What Lessons Can You Take From the Cyber Attack on Vodafone Portugal?
On the night of February 7th 2022, Vodafone Portugal was targeted by hackers. With most of the network down and 4.3 million subscribers losing mobile service for several days, it was more than just Vodafone that felt the effects.
Businesses and emergency services, such as ambulance operators and fire departments, were unable to make calls or use the internet, while Vodafone scrambled to get back up and running.
In a statement on February 8th, Vodafone said this was “a deliberate and malicious cyberattack intended to cause damage and disruption.” Commenting on the bleakness of the situation, they added “unfortunately, the scale and seriousness of the criminal act to which we were subjected implies careful and prolonged work for all other services. This will be a recovery process that involves multiple national and international teams and external partners.”
Wondering why you haven’t heard about the Vodafone cyber attack yet? It didn’t get a whole lot of publicity, but this is exactly the kind of infrastructure attack that shows up in scenario planning for businesses.
Understanding the impact of such an attack and how businesses can work them into their BCP (business continuity planning) can minimise your risk of landing the same fate as Vodafone.
Working cyber attacks into your BCP
The best defence against these kinds of attacks is planning. Businesses of all sizes should carry out regular scenario planning to protect your IT infrastructure as well as the customers that depend on it. As more of our lives are spent in the digital space, threats are on the up - and even small companies with small amounts of data should tread carefully to minimise any vulnerabilities in cyber security.
Think about the potential cyber risks out there, how you’ll manage them, and the actions you’ll take to minimise any fallout if your business does become a target.
In your cyber scenario planning sessions, cover the following:
- Carry out a cyber security audit to identify your strengths and weaknesses
- Install firewall/anti-virus software
- Identify cyber threats (think about everything from password vulnerabilities to ransomware)
- Cover the motive and method of each threat
- Measure the risk level of each threat
- Lay out your risk management and risk treatment action for each cyber threat
We’re only scratching the surface here. Your BCPs should go much deeper than this to really arm your business against cybercriminals. But don’t stress: The IT Department is all over the cybersecurity world, and we can help keep your business and its data safe. Just get in touch.
What’s your response plan if you’re the target?
Not to overwhelm you here, but as a business, there are two response plans you need to think about:
- What if you’re the target?
- What if a service you depend on (like Vodafone) is the target?
In other words, while you can carry out your own cyber planning, what happens to third party businesses you depend on is out of your hands. If your phone or internet carrier is hit with a cyber attack and becomes out of use for a few days, what’s your back-up plan?
It took Vodafone days to restore all services, and we can only imagine the stress and chaos this caused both the commercial companies and medical services that relied on the mobile group. The majority of these types of cyber attacks can be prevented - as long as businesses are working them into their business continuity planning.