SecurityBrief UK - Technology news for CISOs & cybersecurity decision-makers
Story image

Johnson Controls faces $27M loss after Dark Angels cyberattack

Fri, 20th Sep 2024

Cyberattacks have become an ever-present threat in today's interconnected world, with businesses of all sizes and industries increasingly targeted by cybercriminals.

Such incidents can cause significant damage and long-lasting repercussions. Kaspersky has examined the impact of cyberattacks on businesses, highlighting the various kinds of losses they can suffer if not adequately protected.

A primary concern regarding cyberattacks on businesses is financial losses. An illustration of the severe financial impact is the attack on Johnson Controls, a major player in the building technology sector. The company experienced a ransomware incident orchestrated by the Dark Angels hacking group. The attackers allegedly stole 27 terabytes of sensitive data and demanded a $51 million ransom. This breach resulted in disruptions to Johnson Controls' systems and over $27 million in damages.

The attack significantly affected Johnson Controls' operations, interrupting billing systems and increasing recovery expenses. As a globally operating company, the breach also had a profound impact on its business relationships and operations.

Cyberattacks often result in direct financial losses, such as ransom payments to restore access to data or stolen funds. Beyond these immediate losses, there are numerous indirect financial consequences. These may surpass the initial financial impact of the incident, leading to considerable long-term financial strain on the business.

Operational disruption is another significant consequence of cyberattacks. Businesses heavily depend on digital infrastructure for daily operations. A compromised system can lead to a decline in productivity. In severe cases, operations may be halted for days or weeks, causing lost revenue, lower service quality, and dissatisfied clients and partners. This can further damage the company's reputation.

Long-term financial impacts often follow a cyberattack. Businesses may need to invest in restoring systems, improving cybersecurity infrastructure, and managing legal issues. Additionally, rebuilding lost business and damaged customer relationships can take considerable time.

Reputational damage is another critical consequence. If customer data is breached, it can severely undermine the trust clients place in the business. This loss of trust can result in clients leaving and a prolonged decline in business. In extreme cases, a single breach can irreparably harm a company's public image.

Legal and compliance issues also arise from cyberattacks. Data protection regulations such as GDPR in Europe or HIPAA in the U.S. impose heavy fines for data breaches. Failure to secure sensitive customer or employee data can lead to penalties and lawsuits. Companies often face protracted legal battles following a breach, which exacerbates the financial and reputational damage.

For many businesses, intellectual property (IP) is a valuable asset. Cyberattacks targeting IP can result in the theft of product designs, marketing strategies, and proprietary information. This is particularly detrimental in competitive industries such as technology and pharmaceuticals, where IP theft can destroy a company's competitive edge.

"Attackers are never idle - they're like wolves who must be constantly active to catch their prey off-guard. So, companies need to be ever more alert and agile. They must be sure they have the right solutions and processes to allow for effective threat discovery and containment, as well as swift recovery," commented Oleg Gorobets, Security Evangelist at Kaspersky. He added, "At Kaspersky, we're deeply committed to delivering the agile security that businesses need. Proactive assessments and multi-layered protective solutions, plus managed security and actionable threat intelligence - we have it all. What's more, we have the expertise to put together the exact cybersecurity structure for your individual profile. Only a consistent and comprehensive approach, like this one, can ensure true business resilience against today's cyber risks."

Kaspersky has offered several recommendations to help businesses stay ahead of cyber threats and maintain resilience. These include using comprehensive next-generation security solutions, considering managed security services like Kaspersky MDR, regularly updating software, and setting up offline backups. They also suggest transforming the workforce into an additional layer of protection through security awareness programs and employing professional services to optimise IT security.

Follow us on:
Follow us on LinkedIn Follow us on X
Share on:
Share on LinkedIn Share on X