A single data breach in 2017 cost businesses an average of around $3.7 million. And, the total cost of cybercrime is expected to reach $2 trillion by 2019. One of the fastest growing attack types is via ransomware, which is expected to continue escalating in coming years. Even those with little to no programming skills can carry out these attacks, due in part to the easily acquired ransomware attack kits available on the dark web.
Small and Medium-Sized Businesses
Although media reports focus primarily on larger cyber-attacks such as the breaches at Target, Netflix, and JP Morgan, the most frequent threats have been to small and medium-sized businesses. Industry experts say that 60 percent of SMBs will fail within 6 months as a result of a cyber-attack. Furthermore, there are industries that appear to be cyber criminals’ favorites. According to the 2017 X-Force Threat Intelligence Index, financial services were the most-attacked, primarily through insider attacks. These are expected to increase for smaller franchised retailers this year, along with those businesses with distributed infrastructure.
Ransomware is the top threat to healthcare organizations. In 2016, this industry suffered at least one breach every day, affecting more than 27 million patient records to be sold on the darknet. The problem is, most healthcare facilities and organizations are vulnerable to these attacks because they aren’t equipped to ward them off. Many of these institutions have unpatched vulnerabilities in their operating systems, or are utilizing legacy hardware and software. Pacific Alliance Medical Center, based in Los Angeles, was hit by a ransomware attack in June 2017 that breached more than 266,000 patient records. And studies show that four of five U.S. physicians have experienced a cyberattack.
Government agencies hold a treasure trove of confidential information, including fingerprints, Social Security numbers, and more. Government servers and databases, unfortunately, have known vulnerabilities, resulting in larger amounts and volumes of attacks in recent years. In 2016, a hacking group called the Shadow Brokers breached the NSA, highlighting the common and problematic practice of gathering intelligence through bugs in commercial products instead of notifying the software companies who make the software. That ill-advised practice can potentially endanger billions of software users.
Energy networks are especially vulnerable to cyber-attacks, say security tech experts. Hackers can cause widespread power outages, undermining critical security and defense infrastructure, and endangering millions of citizens. Because hackers can gain control from close range or from long distances, they have the ability to access nuclear facilities, power grids, and power generation facilities around the world. Natural gas pipelines in both the U.S. and Canada are regularly targeted, and researchers in Oklahoma discovered that their wind-turbine facility could be hacked in less than one minute through a single lock on the door to gain access to their servers.
Over the last decade, universities experienced the highest number of cyber-attacks, with 539 breaches affecting around 13 million records. With all the information stored and added to a university’s registration office, it’s not surprising that hackers enjoy targeting their data-rich vaults. Two years ago, cyber-attacks in higher education institutions exposed 1.35 million identities. In 2015, both Harvard and Penn State experienced breaches, and several colleges and offices across their systems were affected. The year before, hackers stole identities from students at North Dakota University, University of Maryland, and University of Indiana. As years go on, the attacks are widespread and undiscerning, targeting student records from kindergarten through 12th grade.
Addressing the Issues
Attackers will continue to implement new techniques to exploit vulnerabilities resulting from failures to update software or implement two-party authentication, along with rudimentary components. Security protocols must be in place in the event a data breach occurs. Employee training is another key element in controlling breaches. If you have concerns about the security of your company or organization’s data, learn how you can stay secure with CDNetworks. Visit our website for more information.