Hacking is a growing and sophisticated industry. Over the past few years companies continued to see more and more breaches that results in ransomware, stolen IP, exposed client records. Many
of these incidents make the news – and there are many we never hear of.
Facebook has had a number of high profile data breaches - from the Cambridge Analytica data breach in 2018 that caused the share price to drop by more that $100 billion, to the 540 million records that were publicly exposed on Amazon Ccloud servers.
Capital One announced in July 2019 that it had discovered a breach that compromised more than 100 million customers. The estimated cost of the breach was $300 million.
Marriott hotel group suffered a massive data breach that occurred between 2014 and September 2018. Hackers had access to guest information, including mailing address, email address, DOB, and passport number.
The Wannacry ransomware hit hundreds of thousands of computers in over 150 countries in the first half of 2017 - particularly those running older versions of windows.
The Petya virus also attacked and crippled businesses – the most visible the pharmaceutical company, Merck, and cost them $135 million in revenue.
There are countless more in recent years that haven’t been reported, and the costs are skyrocketing.
According to the Ponemon Institute's 2019 Cost of a Data Breach study, the consolidated average total cost of a breach in 2019 increased by 1.5 percent from 2018. In the six years since 2014, the average total cost of a data breach has increased by 12 percent, from $3.5 million.
Source: Ponemon Institute's 2019 Cost of a Data Breach report
The dark web has opened up the opportunity for those that want to hack into systems. No longer do people have to have sophisticated skills to break into systems. They can buy the tools through a marketplace, or hire a hacker. Their identity can be anonymized in the deep web. They can pay through digital currency. Simply put, their transactions can’t be tracked. Just as you can purchase goods instantly on your favorite shopping sites today, hackers can anonymously shop in marketplaces for the tools and resources to break into your systems. Their transactions can’t be tracked and their damage can be significant and widespread.
To complicate matters, and increase the likelihood of a successful attack, there are now many more opportunities to break into systems. With the growth of mobile devices, wearables, and the internet of things there are even more access points. Distracted users open phishing emails. Wireless traffic gets exposed. More devices are deployed with fewer security protections.
And this market - with the easier access through the dark web marketplaces, and the increased exposure through internet-connected devices - grows because it's lucrative. Hacking can be monetized. And with money, criminals follow.
Hacking hasn't always been about money - historically hackers broke into systems because they could - many because it gives them a thrill. Then there are those who believe they should - to show security gaps and to alert others that their data is not safe. But now that the potential for monetary gain is increasing, and the access to systems is exploding, the opportunity is ripe for malicious actors to attack. There are well-organized groups from around the world that break into systems for financial gain or to further a political agenda. They leverage the dark web to communicate and coordinate - and attack your systems and steal your data.
Source: Carbon Black "Beyond the Hype" research report 2017
There are no limits to who is at risk from cybersecurity attacks. Utilities, government agencies, corporations, and individuals are all exposed. And now that the largest companies have more sophisticated strategies in place, smaller companies are even more at risk as hackers try to find softer targets. These worms and viruses spread fast – they can automatically replicate – hitting more and more sites – they can get into computers and scramble files – and they can be used to steal data, stop systems, and demand ransom. This malware can paralyze organizations and cost millions. According to the 2017 AT&T Global State of Cybersecurity survey, these attacks touch virtually every aspect of business.
To protect your data and your company you need to proactively design and implement a security strategy. This strategy should include the entire organization – as attacks can occur at any entry point. This strategy should begin with an assessment of your risks.
Who might attack you?
Do you know what normal looks like?
Could you spot an abnormality if it occurred?
Can you lock down your system in the event of attack?
Could you recover if your files were destroyed?
What’s an acceptable down time to recover?
Do you have the procedures in place to recover within that time?
You want to proactively prevent security attacks and save your company from losses. You can implement systems to protect your perimeter and prevent attacks from entering your environment, ensure you have antivirus installed and current on all endpoints, apply patches immediately, and limit what can run on your systems.
Your users should also be trained to spot potential attacks and respond and report accordingly. But as new methods attack systems, you must have a plan to respond if an attack happens.
Your strategy must be comprehensive, as your company is vulnerable at every possible entry point. All users should be involved in the solution to protect your business. The potential cost to your company of a cyber security attack is enormous – in addition to the costs associated with paying ransom or recovering from a breach – an attack can disrupt your business, damage your brand and reputation, and violate customer trust that you have worked so hard to build.
A 2017 study by Ponemon Institute showed that companies are increasingly putting more of their investments in detection and containment. This highlights a real opportunity for companies to make the right investments to protect from cyber attacks, and facilitate the reduction in costs for recovery - and ultimately to minimize the risk and impact of attacks.
Source: Ponemon Institute's 2017 Cost of Cyber Crime study
Thank you! Your submission has been received!
Hmm, it looks like something went wrong while trying to submit your form. Please check all fields and try again.