Why You Should Be Paying Attention to the Increased Prevalence of Cyber Attacks
Discussions surrounding cybersecurity threats are becoming commonplace today. In the last few years, you’ve most likely seen the headlines detailing the high-profile incidents. According to statistics, hackers target more than 30,000 websites daily, with email accounting for 94% of malware attacks. As of March 2021, at least 20 million recorded breaches had already taken place.
The truth is that the above scenario depicts only what has been reported. Yet, many cases took place and went unreported. What’s more worrying is that many business owners aren't putting in the effort required to combat such threats. The disconnect leaves the industry exposed to cyberattacks.
Industry experts and analysts forecast a worrying trend that is going to cause harm to many organizations’ bottom lines and reputations. Failure to implement the right counteractive measures will mean that more and more enterprises and organizations will fall victim to cyberattacks.
Attacks That Shook the World Recently
2021 was one of the worst years for cyberattacks. The global pandemic was such a disruption to businesses that it created a good environment for hackers, phishing and malware, ransomware, worms, and other threats. As the world’s attention centered on the pandemic, it gave unauthorized users and software more space and time to carry out their crimes. Also, people in charge of monitoring cybersecurity may have been a little complacent. The following are some of the recent threats that shook the globe:
SolarWinds was allegedly infiltrated by Russian state-sponsored hacking software that affected nine federal agency networks and 100 private corporations in the U.S. The threat worked undetected for several months and affected more than 18,000 customers.
- Microsoft Exchange
Hafnium, a Chinese hacking group, took advantage of Microsoft Exchange vulnerabilities and accessed emails of at least 250,000 users globally and 30,000 organizations in the U.S.
- REvil Ransomware Demands
REvil, Russian ransomware, demanded $50 million from Quanta, an Apple supplier, $70 million from IT firm Kaseya, and $11 million from meat processor JBS. According to reports from IBM X-Force, REvil's profits from ransomware were approximately $123 million in 2020 alone. The attack also stole approximately 21.6 terabytes of data.
- Colonial Pipeline
Darkside, a criminal group, infiltrated Colonial Pipeline and shut down a main fuel supply system for the East Coast. The hacker group demanded a $4.4 million ransom to restore the systems.
- Microsoft's (Print Nightmare) Attack
Print Nightmare exploited Microsoft vulnerabilities in July 2021. The Windows bug, popularly known as 'Print Nightmare,' affected the Windows Print Spooler and gave multiple users using Windows 7 and 10 access to a connected printer.
Other notable attacks include:
- Log4j (zero-day) attack on Apache Log4j open-source library that's used by many vendors, including Twitter, Microsoft, VMware, Apple, and Amazon
- In 2020, Garmin's 2020 cyber-attack that cost the firm a whopping $10 million
- 2020 Cyberattack on CTW Global that cost $4.5 million
Why Smaller Organizations Lag Behind
Smaller organizations, just like their larger counterparts, are also at risk. However, most large enterprises have fully accepted and embraced the threats. They've set aside a budget and have a dedicated team of experts to focus on the issue. On the other hand, small businesses lag behind. Small enterprises often lack sufficient funds to continually upgrade technology. In addition, the cost of hiring staff whose role is to monitor any threats specifically may be a bit excessive for a small business.
Historically, reports focus on big enterprises. But data from Forbes shows that, in 2021, cyberattacks on small and medium-size businesses was 43% of the total. This is a pretty large number considering the smaller proportion it accounts for in the total market. Further analysis indicates that attackers prey on small businesses because of their laxity in implementing highly effective systems. Only 14% of the small enterprises have invested in top-notch security systems. The cyberattacks come in denial of service (DDoS), phishing, malware, Trojan, and man-in-the-middle.
Many small organizations believe that the losses will be minimal, and therefore only invest in the basic minimum. However, cyberattacks are not only about money lost. Exposing customers/clients' confidential and private information leads to a breach of trust. Many will leave the service provider for another, more reliable competitor.
One example of cyberattacks tainting the image of a company took place when customer accounts on Friend Finder, a leading online dating service, were breached, affecting up to 412 million users. Due to this, many opted for its competitors. Small businesses that store customer information as part of their business are always under threat.
Cyber threats will only continue to rise as our world becomes more connected, with most experts saying the U.S. is either just as vulnerable to cyberattacks or even more vulnerable today than it was five years ago. Hackers have also discovered that many small businesses have yet to take cybersecurity seriously, thus providing a good opportunity to attack. Most smaller businesses have yet to adopt any preventative strategies or have put weak mechanisms in place. In fact, just 5% of small business owners report cybersecurity to be the biggest risk to their business right now, according to a recent CNBC Small Business Survey.
For small businesses to truly prepare, they need to take more concrete steps to implement a cybersecurity strategy that includes things like installing antivirus or malware software and a virtual private network (VPN), strengthening passwords, backing up files, enabling automatic software updates and multi-factor authentication.
While these basic cybersecurity steps may seem like a no-brainer, they are costly to small businesses. However, failing to take cyber threats seriously puts both your bottom line and reputation at risk.