What is the cost of cyberattacks?
Cybercrime is now considered to be the biggest threat to every business and organization connected to the internet.
…. and, that’s a understatement!
This invisible enemy which transcends geography, languages and political borders was responsible for approximately $3 trillion worth of commercial losses in 2015 and is forecasted to impact the global society to the tune of $6 trillion in 2021.
The cost of cybercrime is confirmed by hundreds of industry experts, media sources, universities, senior government officials, major tech and data security firms globally.
The true cost of cybercrime includes damage, theft and deletion of personal and business data, theft of intellectual property, fraud, embezzlement, disruption to productivity, restoration of hacked data and systems, and reputational damage.
The cost of damage is based on historical cybercrime figures, including year-on-year growth, a dramatic increase hacking activities sponsored by organized crime gangs and hostile nation states.
In 2017 CNBC published an article titled ‘Protect against the fastest-growing crime: Cyber attacks‘ citing that such attacks are increasing in size, sophistication and cost.
According to the New York Times, the Yahoo hack was calculated to have affected some 3 billion users, and the data breach suffered by consumer credit reporting agency Equifax affected more that 145 million customers – the largest publicly disclosed cyber-attack ever reported.
Such attacks, alongside the NotPetya, and more famously, the WannaCry cyber-attack back in 2017 were not only on a larger scale and more complex than previous attacks, but are also considered to be a “sign of the times.”
Robert Herjavec, founder and CEO at Security Services Provider, Herjavec Group, says:
“We are edging closer and closer to seeing Cybersecurity Ventures’ $6 trillion in costs attributed to cybercrime damages globally …DDoS attacks, ransomware, and an increase in zero day exploits are contributing to last year’s prediction becoming a reality.
It’s concerning that all of the hype around cybercrime – the headlines, the breach notices etc. – makes us complacent. The risk is very real and we can’t allow ourselves to be lulled into a sense of inevitability. We all have a role to play in how we protect our businesses from the accelerating threat of cybercrime.
According to Cybersecurity Magazine, there will be 6 billion Internet users by 2022 (75% of the projected world population of 8 billion) — and more than 7.5 billion Internet users by 2030 (90% of the projected world population of 8.5 billion, 6 years of age and older).
In the same way that street crime has grown in line with the worlds population, we are now seeing a notable increase in cases of cybercrime. And this is as much about the growing numbers of human and digital targets as it is the evolution of sophisticated online ‘weapons’.
Tech giant Microsoft estimates that volumes of online data will be approximately 50 times greater in 2020 than they were back in 2016.
According to global research firm, Gartner, more than half a billion wearable devices will be sold worldwide in 2021 – an increase of around 310 million compared with the 2017 figure.
Wearable devices’ not only include smartwatches and fitness monitors, but also blue-tooth headsets, body-worn cameras and head-mounted displays.
In a 2016 blog post titled ‘Forgotten passwords become history as authentication goes mobile‘, Bill O’Hern, AT&T’s SVP and Chief Security Officer wrote:
Today, everything requires passwords, pass codes, security questions, and user names … Imagine being able to skip this process entirely and sign in to your corporate network or a private database with only your fingerprint, or by clicking a button on your phone or smart watch.
Dismissing the popular theory that passwords are a dying breed, a report from market and intelligence firm Cybersecurity Ventures predicts that the number of passwords used among humans and machines worldwide will grow to 300 billion by 2020 – all of which will require cyber protection.
Furthermore, the report estimates that Fortune 500 company employees in 2020 will own an average of 90 business and personal accounts that will require log-in IDs and passwords – meaning they will collectively be managing approximately 5.4 billion passwords.
In an on-camera interview, report co-author and Thycotic Cyber Strategist Joseph Carson also told SC Media that the average individual will have to manage 60 to 90 accounts by 2020.
Considering we’re already half-way through 2020, it remains to be seen if these prophesies actually come to pass.
Gartner predicted that consumers will own 4.1zetabytes of content and put a third of it in the public cloud by 2016. And while you’re wondering “what the heck is a zettabyte?”, you might (or might not) be interested to know that according to other research by Nasuni three years earlier, in 2013 there was over 1 Exabyte of data stored in the cloud.
1024 Petabytes of data
1,073,741,824 Gigabytes of data
quintillion bytes of data
over 67 million iPhones worth of data
50,000 trees chopped down, made into paper and printed
in other words … a lot.
Dark and Deep: The World-Wide-Web’s BIG Brother
If you’ve ever wondered why “The Dark Web” is intentionally hidden from prying eyes and is not indexed or accessible by search engines, it’s simply because it’s used to conceal and promote abhorrent criminal activities.
Estimates put the size of the Dark Web at as much as 5,000 times larger than the “regular web” as we know it – and it’s growing at a rate that defies quantification, according to a report published by the Congressional Research Service.
A Startling Thought…
Just when you thought it was purely computers, phones and CNC machines that are among the targets of cybercrime, could you ever contemplate that hundreds of thousands – maybe even millions – of people can be hacked right now via their Wi-Fi connected, digitally monitored implantable medical devices (IMDs).
