Hacking is a growing and sophisticated industry. 2017 continued to see more and more breaches – many make the news – and there are many we never hear of.
The Wannacry ransomware hit hundreds of thousands of computers in over 150 countries in the first half of 2017 - particularly those running older versions of windows.
The Petya virus also attacked and crippled businesses – the most visible the pharmaceutical company, Merck, and cost them $135 million in revenue.
At least 14 million Verizon customer records were found on an unprotected Israeli server, exposing names, cellphone numbers, and account pins of clients.
Bell Canada had 1.9 million client records stolen, with an accompanying demand for ransom.
Virgin America had it’s employees user names and passwords stolen.
Deloitte, one of the biggest tax and consulting firms was hit by an attack where hackers accessed their administrative sites and gained access to their email system and client records.
And in an unprecedented breach of personal and financial data, Equifax was breached by a hack that impacted 145.5 million people.
In 2016, more big companies were hit – exposing data in major corporations including Wendy’s, Citibank, Dropbox, Yahoo, and public voter data from the DNC.
There are countless more in recent years that haven’t been reported, and the costs are skyrocketing.
According to the Ponemon Institute's 2017 Cost of Cyber Crime study, there has been a steady increase in the average global cost of cyber crime, with significant growth in the past 2 years. There was a 27.4% increase in 2017 alone.
Source: Ponemon Institute's 2017 Cost of Cyber Crime study
The dark web has opened up the opportunity for those that want to hack into systems. No longer do people have to have sophisticated skills to break into systems. They can buy the tools through a marketplace, or hire a hacker. Their identity can be anonymized in the deep web. They can pay through digital currency. Simply put, their transactions can’t be tracked. Just as you can purchase goods instantly on your favorite shopping sites today, hackers can anonymously shop in marketplaces for the tools and resources to break into your systems. Their transactions can’t be tracked and their damage can be significant and widespread.
To complicate matters, and increase the likelihood of a successful attack, there are now many more opportunities to break into systems. With the growth of wireless and mobile devices, wearable, and the internet of things there are even more access points. Distracted users open phishing emails. Wireless traffic gets exposed. More devices are deployed with fewer security protections.
And this market – with the easier access through the dark web marketplaces, and the increased exposure through internet connected devices – grows because its lucrative. Hacking can be monetized. And with money - criminals follow. A 2017 Carbon Black report, ‘Beyond the Hype’ shared research showing the major targets of cyber attacks.
Hacking hasn’t always been about money – historically hackers broke into systems because they could – many because it gives them a thrill – simple entertainment. Then there are those that believe they should – to show security gaps and to alert others that our data is not safe. These are your technical guys. But now that the potential for monetary gain is increasing, and the access to systems is exploding – the opportunity is ripe for the criminal element to attack. There are now well organized groups from around the world that break into systems for financial gain or to further a political agenda leveraging the dark web to communicate and coordinate – and attack your systems and steal your data.
Source: Carbon Black "Beyond the Hype" research report 2017
There are no limits to who is at risk from cybersecurity attacks. Utilities, government agencies, corporations, and individuals are all exposed. And now that the largest companies have more sophisticated strategies in place, smaller companies are even more at risk as hackers try to find softer targets. These worms and viruses spread fast – they can automatically replicate – hitting more and more sites – they can get into computers and scramble files – and they can be used to steal data, stop systems, and demand ransom. This malware can paralyze organizations and cost millions. According to the 2017 AT&T Global State of Cybersecurity survey, these attacks touch virtually every aspect of business.
To protect your data and your company you need to proactively design and implement a security strategy. This strategy should include the entire organization – as attacks can occur at any entry point. This strategy should begin with an assessment of your risks.
Who might attack you?
Do you know what normal looks like?
Could you spot an abnormality if it occurred?
Can you lock down your system in the event of attack?
Could you recover if your files were destroyed?
What’s an acceptable down time to recover?
Do you have the procedures in place to recover within that time?
You want to proactively prevent security attacks and save your company from losses. You can implement systems to protect your perimeter and prevent attacks from entering your environment, ensure you have antivirus installed and current on all endpoints, apply patches immediately, and limit what can run on your systems.
Your users should also be trained to spot potential attacks and respond and report accordingly. But as new methods attack systems, you must have a plan to respond if an attack happens.
Your strategy must be comprehensive, as your company is vulnerable at every possible entry point. All users should be involved in the solution to protect your business. The potential cost to your company of a cyber security attack is enormous – in addition to the costs associated with paying ransom or recovering from a breach – an attack can disrupt your business, damage your brand and reputation, and violate customer trust that you have worked so hard to build.
A 2017 study by Ponemon Institute showed that companies are increasingly putting more of their investments in detection and containment. This highlights a real opportunity for companies to make the right investments to protect from cyber attacks, and facilitate the reduction in costs for recovery - and ultimately to minimize the risk and impact of attacks.
Source: Ponemon Institute's 2017 Cost of Cyber Crime study
Thank you! Your submission has been received!
Hmm, it looks like something went wrong while trying to submit your form. Please check all fields and try again.