The Long Tail Impacts of Cyber Events
12–10–2024 (Tuesday)
Hello and welcome to The Intentional Brief - your weekly video update on the one big thing in cybersecurity for middle market companies, their investors, and executive teams.
I’m your host, Shay Colson, Managing Partner at Intentional Cybersecurity, and you can find us online at intentionalcyber.com.
Today is Tuesday, December 10, 2024, and while it’s tempting to just give you some of the relevant updates to what we’ve been covering on the show lately (Blue Yonder, Salt Typhoon, Transport for London, etc.) - that misses the bigger story here around the long tail of cyber events.
The Long Tail of Cyber Events
We have talked about this idea before in passing, but I think it’s worth focusing on this week because we’ve got some good, salient examples in different stages, industries, and impacts that might help you in your own planning and risk management approaches.
So, what do we mean by the “long tail” of these events?
Quite simply, it’s the idea that the impact extends far beyond whether a system is up or down, whether data is encrypted or not, whether the breach notifications have been filed. These impacts ripple out for weeks, and months, and quarters, and sometimes even years into areas that are often surprising, given our interconnected nature as both a society and industries / technologies.
The most direct way to quantify this long tail, of course, is financially - which is something we’re learning more about from the good folks at Transport for London, whom you may remember were attacked by a single 17 year old in September.
In an update to their Board provided last week, they noted they have already “spent £5m on incident response, investigation and remedial cyber security measures in the past three months.”
As a result, “previous forecasts of an operating surplus of £61m had now been slashed to £23m, largely due to the financial impact of the security incident.”
The quantified impact is now exceeding £30m - and growing.
Meanwhile, here in the US, the ransomware woes at logistics firm Blue Yonder continue, with reports noting they are the victims of a new group of attackers known as Termite, a group who “uses a double extortion method, extorting victims for a decryptor in order to prevent the release of stolen data.” Others are noting that they are using a zero-day vulnerability in a set of popular file sharing appliances - with the potential to create even more impact.
For their part, Blue Yonder continues the pattern of obfuscation, noting in their most recent update only that: “We are aware that an unauthorized third party claims to have taken certain information from our systems. We are working diligently with external cybersecurity experts to address these claims. The investigation remains ongoing.” - now on Day 20.
For their part, the Termite group is claiming that they have 680 gigabytes of data, including databases, email lists, documents, reports, and insurance information and will begin sharing it soon. So - it looks like this are going to get worse for Blue Yonder before they get better.
Others in the US are struggling, namely telecoms, as the impact of the Salt Typhoon breaches continues to be better understood. Reuters is now reporting that “The White House last week said at least eight telecommunications and telecom infrastructure firms in the United States had been impacted and a large number of Americans' metadata has been stolen.”
The point of all of these updates is that there’s always more to the story - more impact, more money, more cleanup, and that we should ensure that we’re planning for the scopes we’re likely to actually encounter. It’s common to think that an incident ends when the systems are back up, but the truth is far from that convenient. Plan accordingly.
Fundraising
From a fundraising perspective, we’re back in the middle of the pack with more than $8.8B in newly committed capital this past week, though the majority of that was from Temasek, the Singaporean sovereign wealth fund, who launched a private credit platform with a $7.5b initial portfolio.
The Wall Street Journal has a piece out noting that “Tapped Out Private Equity Investors Decline New Commitments” - largely as a function of their liquidity crunch - while the Financial Times is calling the $35B in US M&A that was announced JUST YESTERDAY “Merger Monday” and attributing it to the certainty we’re offered now post-election.
Regardless, I think we’re going to find ourselves in new markets, with new mechanics, in 2025 and beyond - and in this market, cyber resilience is going to matter even more.
With that, a reminder that you can find links to all the articles we covered below, find back issues of these videos and the written transcripts at intentionalcyber.com, and with that, we’ll see you next week for another edition of the Intentional Brief.
Links
https://www.computerweekly.com/news/366616875/TfL-cyber-attack-cost-over-30m-to-date
https://www.cybersecuritydive.com/news/blue-yonder-data-leak-ransomware/734987/
https://blueyonder.com/customer-update
https://www.wsj.com/articles/tapped-out-private-equity-investors-decline-new-commitments-b2f16747
https://www.ft.com/content/01eb5105-bf2b-48dc-9aa5-00d470dcf908