Science & Technology

Lessons Learned from the Skyrocketing Cost of Cyber Crime

Businesses worldwide faced a slew of challenges in 2021 – the main ones being COVID-19 and cybercrime.

The global pandemic forced many to shut their doors and have employees work remotely or from home.

Cybercrime also increased in frequency and sophistication. As a result, cyberattacks are now one of the fastest-growing crimes, losing businesses around the world billions of dollars, and causing catastrophic disruption.

Furthermore, there’s been an increase in ransomware, malware, phishing, island hopping, and hyper-targeted nation-state attacks. For example, Japanese automaker Honda said their internal servers and production systems were hit by ransomware in June 2020. As a result, the company had to suspend some of its motorcycle and auto production.

Cost of Cybercrime

A new study from Iomart, a cloud computing company, found that large-scale breaches became even more of an issue last year. The number of data breaches in the first quarter rose by 273%, compared to the same time in 2019.

Emsisoft, a New-Zealand based security firm, estimated that in 2019, the cost of cybercrime was $3.5 billion in the U.S. compared to the UK, which lost $1.8 billion. However, the figure may be higher than that as some intrusions and exploits tend to go unnoticed.

As of last year, the average cost of a single data breach is $3.86 million, and it takes about 280 days from the time the breach is identified up to the time it’s contained. By 2021, damages from cybercrime alone are projected to reach a staggering $6 trillion globally.

Cybercrime costs include several factors such as stolen money, intellectual property theft, and damage and destruction of data.

When a company’s data is destroyed, they end up spending money, time, and effort trying to restore and fix the damage. They also have to reassure their investors that the incident won’t recur.

For example, hackers threatened to take over Sapiens, an Israeli fintech company’s computer network. The company believes the attack occurred when their staff started working from home. Eventually, they paid a $250,000 ransom in bitcoin to avert the crisis.

Similarly, the city of Florence, Alabama, got hit by a cyberattack on its computer network system. They also paid nearly $300,000 in bitcoin. The city of Torrance in California also suffered a ransomware attack that disabled its email, website, and financial system. The hackers demanded about $700,000 worth of bitcoin.

Iomart found that cybercrime dents a company’s value by 7.27%. A typical breach, they say, could be catastrophic for small businesses. For large companies, the data loss would range between 10 million and 99 million records.

Cybercriminals exploited the current confusion around the pandemic and the changed behavior as more people work and shop online.

Projected Cybercrime Costs for 2021

Experts predict a continued rise in cybercrime throughout 2021 and beyond. The increasing cost of cybercrime is compounded by the addition of more interconnected devices, which are expected to rise to 75 billion by 2025.

Ransomware is also projected to cost roughly $16 billion every single day. In addition, phishing attacks are increasing sophistication as attackers try to outsmart the current cybersecurity measures.

By 2025, industries worldwide could end up paying more than $10.5 trillion per year for malicious exploits.

By nature, cybercrime is criminal, but it’s also one of the most significant economic wealth transfer mechanisms in history. It also has a more significant impact in any given year compared to the damage natural disasters inflict on the economy.

When you view these massive numbers from a different perspective, you get to see how big of a problem cybercrime and related attacks can be.

Lessons Learned from 2020

With all the realistic threats that lurk in the digital space, it’s imperative for companies to deploy best practices in cybersecurity to protect their data and other digital assets. Plus, companies need to do everything they can to avoid the burdensome financial costs associated with cybercrime.

While we can’t always prevent cyberattacks, we can learn from them and apply tangible steps to protect ourselves and our businesses. Here are some of the significant lessons we’ve drawn and how to build cybersecurity resilience.

Implement and Enforce Identification Policies

You may have a staff cybersecurity education program, but it may not match the threat risk to your business without stringent identification policies. If one person lets their guard down, cyber attackers can quickly achieve their goals.

For example, hackers used a phone spear-phishing attack on Twitter employees to obtain their credentials. Through social engineering, the perpetrators compromised Twitter handles of some recognized and highly regarded global personalities.

The hackers duped the followers of those accounts into sending $100,000 worth of Bitcoin, promising them double in return. Those who fell for the scam didn’t receive anything in return.

A similar social engineering plan was used against Magellan Health. The hackers exported data and launched ransomware, impacting 365,000 patients in the 2020 data breach.

The malicious actors used employee credentials to access the targeted server and then compromised patient and employee data in the process.

