Bushfires and cyberattacks have a lot in common
The threat of a cyberattack is very much like the threat of a bushfire. And the effective response to both is very similar.
I was caught in the 2019 fires that approached and burnt the areas around Old Bar on the mid north coast. The fire came within 20 metres of our property, the timely intervention of water bombing helicopters prevented any real damage.
During those few days I thought how much a cyberattack is like a bushfire and that the key to surviving either has a lot to do with prior preparation. Using the bushfire analogy we will go through a cyberattack.
The bushfire season approaches
As the bushfire season approaches you will see coverage on making your preparations - tidying up around the property, removing combustible materials etc. From a cyber security perspective this is your general system maintenance, make sure your operating systems and applications are patched and up to date. Now is the time to conduct a cyber security audit to identify the issues and gaps in your system. This is your fireplan. Install and setup the required cyber security applications and programs.
With hot weather comes fire risk, if you are connected to the internet it is fire season. With respect to cyber security remember this – it is always bushfire season. Hackers do not take holidays or work to a season, the attacks and probes are continual and relentless.
Practice your plan and make yourself familiar with the equipment
To be effective in fighting a bushfire you need a plan, and you need to practice that plan – where are the hoses located, where is your protective clothing? In the context of information security this is ongoing staff training on cyber awareness. Run attack simulations to identify the staff that require further training. It is better to find out who needs extra instruction before a cyber event.
You see news of fires in other locations, some homes are lost
Once we are in bushfire season the news is filled with fires in other locations, and to you it all seems a bit distant and not something that will affect you. This is the state your organisation is constantly in, right now. Cyber events are occurring all around you in various organisations across the country. There were 249,448 reported scams in 2024. (www.scamwatch.gov.au)
Smoke on the horizon
Smoke appears on the horizon, it is a long way off, you are safe as long as the wind does not change. You know or hear of someone you know who is affected by the bush fire, one of your old university friends tells you of a cyber incident that has occurred in their department.
Red glow on the horizon
The bushfire is now only a few kilometres from your location. A wind change will either send the fire towards you or away from you. In a cyber context this is where the hackers have turned their attention to your organisation and are looking for a weakness or entry point. If you have prepared your IT systems properly the hacker will find it difficult to gain entry and will move onto another target.
Embers start falling around you
The wind has changed and is now pushing the fire towards you. In a cyber context the hackers have gained access to your information and data and are looking for something of value and ways to extract that information to monetise it.
It is now too late to leave, or in the case of a cyberattack, too late to prepare.
The fire front arrives
At this point one of two things will happen:
- the house will catch fire – your confidential information is successfully exfiltrated and used by the hackers for financial gain.
- fire crews arrive and put the fire out before any real damage occurs – your security systems prevent the hackers from removing or accessing the information.
The fire event it is very noisy and smoky, you cannot really see much and it is very difficult to breathe, and to think clearly for that matter. Here is where your cyber security planning and training come into effect. You and your staff will know exactly what to do and this will minimise the damage and cost to your business.
A well thought out business continuity and disaster response forms part of your cyber security plan. Where are you going to operate from, do you have a backup phone system (your mobile can be used for both data and voice in an emergency). In the midst of a cyberattack you could lose access to your computers and internet connection at your current location.
After the fire front has passed
You patrol your property and control any spot fires that may occur, checking for any embers that may still be able to cause a problem. This is the equivalent to monitoring audit logs and reports to ensure the intrusion has been dealt with effectively. Your cyber security IT partner will work with you to ensure there is no further damage and your information systems are secured.
Learn from the attack and move on. Interruptions to your ability to service your clients effectively can occur at any time. It could be a headline event like a bushfire, but equally, being caught at an airport with a delayed flight could have the same impact for you.
On a specific note about communications during a bushfire (or any natural disaster) the mobile phone network becomes saturated and you will find it difficult to connect to the network to make voice calls. Remember in most instances power will be out which removes the NBN and other services that are reliant on power. Texting/SMS continued to work albeit in a delayed manner. Texts would go out and come in when bandwidth was available. Keep that in mind when making your disaster recovery plans.