NEW YORK -

Using what a trio of economists from the Federal Reserve Bank of New York considered to be the most damaging cyberattack in history, they recently updated an in-depth examination of cybercrime while offering three suggestions that could benefit finance companies and other firms that are entrenched online.

Matteo Crosignani, Marco Macchiavelli, and André Silva from the New York Fed arrived at their assertions after reviewing the incident triggered by NotPetya, which was released on June 27, 2017 and targeted Ukrainian organizations in an effort by Russian military intelligence to cripple critical Ukrainian infrastructure and caused an estimated $10 billion in damages.

The economists also pointed to other cyberattacks to happen this year, notably the ransomware demands placed on the Colonial Pipeline, when compiling their suggestions in the report titled, “Pirates without Borders: The Propagation of Cyberattacks through Firms' Supply Chains.”

To wrap up the 44-page report that can be downloaded here, Crosignani, Macchiavelli and Silva wrote: “First, our results show the crucial need for better cybersecurity. This includes more compartmentalization of the network infrastructure, more scrutiny on the cybersecurity of third-party suppliers, and at least one backup facility that is offline at any time.

“Second, firms need to improve their risk management and contingency planning with the goal of continuing activities in the event that anyone of their suppliers is unable to provide goods and services. The resilience of a supply chain rests on having multiple options for each intermediate good or service, so that no single supplier is irreplaceable,” they continued.

“Third, the intelligence community should establish credible deterrence for cyber-aggressions of the magnitude of NotPetya, so that state-sponsored hackers at least have an incentive to put in place controls to make sure that the attack does not spread beyond its intended reach,” they went on to say.

In an accompanying blog post on Liberty Street Economics, Crosignani, Macchiavelli and Silva mentioned the critical part banks can play in handling cyberattacks.

“We also point out the role of bank credit in enabling affected customers to absorb the shock. Importantly, in this specific event, banks were not hit by the NotPetya cyberattack and could provide credit to firms,” they said. “A potentially more devastating scenario could have occurred had banks been hit as well, potentially making them unwilling or unable to provide additional credit.”