Businesses Fear Cyberattacks, Phishing During Hurricanes

Hurricane Florence could make companies vulnerable to cyberattacks as firms race to protect computer systems and networks ahead of the storm expected to hit the Southeast U.S. Friday, cybersecurity experts say.

Source: WSJ - Kim S. Nash and Catherine Stupp | Published on September 14, 2018

Reddit phishing attack

Corporate technology managers should expect more phishing attacks and intrusion attempts as cybercriminals target companies that are moving computers to fallback sites and switching on backup networking equipment, experts said. Employees, out of usual work routines and interacting with cybersecurity and technology staff they might not know, could be more susceptible to trickery.

“In an abnormal situation, you have different people involved, alternate ways of doing things and different technology,” said Dennis Devlin, a faculty member at the Institute for Applied Network Security and a distinguished fellow at researcher Ponemon Institute. “Every one of those introduces potential vulnerabilities.”

Cybersecurity infrastructure, including large systems for managing employee identities and detecting intrusions, tends to be more centralized than general data infrastructure, said Cory M. Mazzola, an executive fellow at the Tuck School of Business at Dartmouth College.

If floods, high winds and other hurricane effects take down a central cybersecurity system, a company’s data will be less protected, said Mr. Mazzola, who is a security operations executive at a Fortune 500 company.

“You might lose some critical tools that you need for the core mission of security,” he said. “If there’s a company that’s already a target for an adversary, [hackers] take the initiative now.”

Hurricane Florence, a Category 2 storm, is slow moving with maximum sustained winds of 125 miles an hour that is expected to make landfall in the Carolinas.

Choice Hotels International Inc. —which franchises around 150 Comfort Inn, Quality Inn and other hotels in the area—is advising employees there to avoid email as a primary means of communication. His team is encouraging direct messages and in-person communication instead.

“It might be as simplistic as they don’t have access to internet or it could be as concerning as cybercriminals targeting our employees during these times of crisis,” said Jason Stead, vice president for enterprise security, privacy and corporate IT at Choice Hotels.

Mr. Stead said he saw indications of cybercriminals increasing their efforts to target hotel employees during previous hurricanes.

After Hurricane Harvey last year, phishing attempts masked as donation campaigns were circulated on social media and over email. Choice Hotels has directed its security staff to pay special attention to hotels in the hurricane zone when they carry out centralized monitoring of the cloud-based technologies that all of its approximately 5,800 domestic hotels use.

The security staff adjusts criteria for monitoring suspicious activities during crises such as a hurricane, Mr. Stead said.

“If we see a number of unusual login attempts, we might during this period lower those thresholds so that we’re quicker in identifying potential issues before they even become an issue,” he said.

As companies shift technology operations to backup sites and issue emergency equipment, such as temporary networks or satellite phones, systems and data can be exposed, said Mr. Devlin, a longtime corporate security executive.

“Think of a crab shedding its shell. Moving from one to another is the most vulnerable time,” he said.