Magellan discovered the incident and quickly reported it to the FBI and other law enforcement agencies. They also retained a cybersecurity forensics company to help them conduct a thorough investigation into the breach.

These incidents are prime examples of successful cyber attacks. Subjecting employees to stringent identity verification and implementing multi-factor authentication systems helps prevent such attacks.

Use Robust Encryption Policies

Using strong encryption and ensuring they’re rigorously followed can reduce the harmful impact of cyber attacks on your organization if your data is exfiltrated or stolen. This can include encrypting anything from video calls to remote internet connections.

For instance, when Marriott suffered its second significant data breach since 2018, the hackers accessed personal details of about 5.2 million hotel guests. The information taken included names, phone numbers, birth dates, addresses, and airline loyalty details.

The hackers accessed the data in mid-January, but the hotel was alerted to the incident at the end of February.

MGM Resorts suffered a similar breach where personal data on over 10.6 million guests was shared on a hacking forum.

The details included names, phone numbers, email and home addresses, and birth dates for celebrities, reporters, FBI agents, government leaders, and employees of major companies.

Zoom also experienced data breaches as people flocked to the video conferencing platform in 2020. With such dramatic, explosive growth, the company experienced several security incidents that saw hackers obtain user data and sell them on a dark web forum.

Zoom codes were easy to guess, and users could Zoom bomb meetings and interrupt or share inappropriate content.

All these big companies were affected by data security failure, both at rest and in transit.

Using robust encryption policies and ensuring they’re adhered to can help reduce the harmful impact of data loss through breaches.

Practice Strong Data Hygiene

Ransomware attacks have the goal of harming a company’s reputation or getting a large financial payout.

In the case of Magellan Health, the patient records were almost inaccessible, making it a critical, life and death situation.

Finastra, a company that provides software solutions for financial institutions, fell victim to a ransomware attack. The attack disrupted the company’s operations causing it to disconnect the affected servers from the internet, albeit temporarily.

The firm has been known to have outdated equipment and security practices. This made it an easy target for cybercriminals.

With strong data hygiene and strong employee risk profiles, companies can rebuff these ransomware attacks.

Apply Aggressive Patch Management Programs

Cybercriminals target companies that lack patch management programs. That’s because any loophole provides an entry point for hackers to compromise the system and access your data.

Patch management procedures should be applicable, timely, leveraged, and applied appropriately. Continuous reviews are also critical in ensuring your company can defend itself from risks and vulnerabilities.

With a patch management program, you can mitigate and avoid ransomware attacks and similar situations.

Implement Blockchain and Cryptocurrency Solutions

The blockchain has become one of the most foolproof forms of digital transactions between two people or systems. This made it the perfect technology to build cryptocurrencies like Bitcoin on.

The blockchain ledger keeps transactions completely transparent and secure at the same time. This has led to cryptocurrency values skyrocketing. Furthermore, blockchain technology and cryptocurrency used for transactions can be applied to almost any industry to fight escalating cybersecurity attacks.

These can both be used to significantly reduce cyber threats for both businesses and consumers.

  • IoT Security: Edge devices such as thermostats and routers are increasingly being used by hackers to gain access to overall systems. These edge devices can have subpar security features making them the perfect target to compromise. By decentralizing the administration of these devices through the blockchain, each can make security decisions independently.
  • eCommerce Transactions: eCommerce is the biggest target for cybercriminals. One of the most significant issues for online retailers is when cybercriminals steal consumer credit cards data to make fraudulent purchases. Ultimately, this leads to consumers reporting the fraud to their credit card company and the retailer losing the sale on top of inventory and labor costs. Cryptocurrencies, like Bitcoin, use the distributed ledger to confirm and encrypt each transaction.

Better Safe Than Sorry

Every company or industry that uses the internet is always at risk of a cyberattack. You can prevent and reduce these attacks by implementing the steps in the lessons above and the usual use of security software like antivirus, antispyware, and firewalls to keep out intruders.

The cost of cybercrime keeps growing every day, and they’re not looking to slow down soon. Securing your systems from potential hacking attempts reduces your company’s risk of a cyberattack and helps you avoid paying the price of cybercrime.

Image Credit: Mikhail Nilov; Pexels; Thank you!

Matt Shealy

Matt Shealy is the President of ChamberofCommerce.com. Chamber specializes in helping small businesses grow their business on the web while facilitating the connectivity between local businesses and more than 7,000 Chambers of Commerce worldwide.

Source link

Leave a Reply

Your email address will not be published. Required fields are marked *