Why Cybersecurity Threats Have Become More Dangerous
Cybersecurity threats are becoming more dangerous with global losses from cybercrime increasing 50 percent since 2018 with losses now exceeding $1 trillion.
“The severity and frequency of cyberattacks on businesses continues to rise as techniques evolve, new technologies broaden the threat surface, and the nature of work expands into home and remote environments,” said Steve Grobman, SVP and CTO at McAfee.
The growing cybersecurity threats was a theme at the recently completed 6th Annual Aspen Cyber Summit.
“Over the past two years, the rise of big-ticket ransomware attacks and revelations of harmful software supply chain infections have elevated cybersecurity to the top of the government’s agenda. At the same time, corporate America and even the general public have awakened to the new array of digital dangers posed by nation-state actors and criminal organizations,” wrote Cynthia Brumfield who covered the Aspen Cyber Summit for CSO.
Hidden Costs of Cybercrime Beyond Economic Impact
McAfee and the Center for Strategic and International Studies (CSIS) released a global report last December, “The Hidden Costs of Cybercrime”, which looked at the significant financial and unseen impacts that cybersecurity threats pose.
“While industry and government are aware of the financial and national security implications of cyberattacks, unplanned downtime, the cost of investigating breaches and disruptions to productivity represent less appreciated high impact costs. We need a greater understanding of the comprehensive impact of cyber risk and effective plans in place to respond and prevent cyber incidents give the hundreds of billions of dollars of global financial impact,” Grobman said.
The McAfee and CISIS report found that:
- Global losses from cybercrime totaled over $1 trillion, up nearly $600 billion 2018
- Two-thirds of surveyed companies reported some kind of cyber incident in 2019
- Average interruption to operations at 18 hours; the average cost was more than half a million dollars per incident
- IP theft and financial crime account for at least 75 percent of cyber losses and pose the greatest threat to companies
- Damage to companies include downtime, brand reputation, and reduced efficiency
Greater Complexity, Interdependence Gives Attackers Edge
Government and industry experts at the 6th Annual Aspen Cyber Summit concluded that greater complexity and systems interdependence has given attackers the edge to do more widespread global damage.
“We’ve got this growing complexity and growing interdependence so the opportunities [for cybersecurity threats] are growing faster than we’re able to mitigate them,” said Window Snyder who has helped lead cybersecurity operations at Apple, Fastly, Microsoft, Mozilla and Square. “The core problem here is complexity and our interdependence. That is something that we’re not going to move away from because that is providing us flexibility and functionality and all these other critical functions that we need. We’ve got a growing problem.
Snyder was part of the Aspen Cyber Summit panel on “Monsters under the Bed: Demystifying Systemic Cyber Risk” along with Jay Healey, Senior Research Scholar at Columbia University, and Jonathan Welburn, Operations Researcher at the RAND corporation.
Growing Cyber Threats: Ransomware on the Rise
Welburn addressed the growing rise of ransomware attacks around the world such as the 2021 Colonial Pipeline attack which forced the largest fuel pipelines in the United States to go offline.
“I think that the ransomware attackers have found a perfectly successful illegitimate business model. Every time there’s a large-scale attack, we see that [organizations] issue a payment, and it solves the problem. It’s a really good advertisement for that business model.”
In the Colonial Pipeline attack, Russian-linked hackers demanded and received $4.4 million of cryptocurrency.
Hackers had gained access into the Colonial Pipeline network via a single compromised password that logged into the company’s virtual private network (VPN) that allowed remote network access for employees. The VPN account did not require multi factor authentication, which cybersecurity experts recommend.
Attack Surface Today is More Extensive for Cyber Crime
The attack surface today gives more opportunity for cyber criminals with a growing reliance on network-connected devices and a move to remote work and logins accelerated by the COVID-19 crisis.
The FBI saw a fourfold increase in cybercrime during the start of the COVID-19 pandemic with the bureau receiving between 3,000 and 4,000 cybersecurity complaints each day, up from an average of 1,000 complaints per day before COVID.
Internet of Things (Iot) and 5G wireless are gaining ground and could lead to more cybersecurity threats with new devices, many near users, coming online.
“A lot of these devices don’t have the amount of memory or storage or CPU capabilities [needed for security updates],” Snyder said. “It’s a huge opportunity for attackers. It’s very difficult for the people who manage these devices to be able to even inspect and recognize whether they are actually compromised or are using the code that we intended for them to run at deployment. That’s the big, hairy monster under the bed for me.”
5 Biggest Cybersecurity Threats Today
Security magazine wrote in February that “cyber threats are getting more sophisticated and intense amid the increasing levels of remote work and dependence on digital devices.”
According to the magazine the top five cybersecurity threats in 2020 were:
- Social engineering: Almost a third of breaches utilized social engineering with 90 percent of those phishing. Social engineering attacks can include phishing emails, scareware, and quid pro quo.
- Ransomware: Third most popular type of malware used in data breaches is ransomware, used in 22 percent of cases with an average sum of $1.45 million to rectify.
- DDoS attacks: There were 4.83 million DDoS attacks attempted in the first half of 2020 alone. Criminals are using AI to carry out these attacks.
- Third party software: As many as 80 percent of organizations experienced a breach originating from their third-party vendor ecosystem.
- Cloud computing vulnerabilities: Attempted breaches on cloud accounts grew by 250 percent from 2019.
Contact DCS today to find out more about how we provide reliable, scalable, high-performance connectivity to some of the largest data centers in the world.