Counting the true costs of cyber-attacks on our systems.
Not a day goes by that the issue of cyber-attacks don’t arise in our daily life. Earlier this spring, political scientists in Israel published the first-ever experiments on the psychological effects of cyber-attacks, something that one of us ever consider the fall out on each and all of us.
The question posed was simple: do random acts of cyber terror increase feelings of anxiety, stress and panic in individuals?
Scientists at the University of Haifa, who conducted the study, found a rise in subjects’ levels of cortisol, the body’s stress hormone, when they experienced simulated cyber-attacks on computers and mobile phones.
“We definitely saw indications that cyber-crime results in feelings of insecurity, a rise in levels of threat perception and that, in turn, contributes to more militant political attitudes,” said one of the authors, Michael Gross.
While these experiments used a simulated cyber-attack on a few dozen subjects, the past year has seen three massive global cyber-attacks that crippled businesses of all shapes and sizes, infrastructure and public services including mission critical services such as doctors, hospitals and the NHS in the UK.
Each one was orchestrated, like an offline terror attack, to cause maximum disruption and panic rather than for financial gain. “Cyber-attacks are not benign. Even when no one suffers physical harm, the opportunity to cause anxiety and stress, instil fear and disrupt everyday life is immense,” the study reported.
In May, the WannaCry virus infected hospital systems, causing the UK’s NHS to cancel hospitalisations, operations and appointments. Last October’s Dyn attack brought down Netflix, Twitter, The New York Times and PayPal, among dozens of other internet services. One month later, the virus Bad Rabbitt attacked the PCs of readers to media based sites.
As Crisis Management consultants, we write about, and work directly with, companies and governments who struggle daily to cope with the fallout from a cyber-attack, but the longer-lasting impact on the human psyche has remained largely unexplored. Clearly, the anxiety prompted by cyber-attacks is different from that associated with “traditional” acts of terrorism that cause deaths and injury to civilians.
“Most forms of psychological suffering are not as intense, prolonged or irreversible as bodily injury or loss of life,” the Haifa researchers noted.
But they added: “Our analysis suggests that the psychological harm of cyber war can affect wellbeing nonetheless.”
Identity theft, online threats of personal harm and the disclosure of confidential data such as medical records can cause significant distress, impossible to fully quantify.
As cyber terrorists continue to up their game and become more sophisticated, attempts to disrupt infrastructure will, in future, lead to loss of life. For example, what happens if a cyber-attack coincides with a major incident such as a train being derailed?
So Government agencies have to learn fast.
Cyber-crime will soon become a physical threat to us. Critical infrastructure such as transport will become a risk to manipulation. Given the likelihood of further, more severe cyber-attacks, the question is how organisations and individuals can become resilient to the threat.
Gross contrasts it with real-life terrorism, where education and counselling are needed to aid recovery. “Perhaps governments provide digital safe rooms or back-up bandwidth in times of cyber crisis. Maybe even psychological interventions,” said John Roddy, a senior executive at Codec, an Irish IT company which is at the frontline of damage control, often helping clients after a cyber-crime.
He admitted that the corporate world was “in a state of urgency” when it came to dealing with the scale and virality of cyber-attacks. “The early 2000s was an era of mass cyber-crime, when viruses are released to disrupt with criminal intent. Today, with attacks like WannaCry and Bad Rabbitt we are entering the era of intelligence, moving from locks to surveillance to early detection.”
As professionals, we need to have faster and more efficient usage of smart strategies to help prevent cyber-attacks and minimise the impact they have on our work and our daily lives.