While it is possible for a cybersecurity attack to result in death, that doesn’t necessarily mean that was the intent behind the attack. But now we have a name for a newly emerging cyber threat where that is the intent, called “killware”. The goal of killware is as bad as it sounds – to cause death or physical harm.
And while cybersecurity attacks and data breaches have been linked to death or injury in the past – such as when a hospital is down during a ransomware attack and is unable to provide proper care to its patients – the intent of those attacks was still to extort the victim – in that example, the hospital – for money. The injuries were a byproduct.
But now, as we saw this past winter in Florida, physical harm isn’t a byproduct, it can be the goal.
In February 2021, a water treatment plant in Oldsmar, Florida was breached by a cyber attack. The hackers set out to contaminate the water supply by increasing the chemicals in the water to a level that would damage any human tissue it came in contact with. Fortunately, the attack was identified and stabilized before the unthinkable happened.
There are many reasons that this attack was frightening, but none more than the fact that this was not a ransomware attack that we are so often accustomed to hearing about in the news. The data wasn’t held hostage, and no extortion payment was demanded. The goal wasn’t to secure a ransom, it was just to contaminate the water, and ultimately to cause physical harm. Hence, killware.
Authorities fear this is not the last we will see of a killware-type incident. As you can imagine, killware attacks could target our infrastructure systems, transportation networks, hospitals, and even our individual homes as we connect more and more of our devices and security systems to the internet. As we continue to automate aspects of our daily lives, such as through autonomous vehicles for example, we create the avenue for a possible killware attack.
This is a new form of cyber-terrorism.
Technological-advancement isn’t going away, and instead will continue to develop at an exponential pace. And although the implications of killware are far worse than ransomware, mitigating the risk is still done in the same manner. Securing our technology is paramount. Beefing up your cybersecurity practices is not only critical to secure your organization, but also impacts your ability to secure comprehensive insurance coverage. Here are the highlights of today’s best practices:
- Multi-Factor Authentication (MFA) – Also known as two-factor authentication, MFA is used at the login process to validate a user by requiring two forms of authorization. A common scenario for MFA is when a username and password is required to access an application, but the user must also input a passcode received via text.
- Secured Remote Connectivity prevents unauthorized access to an organization’s information. And with the explosive shift to remote work since the start of the pandemic, securing your internet connection is more important than ever. Employing a virtual private network (VPN) at your home office, which is secured by MFA, is a great example of a cyber hygiene practice to secure your remote connectivity.
- Segregated Backups – If your network is compromised during a cyber incident and you back up your data on that same network, a bad situation just got worse. You can protect your data and potentially limit the impact of the attack by segregating your backup to a cloud-based server or offline location (ideally secured by MFA).
- Employee Training & Phishing Exercises – Frequent training is an effective and low-cost way to protect your business from a cybersecurity attack. By giving your employees the insight and tools required to better identify risk and fraudulent emails, you will also create a more cybersecurity-focused company culture.
- Cyber Incident Response Policies – Part of a comprehensive Disaster Recovery and Business Continuity planning initiative is a cyber incident response policy. This policy should include the steps to take in the event of an incident, a communications strategy, and the core team of internal and external stakeholders. And once it is complete, don’t forget to print it out in the event your network is compromised!
- Endpoint Detection & Response Tools – Next-generation anti-virus software and Endpoint Detection & Response (EDR) tools are critical to protecting your network endpoints, i.e.) servers and mobile devices. EDR will continuously monitor endpoints, as well as isolate and prevent the spread of a cyber attack.
- Encryption on Data at Rest and in Transit – Data at rest is stored in databases; it is not data that is actively moving through networks. By encrypting data at rest, it is protected, no matter where it is stored, for example, on an employee device. Data in transit – typically via email – should also be encrypted to prevent unauthorized access.
- Patch Management Programs – The process of making software updates that are required due to a bug or vulnerability is called patch management. A sound patch management program is a crucial component of a comprehensive cyber risk management program.
- Vulnerability Assessments and Penetration Testing – Identify weaknesses and flaws in your network with a vulnerability assessment and penetration testing.
- Supply Chain Risk Management – The partners you engage who access your data and network can make the difference between enhanced security, or none at all. You are as weak as the weakest link to your network or information. Protect your supply chain by working with third-party vendors and organizations who maintain strict cybersecurity practices. Have sound documentation identifying what access your partners have, and how that access is controlled. And review the contractual agreements to clarify who is responsible if something goes wrong.
While prevention is key, it is also vitally important to have proper insurance coverage in the event you still find yourself a victim of an attack. If injury or death occur as a result of a killware attack, comprehensive cybersecurity insurance can provide the safety net your business needs.
The standard Cyber Insurance policy has an exclusion for bodily injury. But with the emergence of malicious killware, the cyber incident is more likely to result in injury or death. Insurance carriers are addressing a small part of this risk by adding explicit coverage, though typically limited to only a few hundred thousand dollars. It is important to understand how your other coverages may respond, such as General Liability, Product Liability, and more.
It may seem dystopian that we have to worry about this type of cyber attack, but unfortunately, this is the world we live in. When a true killware attack is initiated, the perpetrators have one goal in mind – to cause physical harm. And while this can be terrifying, just as with any risk, it can be mitigated by following the appropriate best practices, as outlined above, and securing comprehensive Cyber Insurance.