evolve how their organization approaches risk on the whole.  

The PwC report highlighting these survey findings also points out that resilience is an enterprise capability, and demands company-wide synchronization to maximize the outcome. This means that company technology, culture, and collaboration should be aligned around risk. It’s no easy task, but the same PwC survey found that more and more roles outside Security and IT prioritizing cybersecurity risk, priming the pump for a resilience revolution. 

Navigate with confidence through rain or shine 

Weather-related events act as a great equalizer. Every organization, regardless of size, industry or resources, is faced with the task of survival and recovery. The last thing a team needs is to be attacked in such a vulnerable state. To ensure that doesn’t happen, you need to start laying the groundwork for a strong foundation of security resilience.  

Cisco recognizes this need and is poised to help organizations establish a flexible and secure framework for the future. To that end, Cisco is building a multi-cloud, enterprise-security platform to support flexible, open architecture that will help teams hunt down and assess threats, identify the vulnerabilities most likely to pose a risk to that organization, and speed up response times.  

We’re barreling toward a future filled with more unknown threats and ongoing disruption; a future that rewards the resilient.  

Explore Cisco’s vision for your security resilience.  

Read the Latest Content


Road Mapping Your Journey to Security Resilience

To help CISOs build security resilience, we’ve gathered essential resources that highlight best practices, expert insight, actionable tips. 

Public Sector Security: Making the Case for Going Risk-Based

Even with risk-based vulnerability management on the rise, public sector security leaders still need to make a winning business case.

From Gartner, a Future Defined by Risk and Resilience 

The Gartner Security & Risk Management Summit in Sydney revealed eight predictions made by leading cybersecurity experts.

© 2022 Kenna Security. All Rights Reserved. Privacy Policy.