Business Solutions
  INCENTIVIZING INVESTMENTS IN CYBER SAFETY FOR BUILDINGS
LUCIAN NIEMEYER
CEO
Building Cyber Security
THE COLONIAL PIPELINE CYBER INCIDENT that shook the nation started with an e-mail received at 5:30 am on a Friday morning. Bad actors had found and exploited a weakness in the common information technology (IT) software for automated business operations, including the smart system between meters and billing software. The goal was to seize systems (including back-ups), quickly extract a reasonable bitcoin ransom, and quietly move on to the next business target. This had been going on for months with more than $90 million collected from all types of companies.
The unintentional consequences are now history– product stopped flowing, gas prices jumped, lines formed, citizens expressed outrage, the President vowed to implement protections, and even some called for military action–the absolute last thing the bad guys wanted. When the CEO of Colonial made the difficult decision to stop the hemorrhage of the product and to ensure the pipeline controls (i.e. valves, pumps, switches) were safe, it became a bad day for the bad guys as well.
Although the ransom was paid, Colonial’s systems took weeks and millions of dollars to recover. While the
6
forensic investigation is underway, one thing is clear– similar attacks are occurring in every business sector, with most of the victims remaining anonymous as
not to alarm investors or shareholders. The business model is ideal for bad actors to monetize a cyber vulnerability–very little expense, easy to deploy and a simple payoff. Every hacker, criminal or terrorist with a keyboard wants in, sometime with the protection
of host governments. And every business with cyber weaknesses are targets.
In 2020, ransomware attacks cost healthcare organizations nearly $21 billion and targeted more than 600 clinics, hospitals and organizations. Another global cybersecurity company reported that since January 2021, victims have ranged from the National Basketball Association, governments and schools to energy companies, international law firms, and automobile manufacturers. With damages from cybercrime expected to hit $6 trillion in 2021 (up from $3 trillion in 2015), the number of ransomware attacks will increase as more sophisticated and disruptive attacks promise bigger payoffs. Advanced technology in every part of society make it entirely possible that even your smart coffee