In “Infrastructure under attack: The next ransomware wave” Infoworld explores the next wave of ransomware – attacks on infrastructure. It’s a very scary thought.
We’ve seen many attacks on medical facilities. At best, these attacks have been expensive and disruptive to these organizations. And, they have had the potential to threaten the lives of patients. Yet, these were not the most dangerous hacks, nor the hardest to deal with. Yes, they (hopefully temporarily) may have hidden important medical information about patients. But, they didn’t directly cause harm to the patients. And in most cases organizations were able to limp along and get back to normal operations fairly quickly.
What happens when your infrastructure gets hacked though? When the machines that do the work stop working or, worse, do the wrong thing? And what happens where they do the wrong thing but pretend to do the right thing? This is a nightmare scenario.
The tools are out there. Use them. Because as expensive as it is . . . it will much, much more expensive to deal with a successful attack. And the cost may not be just money.
Even with the false readings, it might not take too long for people to realize that something is wrong. But, it doesn’t take too long to do an enormous amount of damage. When you are talking about medical equipment, a half an hour could mean lives. Whether it’s the wrong doses of medication, heart pumps that stop working, radiation at the wrong levels, the possible effects are almost too horrible to contemplate.
Even outside of a medical setting, though, the implications are scary. The research in the article was done on water control systems. The researchers were able to simulate a situation where a hacker could literally poison all of the drinking water in an entire district by dumping unsafe levels of chlorine into the water. How do you recover from an attack like that?
Better yet, how do you prevent such attacks? While it may not be possible to totally prevent every attack, it is possible to greatly reduce your vulnerability. It takes real investment and a multi-factor approach. Some of the pieces are perimeter control, endpoint management, and segregation of networks all need to be covered in your plan.
The tools are out there. Use them. Because as expensive as it is to implement good security for your infrastructure, it will much, much more expensive to deal with a successful attack. And the cost may notbe just money.