As the plague of cyber security attacks continue to grow in scale and complexity, experts such as Donald Toon from the UK’s National Crime Agency, warn that it’s not longer a matter of if, but when, the next significant cyber security attack will happen. Thus, he concludes, businesses need start building their resilience now, if they want to avoid, and mitigate the serious financial and reputational consequences it can bring.
We’ve taken a look at the cyber activities over the past 12 months that have impacted businesses around the globe, and concluded a few possible reasons why this is the time business like yours need to take an extra care.
Table of Contents
Cyber activities that have impacted business
Oil prices might be diving, but there is a new oil – data. Big data is not only huge in terms of volume, but also in terms of financial possibilities it can provide to a business. The enormous scale of the consequence of the 2013 Yahoo data breach, that was followed by the 2016 Uber breach and the 2017 Equifax data violation, only demonstrate that data indeed, is a valuable target for cyber adversaries.
No wonder, predictions are that hackers familiar with both its market value and importance for businesses are likely to continue to target companies that gather, store and process data, be it proprietary or customers’ information.
However, the Information Security Forum, in their 2018 Global Security Threat Outlook, also points to other possible reasons, why we might see a hike in these very particular types of cybercrime activities. With the new legislative changes such as GDPR (which privacy standards are being exported worldwide), companies would have to pay enormous fines if they failed to protect their customers from data breaches.
The administrative fines for GDPR infringement are ranging from 4% of the global turnover to €20,000,000. If hackers were able to prove a company had not implement all the security measures needed to avoid a cyber attack by conducting one, in a realistic scenario, it would not only bring the business continuity to a halt but also effectively erase the company from the business map with fines it will have to pay to continue to operate.
Crime – as – a Service
Based on the available information of white-hat-hackers’ earnings, people who are employed legally to find system vulnerabilities, it can be assumed that criminalsand states who are engaging in cyber wars, must approach white hat hackers with even better compensation to drag them into the dark site. The money incentive has a powerful effect on the expansion of virtual criminal underground that welcomes “individual criminal entrepreneurs”, who are advancing their tools and malicious wares to sell them as services on the dark web. It is predicted that, in not so distant future, this type of criminal activity will expand to new markets and eventually commoditize activities globally.
Weak supply chain management
2017 was not only the year of ransomware but also a year of some significant examples of supply chain attacks. Last year was especially difficult for managed service providers (MSPs) that remotely manage customer’s IT infrastructure, which registered a large number of security incidents causing a disclosure of commercially sensitive information about them and their clients.
Two software companies – MeDoc and CCleaner had their products compromised, which resulted in their customers’ infrastructure being infected with malware upon downloading the software/ updates. The attacks expose the perils of outsourcing various elements of a businesses infrastructure to MSPs, having links to thousands of customers worldwide, are an attractive target for the hackers. The examples of the 2017 supply chain attacks, revealed that malicious actors orchestrate supply chain attacks to use them as a stepping stone to the intended end target, thus it is vital for businesses who rely on third-parties to work whenever it is possible only with companies that either can provide NCSC certificate or can demonstrate their strong security posture.
The increase of the Internet of Things (IoT) devices
As communication channels are growing in numbers, so is the ubiquity of the IoT devices that can provide it. Although the market seems to be in favour of tech gadgets, it is also true that because of the fast-paced mode of manufacturing of these devices, many are sold to customers with inbuilt vulnerabilities that could be the source of potential security risks, if connected to the network in your company. With many unsecured devices, it is likely that their vulnerabilities will remain the target of hackers, who are able to exploit them without the user’s knowledge, to conduct cyber security attacks with long term negative consequences for the business, such as DDoS.