Keep Your Network Safe From the Double Trouble of a ‘Compound Physical-Cyber Threat'Keep Your Network Safe From the Double Trouble of a ‘Compound Physical-Cyber Threat'

As if the escalating threat of a cyberattack or natural disaster alone weren’t enough to make businesses sweat, they also have a very real two-headed monster to deal with: a cyberattack purposely timed with a natural disaster or extreme weather event to prey on businesses and infrastructure when they’re especially vulnerable.

This phenomenon, a “compound physical-cyber threat,” where a cyberattack is intentionally launched around a heatwave or hurricane, for example, would have outsized and potentially devastating effects on businesses, communities, and entire economies, according to a 2024 study led by researchers at Johns Hopkins University.

“Cyber-attacks are more disruptive when infrastructure components face stresses beyond normal operating conditions,” the study asserted.

Businesses and their IT and risk management people would be wise to take notice, because both cyberattacks and weather-related disasters are increasing in frequency and in the cost they exact from their victims. In the US, cyberattacks have risen by 56% year-over-year in 2024, according to Check Point. At an average cost of almost $4.9 million per data breach in 2024, 10% higher than in 2023, according to IBM and the Ponemon Institute, the financial risk associated with a cyberattack is also growing.

Related:Forrester Panel: Government Cybersecurity Leaders Discuss Next Steps for Zero Trust

It’s a similar story with the physical side of the two-headed monster. Through October, the US already had recorded 24 billion-dollar weather and climate disaster events in 2024 at a total cost that’s expected to exceed $160 billion once damage from hurricanes Helene and Milton is fully tabulated.

In a risk-fraught landscape like this, now is the time for organizations to ensure their cyber defenses are sophisticated enough to protect their business operations, IT infrastructure, data and other assets from the disruption that weather-related disasters can invite, and the damage the two-headed cyber-physical threat can inflict. Follow these five best practices to guide you during the process:

1. ASSESS: Conduct a risk analysis to gauge your organization’s current level of protection. Your first step should be to evaluate the state of your company’s cyber defenses, including communications and IT infrastructure, and the cybersecurity measures you already have in place—identifying any vulnerabilities and gaps. One vulnerability to watch for is a dependence on multiple security platforms, patches, policies, hardware, and software, where a lack of tight integration can create gaps that hackers can readily exploit. Consider using operational resilience assessment software as part of the exercise, and if you lack the internal know-how or resources to manage the assessment, consider enlisting a third-party operational resilience risk consultant.

Related:The Expanding Dark Web Toolkit Using AI to Fuel Modern Phishing Attacks

2. PLAN: Develop an operational resilience blueprint. Take what you learn from the risk assessment to develop a detailed plan that outlines the steps your organization intends to take to preserve cybersecurity, business continuity, and network connectivity during a crisis. Whether you’re a B2B or B2C organization, your customers, employees, suppliers and other stakeholders expect your business to be “always on,” 24/7/365. How will you keep the lights on, the lines of communications open, and your network insulated from cyberattack during a disaster? Your plan should identify and prioritize protective strategies for on-premises hardware and brick-and-mortar IT infrastructure (like data centers) as well as digital infrastructure. And because an organization’s risk profile will tend to shift over time, be sure to revisit that plan annually, updating it as needed.

3. SHIFT: Consider a move to the cloud. Aging network communications hardware and software, including on-premises systems and equipment, are top targets for hackers during a disaster because they often include a single point of failure that’s readily exploitable. The best counter in many cases is to move the network and other key communications infrastructure (a contact center, for example) to the cloud. Not only do cloud-based networks such as SD-WAN, (software-defined wide area network) have the resilience and flexibility to preserve connectivity during a disaster, they also tend to come with built-in cybersecurity measures.

Related:Emergence of Preemptive Cyber Defense: The Key to Defusing Sophisticated Attacks

4. FORTIFY: Shore up your cyber defenses. Phishing, ransomware, third-party associate attacks—the cyber threats that businesses must protect against are growing more nefarious and persistent. And that means a business isn’t fully protected without multiple cyber defense layers in place. Those layers could include, for example, a next-generation firewall, zero-trust network access (ZTNA) and/or cloud access security brokers (CASBs). Even small and midsized businesses are putting measures like this in place.

In some cases, the risk analysis could suggest an even stronger security stance is warranted. Indeed, many businesses today are embracing a multi-layered, enterprise-level cybersecurity strategy that incorporates a software stack based in the cloud, such as SASE (secure access service edge) or SSE (security service edge) to secure all endpoints, users and applications on their network.

As a fully converged, cloud-based package that bundles network connectivity (via SD-WAN) with multiple security layers into a single managed service, SASE is perhaps today’s cybersecurity gold standard for a business. SSE is similar to SASE with one big difference: It’s network-agnostic, meaning it can be integrated with an existing network without requiring a shift to SD-WAN.

Also as part of the fortification effort, you may want to consider enlisting a third-party cybersecurity expert. As managed services, SASE and SSE come with an expert built-in that serves as an extension of your own internal IT and cybersecurity teams and a first responder should disaster strike—someone to integrate, configure, implement, monitor, update and troubleshoot the entire security package for you. That’s important nowadays, with IT teams running lean and challenged to attract and keep cybersecurity talent.

5. TEST: Conduct a simulation to stress-test your plan and your network. Now it’s time to see how your operational resilience plan, network and cybersecurity measures perform under simulated disaster and cyberattack conditions. Conduct a simulation (perhaps using incident simulation software and/or a third-party cybersecurity expert), then address any remaining deficiencies.

This final step is a crucial one, because the day soon may come when the dreaded two-headed monster tests your organization’s cyber defenses. Here’s hoping they’re up to the task.