Introduction
As I have mentioned in my previous discussions, the modern war of these days is cybersecurity attacks. Cybersecurity attacks can be significantly impactful to organizations on the public and /or private sectors. Instead of risking the thousands of soldiers to perform and assault attack against a specific government, the same attack could be performed to make an impact that might be equal if not more that the military intervention. Nowadays, the most trending topic in the world is the cybersecurity. According to the American Federal Bureau of Investigation “FBI”, protecting the United States against cyber-based attacks and high-technology crimes is one of the top eight priorities of the bureau (FBI Website, 2016). Recently in 2017, the Kingdome of Saudi Arabia has suffered from a number of cybersecurity attacks targeted to attack a number of governmental entities and major industrial companies in kingdom. Tasnee, the National Industrialization Company, a leading petrochemical company and one of the largest titanium producer in the world, was a victim of a vicious cyber assault.
WHAT HAPPENED?
In January 2017, Tasnee’s computers suddenly malfunctioned and company’s data was wiped clean. According to Symantec investigation, a leading company in cybersecurity, a known virus called Shamoon was deployed by hackers with an intent of not only destroying Tasnee’s computers but to sabotage the firm’s operations and trigger an explosion. Hopefully, with the grace of god the explosion did not take place due to a mistake in the attackers’ computer code. investigators believe that such an attack could successful take place again on other organizations as most probably hackers have realized the computer code mistake and they have fixed it by now to lunch another attacks (Perlroth & Kraus, 2018). Tasnee started working to recover its business and operations, but unfortunately, the same unexpected attack was lunched against Tasnee on August 2018.
TASNEE REMEDY PLAN
Unfortunately, Tasnee was not ready in both of the hackers’ assaults to defend its infrastructure of such attack. Although, a specific cost was not publicly announce to quantify the impact, however, Tasnee has paid millions of dollars to replace the damaged computers infrastructure, investigate what happened and implement recent technologies and technique to prevent such incident to happen again. Tasnee suffered around a complete year trying to reconfigure its systems by restoring the backup tapes manually, which was the only solution at that time. All system configurations and data were lost in the attack. In order to mitigate cybersecurity assault incident from happening again, Tasnee has engaged IBM and Symantec to investigate the incident and to revamp the entire cybersecurity standers with the organization. Tasnee has engaged with a number of information security firms to implement a security operation center, enterprise incident response, conduct periodic vulnerability assessment and penetration testing exercises (S, 2018).
CONCLUSION
Tasnee has learned a lot from this experience, but learned such lesson in the difficult way. If were a business manager, I would implement a number of measured to ensure such assault never take place in the same form and even if such thing happens, the firm is resilient enough to survive and walk out of this war with a victory. Implement a complete business continually management system as per the ISO 22301 standard. Implementing the latest concepts of the ISO 27001 information security management and significantly increase the cybersecurity awareness on the corporate level by conducting training sessions, sending emails and implementing phasing framework to educate end-users and to increase the incident response resilience. Lastly, implementing a complete crisis management program to ensure that Tasnee has the mitigating measures if such crisis occur in the future.
References:
- FBI. (2016, May 03). Mission & Priorities. Retrieved from https://www.fbi.gov/about/mission
- Perlroth, N., & Krauss, C. (2018, March 15). A Cyberattack in Saudi Arabia Had a Deadly Goal. Experts Fear Another Try. Retrieved from https://www.nytimes.com/2018/03/15/technology/saudi-arabia-hacks-cyberattacks.html
- S. (2018, March 15). Saudi Arabia Investigating Critical Infrastructure Cyberattack. Retrieved from https://www.securitymagazine.com/articles/88818-saudi-arabia-investigating-critical-infrastructure-cyberattack
No comments:
Post a Comment