Online attacks no longer affect just digital businesses – they have real world ramifications.
Much of the focus around the impacts and effects of cyberattacks is paid to the way it can change a business and the way it works. But there are more significant knock-on effects that we should be wary of – and ones that the average public are all too conscious about.
Almost nine in 10 people surveyed by Armis, a security platform provider, believe that cyberattacks on critical services, such as oil suppliers, healthcare services, police departments or water treatment facilities, could have a major impact on everyday life.
Those reactions are stoked by the revelations coming out of the cybersecurity world, and the way in which online attacks are having offline ramifications. After hearing about the cyberattack on Florida’s water treatment facility, nearly half of respondents said they thought about, or did, stock up on bottled water. Similarly, 42% thought there would be long term implications to the US fuel supply following the ransomware attack on the Colonial Pipeline last month.
Online worries turn to offline fear
“It is clear from this study that cyberattacks are impacting the UK working population, so much so that some would even consider stocking up on bottled water as a result,” said Andy Norton, European cyber risk officer at Armis.
“With cyber gangs unrelenting in their advances, they are showing no mercy when it comes to potential targets – even when it comes to critical services that the public relies on. Therefore, these organisations should make cyber resilience a number one priority for the time-being; however, they certainly don’t have to feel helpless when doing so.”
The fear of online attacks bleeding into the offline world isn’t new. Academic research has shown how two UK-based cyber incidents – an attack against Lloyds Banking Group and the infamous WannaCry attack, which affected the UK’s National Health Service, both of which were launched in 2017 – affected the behaviour and attitudes towards risks of people after the event.
Fool me once, shame on you
“Victims of fraud and computer misuse who have been victimized before might take measures to avoid becoming a victim again in the future,” said Maria Bada of Cambridge University and Jason Nurse of the University of Kent.
“The vast majority of victims of fraud and computer misuse have only been victimized once, with only a small proportion saying they have suffered two or more times. Statistics support this claim indicating that users can be quick to learn from their mistakes when they become victims of computer crime.”
More concerningly, people had real world fears following the WannaCry attack because of the way they recognised that incursions weren’t simply limited to the online world anymore.
WannaCry was a precursor to the world we have today of constant attacks on infrastructure that don’t just affect the internet and those on it, but people who have no tangible digital connection to the victims of the attack.
“The psychological impact of WannaCry was significant,” said the UK academics. “For many it resulted in worry, anguish, disbelief, and a sense of helplessness.”
Of course, the key thing to avoid feeling hopeless and helpless is to not fall victim of any attack in the first place. That’s easier said than done, however. But there is some advice out there. “Have a plan in place, not just from an IT perspective, but also a communication one,” advises Norton. “Identify who internally – even if you call in a third party for help – will take charge of the situation if the worst should happen and who will make the important decisions.”
And once you have a plan in place, test it, Norton says.