Behind the Hack: "Vodafone"

Company: Vodafone
Industry: Telecommunications
Date of attack: February 7, 2022
 
Quick take: On February 7, Vodafone Portugal was the victim of what the company described in a press release as a “deliberate and malicious cyberattack aimed at causing damage and disruption.” The attack had wide-ranging consequences, affecting the company’s 4G and 5G networks, TV, SMS, and digital answering services. 
Why it matters: The Vodafone attack is a reminder that cyberattacks in the telecommunications industry are among the most disruptive for consumers. Beyond the thousands of customers who were unable to get online, make calls, or use the compromised network for other purposes, one of Portugal’s largest banks reported that its ATM network (which uses Vodafone’s 4G service) encountered problems after the attack. This is an example of how interconnected digital systems are today – many industries (in this case, financial services) are reliant on telecommunications companies to maintain their basic operations. 
We’ve got a hack for that: The Vodafone attack reinforces several points that NINJIO makes frequently in our cybersecurity awareness training content. 
It’s important to recognize that a sprawling array of networks, systems, and organizations can be affected by a single cyberattack. Beyond the impact on the financial services industry in Portugal, emergency services and hospitals were also affected by the Vodafone attack. NINJIO episodes often emphasize the fact that a single attack can have vast (and even deadly) repercussions. Season 6, episode 9, titled “Safety In Numbers – And Letters,” opens with a story about pharmacies and clinics that can’t access critical health information in an emergency due to systems that were frozen by a cyberattack. 
According to Vodafone, the “scale and severity of the criminal act to which we have been [subjected] implies for all other services a careful and prolonged recovery … involving multiple national, international and external partners.” Significant disruptions like this demonstrate why NINJIO is focused on proactive cybersecurity education. In an upcoming report, we point out that many companies wait until after a cyberattack to adopt a more robust training platform, which can have devastating financial and reputational consequences. 
Companies have to ensure that their educational programs are proactively teaching employees how to identify and prevent cyberattacks, which will help them establish a cyber-aware culture.