Cybersecurity Breach Results in $54M Loss in Earnings
When a cybersecurity professional says it’s cheaper to implement cybersecurity on the front end rather than the back end or after a breach, those words couldn’t be more accurate. You may have seen the thumbnail for this blog post and had a good chuckle. However, the story behind the thumbnail is no laughing matter for business owners. The thumbnail is what a CEO or CFO looks like after realizing they’ve lost $54 Million!!
Empire Company Limited (Empire), Canada’s second-largest grocery chain owner that operates Sobeys, Freshco, IGA, Farm Boy, and Safeway, announced a whopping $54 million loss due to a cybersecurity event. The article posted on Yahoo Finance goes into the breakdown of the cost.
In November of 2022, CBC reports, Empire acknowledged an “information technology system issue” disrupting some services, including filling prescriptions at pharmacies. It was also reported that “somebody higher up got an email and clicked a link they weren’t supported too.”
This ransomware attack heavily impacted stores. Sobey’s couldn’t order from warehouses what they needed, leading to “getting all kinds of weird stuff that we haven’t seen in decades.” Scheduling and payroll were impacted. Employees were paid and told that if they were overpaid, they’d have to repay that money to the company. There were also impacts on customers as well as food security concerns.
Besides not clicking links from people you don’t know or untrusted sources, the lesson in this example is information system contingency planning. Does your business have an information system contingency plan? Does your company have a strategy involving plans, procedures, and technical measures that enable the recovery of information systems, operations, and data after an unplanned disruption?
Information system contingency planning represents a broad scope of activities to sustain and recover critical system services following an emergency cyber event. Information system contingency planning fits into a more comprehensive security and emergency management effort, including organizational and business process continuity, disaster recovery planning, and incident management.
There are several types of contingency plans needed by an organization. Below are the plan types, purpose, scope, and plan relationship.
| Plan Type | Purpose | Scope | Plan Relationship |
| Business Continuity Plan (BCP)
|
Provides procedures for sustaining mission/ business operations while recovering from a significant disruption. | Addresses mission/ business functions at a lower or expanded level from Continuity of Operations (COOP) mission-essential functions. | Mission/business process-focused plan that may be activated in coordination with a COOP plan to sustain non-mission-essential functions. |
| Continuity of Operations (COOP) Plan | Provides procedures and guidance to sustain an organization’s mission essential functions at an alternate site for up to 30 days, mandated by federal directives. | Addresses mission-essential functions at a facility; information systems are addressed based only on their support of the mission-essential functions. | Mission-essential functions focused plan that may also activate several business unit-level BCPs, Information System Contingency Plans (ISCPs), or Disaster Recovery Plans (DRPs), as appropriate. |
| Crisis Communications Plan | Provides procedures for disseminating internal and external communications; means to provide critical status information and control rumors. | Addresses communications with personnel and the public; not information system-focused. | The incident-based plan is often activated with a COOP or BCP but may be used alone during a public exposure event. |
| Critical Infrastructure Protection (CIP) Plan | Provides policies and procedures for the protection of national critical infrastructure components, as defined in the National Infrastructure Protection Plan. | Addresses critical infrastructure components that are supported or operated by an agency or organization. | Risk management plan that supports COOP plans for organizations with critical infrastructure and key resource assets. |
| Cyber Incident Response Plan | Provides procedures for mitigating and correcting a cyber attack, such as Denial of Service (DoS), Distributed Denial of Service (DDoS), exfiltration, etc., which may be executed by a virus, worm, Trojan horse, or other malicious software (malware). | Addresses mitigation and isolation of affected systems, cleanup, and minimizing loss of information. | Information system- focused plan that may activate an ISCP or DRP, depending on the extent of the attack. |
| Disaster Recovery Plan (DRP) | Provides procedures for relocating information systems operations to an alternate location. | Activated after major system disruptions with long-term effects. | Information system- focused plan that activates one or more ISCPs for recovery of individual systems. |
| Business Continuity Plan (BCP) | Provides procedures for sustaining mission/ business operations while recovering from a significant disruption. | Addresses mission/ business functions at a lower or expanded level from Continuity of Operations (COOP) mission-essential functions. | Mission/business process-focused plan that may be activated in coordination with a COOP plan to sustain non-mission-essential functions. |
| Information System Contingency Plan (ISCP) | Provides procedures and capabilities for recovering an information system. | Addresses single information system recovery at the current or, if appropriate, alternate location. | Information system-focused plan that may be activated independently from other plans or as part of a larger recovery effort coordinated with a DRP, COOP, and/or BCP. |
| Occupant Emergency Plan (OEP) | Provides coordinated procedures for minimizing loss of life or injury and protecting property from damage in response to a physical threat. | Focuses on personnel and property particular to the specific facility, not mission/business process or information system-based. | Incident-based plan that is initiated immediately after an event, preceding a COOP or DRP activation |
We are available to you and your company to discuss your organizational needs. Contact us for support developing and implementing contingency mitigations or other cybersecurity practices. Our team of cyber professionals is prepared to support you.
