Shelly Palmer

Are We on the Brink of the First Cyber World War?

Yahoo recently reported the largest hack in history, WikiLeaks is releasing hacked DNC emails at an alarming rate, and according to NBC News “the Obama administration is contemplating an unprecedented cyber covert action against Russia in retaliation for alleged Russian interference in the American presidential election.” Are we on the brink of the First Cyber World War? Even if the current rhetoric just exacerbates unofficial nation-state-backed cyberterrorism, there is still a significant danger. Are you prepared to function offline? If not, it’s time for some serious business continuity planning, a few muster drills and, most importantly, a tactical approach to disaster recovery.

My Company Does All That for Me

Most well-run businesses have some version of a Disaster Recovery Plan (DRP). The concept has been around forever. But what is your personal DRP? What if you were locked out of your main email account? What if you did not have access to online banking? What if you could not get online? What if the location-based services on your smartphone would not function? No maps, no Waze, no Uber, no Lyft, etc.? Do you even own a paper map?

It’s Time

Not for nothing, I don’t think strong passwords are going to cut it anymore. It’s time to back up your computer and your smartphone and to do your best to safeguard your important files, pictures, recordings and videos (especially original material that cannot be replaced).

Quite a bit has been written about how to back up your data. I won’t rehash it here. The general theory is to have your data replicated in a couple of places. Services such as Dropbox, Box, Google Drive, iCloud, and the like all offer various versions of instantaneous synching between your local storage and the cloud. But most smart people also backup locally to an external drive with tools such as Time Machine (Mac) or File History and Windows Backup and Restore (Windows 10). A backup on a local, physical hard drive that is not connected to the public Internet is a very good idea.

If you’ve opted in to paperless billing, you should also consider printing out bank statements and any other financial or medical documents that you are likely to need if you are cut off from your cloud storage or if your files are maliciously erased.

I Can Always Access the Cloud

While it’s true that there are multiple ways to access your cloud services (Wired or wireless Internet at home or work, public WiFi, a friend’s Wired or WiFi connection, the 3G or 4G wireless networks, etc.), it is possible for a cyber-attack to damage or destroy both wired and wireless connectivity at the same time.

A natural disaster caused it to happen in New York City on Monday, October 29, 2012, during Hurricane Sandy. By midnight, power was knocked out below 39th Street – it did not return for a week. VoIP (Voice over Internet Protocol) phone lines stopped working as their battery backups drained. Even the old copper wire telephone network was down where the cables were submerged. Cell service was gone by late Tuesday evening and spotty (if you could charge your phone) until the end of the week. All VoIP phone communication was down by Wednesday. There was no Internet, no power, no water pressure, no traffic lights, no street lights, no basic social services – and Manhattan got off easy. The effects were much, much worse in the greater New York Metro and in New Jersey.

All in, it is estimated that Superstorm Sandy caused $65 billion in damages in the US alone. A cyber-attack wouldn’t destroy buildings or roadways, so you might think it would not be as costly. But that would depend on the extent of the damage and the duration of the event.

Data Doomsday Scenarios

I wrote an article in February last year entitled Data Doomsday Preppers, which was my reaction to the thesis of NatGeo’s “Doomsday Preppers” TV show. In homage to all of the cyber-tough-talk this week, let’s re-examine some of the data doomsday scenarios from my previous post.

Tomorrow morning:

None of this may ever happen. In fact, it probably won’t. What will happen is something no one has thought of (or prepared for). That’s the nature of a successful attack.

So back up your data. Practice a day offline. And make sure you know whom to contact, how to contact them and what to do when (not if) something unfortunate happens in our data-dependent, online world.