Take a Look at the Visible Impact of a Cyberattack
To begin this chapter, I’d like to explore the impact that a cyberattack can have. To do this, we’ll take the fictitious example of an attack that took place at Everwell Hospital. Let’s take a look at the impact on the hospital teams:
Follow the Latest News on Cyberattacks
Cyberattacks don’t just affect hospitals. They affect all types of organizations:
whatever their size (from very small businesses to multinationals).
whether for-profit (businesses) or not-for-profit (NGOs, charities, foundations, etc.).
whatever their business sector (banking, industry, services, etc.).
whether they are in the public sector (government agencies, hospitals, etc.) or private sector (businesses).
Private individuals can even be affected, through the theft of credit card data or personal data through scams.
Organizations and individuals alike hold data that is highly valuable not only to themselves, but also to their commercial competitors and other third parties! Having access to this data means knowing confidential information (industrial, strategic or commercial trade secrets, personal data, financial data) and being able to use it to cause harm to the target (espionage, making money by reselling data, disclosing information that could damage the organization’s image). We’ll come back to what motivates attackers later in the course.
But why are cyberattacks increasingly making headlines?
Firstly, the number of cyberattacks is growing, not least due to the widespread and visible use of information technology by public and private organizations for their own needs and in their dealings with each other and private individuals.
The legal requirement to report any personal data leaks has also made cyberattacks more visible.
But most of all, they are more visible because of the major impact they cause:
Operational impact: the organization’s usual business operations are hampered or made impossible. This is what happens in a hospital when a ransomware attack makes it impossible to treat patients.
Reputational impact: the victim organization’s image is damaged—customers lose confidence, and may turn to competitors.
Financial impact: the victim organization may lose market share as a result of an attack.
Legal impact: some cyberattacks reveal a failure to comply with regulations and laws, such as the requirement to secure certain types of data. Failure to comply with these laws and regulations can lead to regulators imposing fines on the organization. For example, local authorities acting as data regulators may require a hospital that was hit by a personal data leak to pay a fine for poorly securing its IT system. The legal impact may also involve non-compliance with contractual commitments to third parties, such as customers.
Impact on people: an attack can affect the morale and physical well-being of some people. This is what happened at the Everwell Hospital, with patients experiencing stress due to postponed operations, and possible effects on patient health due to delayed treatment.
Let’s Recap!
In this chapter:
you discovered how a cyberattack on a hospital can affect its stakeholders.
you learned about the initial actions that internal teams take in response to a cyberattack.
you also gained an understanding of the significant and visible impact of cyberattacks on all types of organizations and individuals.
Now that cyberattacks are a fact of life, it’s time we learned more about them! See you in the next chapter to discover the world of the attackers!
