What are the Physical Risks of a Cyber Attack?
Most of the news we hear surrounding cyber attacks concerns personal data and the GDPR. What is often overlooked, however, is the physical dangers of a cyber-attack.
Cyber-attacks that cause physical damage typically occur when a hacker gains access to a computer system that controls equipment in a manufacturing firm, refinery, power station or similar operation. Once the hacker gains access to an organisation’s machinery, they can then control that equipment to damage itself, other property, or in some cases harm employees.
Incidents can occur in a variety of ways, including phishing scams, internet exchange point attacks, breaches of unsecured and unencrypted devices, and even plots carried out by rogue employees.
Many experts cite power and energy sector organisations as the most at risk. However, any sectors where Industrial Control Systems (ICSs) are used. This applies to utilities, telecommunications, oil and petrol, petrochemicals, mining and manufacturing.
ICSs are open computer systems used to monitor and control physical processes as well as streamline operations and repairs. ICSs are not often designed with security as a primary consideration, which leaves them susceptible to attack. Furthermore, even if the attack doesn’t cause damage, the disruption alone can result in significant losses.
In August 2017, a Saudi Arabian petrochemical plant was hit by a cyber-attack that would have had devastating consequences. The attack was unique in that it wasn’t designed to steal data or money, instead, the hackers set out to sabotage their operations and trigger an explosion. If it hadn’t been for a mistake in the attackers’ code, an explosion would have been triggered remotely and not only would the plant have been destroyed but many employees could have died.
While an attack on this scale might be unlikely for your business, a cyberattack could shut down your operations by hijacking your systems. The last thing you want to find after such an attack is that your cyber insurance does not cover (fully or otherwise) an attack resulting in physical damages to tangible property.
While it’s important to speak with an insurance broker about your options, there are steps a business can take by themselves to protect physical assets from cyber-attacks.
1) Keep all software up to date
2) Back up files regularly
3) Look into security for ICSs
4) Train employees on common cyber-risks and what they should do if they notice anything amiss
To make sure you have adequate protection, speak to one of our specialist advisors who can review and tailor your cover to your specific requirements by requesting a quote through our website or phoning our team on 0330 1240730!