Quite often when we think about hackers, we imagine there is someone looking to gain something of value from us. In response, we plan our computer and network security strategy with this in mind. For example, many attacks have targeted credit cards as companies like Target have learned about the hard way. Their breach cost them hundreds of millions – $200 million actually and counting. In other examples, companies find their files encrypted and are unable to work because of a CryptoLocker or other RansomWare virus which scrambles all their files until a ransom is paid. These attacks doubled in 2015 by the way. In fact, Kaspersky Lab’s experts found that in 2015, 58% of corporate PCs were hit with at least one attempted malware infection, up 3% from the earlier year.
All companies need to plan a proper cybersecurity strategy and doing so requires you to read sophisticated and voluminous documents from the FCC, FINRA and the SEC, among others. When you do, you realize that the first step in proper cybersecurity planning is to determine what critical information you have to protect. Typically, this includes credit card numbers, government IDs, strategic plans and other similar items. The next step is to analyze the threat to this information. Most come from competitors and politically motivated individuals.
The challenge is, many companies don’t take into account the politically motivated – a disgruntled former employee or other person with some agenda. This is why it’s worth noting the recent DDOS attack on Nissan’s website due to Japanese whaling policies. Anonymous took credit for incapacitating the website of the maker of the street racing legend, GT-R.
The point is, who would have thought that whaling and website uptime are correlated? Moreover, if they are, then anything correlates to anything else. A hacker might take down your website because your founder wore fur or your CEO drives a car with real leather seats, not the new vegan type from Tesla.
It’s probably not an easy thing to determine damage from such an attack if your site isn’t actively bringing in money which you can measure on an hourly basis but there is sure to be reputational damage here as well as some buyers going to another car company’s website and purchasing from them instead of Nissan.
As of this writing, the site was still down and it has been down for many hours.
The bottom line is training would have helped Nissan potentially avoid the highly damaging outage they are currently experiencing. No company is immune from these attacks and with more of your applications moving to the cloud, such outages could be devastating to your corporate productivity as well as your image and online sales.
Nissan USA was not immediately available to give a statement regarding the outage. Update:
“At Nissan, customer privacy and security is of utmost importance, and we take any potential threat to our information systems seriously. Because of a potential distributed denial of service attack, we are temporarily suspending service on our websites to prevent further risks. Nissan continuously monitors and takes aggressive steps to ensure the protection of our information systems and all of our data.”
Enjoy this video of Nissan GT-R passengers enjoying Launch Control
Disclosure: I am also CEO of a company which also provides cybersecurity services such as training, Anomaly Detection and Analytics which can reduce the likelihood your workers and management will become victims of an attack.