These devices include pacemakers, insulin pumps, cardioverter defibrillators (ICD), deep brain neurostimulators, and more.
There will be 45 trillion networked sensors in twenty years from now
~ Dr. Janusz Bryzek, Vice President, MEMS and Sensing Solutions – Fairchild Semiconductor
This will be driven by smart systems including Internet-of-Things (IoT), mobile and wearable market growth, digital health, context computing, global environmental monitoring, artificial intelligence (AI), hyper-imaging, macro-scopes, medical “labs on a chip”, and silicon photonics.
Our entire planet and its citizens are connecting up to the Internet – lock, stock and barrel. People, places, and Things. And here’s what’s so alarming… The rate of Internet connection is outpacing our ability to properly secure it.
Make no mistake, IT security spending is ‘on the up’, largely due to unprecedented damage caused by cybercrime. It’s victims include both private and public enterprises.
According to research from Gartner in 2017, worldwide information security spending was forecast to grow by 7 percent to $86.4 billion in 2018. Furthermore, global cybersecurity spending is predicted to exceed $1 trillion cumulatively over the following five years, from 2017 to 2021, according to Cybersecurity Ventures.
This forecast does not cover various cybersecurity categories including IoT, ICS (Industrial Control Systems) and IIoT (Industrial Internet of Things) security, automotive cybersecurity, and others.
Cybersecurity Ventures predicted global spending on cybersecurity products and services to exceed $1 trillion cumulatively over the following five years, from 2017 to 2021.
IT analyst forecasts remain unable to keep pace with the dramatic rise in cybercrime, the ransomware epidemic, the refocusing of malware from PCs and laptops to smartphones and mobile devices, the deployment of billions of under-protected Internet of Things (IoT) devices, the legions of hackers-for-hire, and the more sophisticated cyber-attacks launching at businesses, governments, educational institutions, and consumers globally.
Ransomware on the Increase
The US Department of Justice (DOJ) described ransomware as a new business model for cybercrime, and a global phenomenon.
Malware is any software intentionally designed to cause damage to a computer, server, client, or computer network. A wide variety of types of malware exist, including computer viruses, worms, Trojan horses, ransomware, spyware, adware, rogue software, and scareware.
It can infect computers and mobile devices, restricting their access to files, often threatening permanent data destruction unless a ransom is paid. Ransomware has now reached epidemic proportions and is the fastest growing form of cybercrime.
It is estimated that a business suffers a ransomware attack every 40 seconds. The FBI estimates that the total amount of ransom payments approaches $1 billion annually.
Cybersecurity experts and law enforcement agencies commonly advise organizations not to comply with demands for ransoms. While the numbers of ransom victims who pay bitcoin to hackers in hopes of reclaiming their data seems to be decreasing, the costs relating to ransomware attacks is literally going through the roof – and are predicted to exceed $5 billion in 2017.
Marc Goodman, author of the New York Times best-selling book Future Crimes, founder of the Future Crimes Institute and the Chair for Policy, Law and Ethics at Silicon Valley’s Singularity University, says:
“Ransomware is a game changer in the world of cybercrime, …It allows criminals to fully automate their attacks. Automation of crime is driving exponential growth in both the pain felt by businesses and individuals around the world, as well as in the profits of international organized crime syndicates.
According to Microsoft’s Global Incident Response and Recovery Team, the sheer volume of cyberattacks and security events triaged daily by security operations centres continues to grow, making it nearly impossible for humans to keep pace.
The global demand for experienced cybersecurity professionals will increase to around 6 million by 2019, according to some industry experts cited by the Palo Alto Networks Research Center.
Robert Herjavec says:
Unfortunately the pipeline of security talent isn’t where it needs to be to help curb the cybercrime epidemic, …Until we can rectify the quality of education and training that our new cyber experts receive, we will continue to be outpaced by the Black Hats.
Sectors in the cyber-criminal’s cross-hairs
One would expect that the primary target for hackers are banks and financial services firms. But in actual fact, the healthcare sector is top of the list for most cyber-attacks, according to the 2016 IBM X-Force Cyber Security Intelligence Index, which reports more than 100 million healthcare records were breached last year.
The report is based on data collected from thousands of network devices IBM monitor in over 100 countries.
According to a report by Forbes, the 5 most cyber-attacked industries in 2015 were:
Healthcare IT News reports the healthcare industry occupied the top 3 spots out of the 7 largest breaches which occurred in 2015, with Anthem, which hit Excellus BlueCross BlueShield being the biggest.
A PwC Health Research Institute analysis stated the estimated cost of a major healthcare breach is $200 per-patient record – which includes post-breach costs such as lost business due to reputational damage.
Conversely, the cost to prevent a breach is only $8 per-patient record. This provides strong motivation for healthcare institutions to spend more on preventing against cyber intrusions.
Cyber innovators around the world are working hard to develop cutting edge solutions to effectively combat and reduce cybercrime.
Cybercrime is a natural outgrowth of the ever-expanding cyber attack surface. This is to be expected. A realistic view of the threats and risks will help organizations and consumers to do a better job of protect themselves.
Almost half of all cyber-attacks are perpetrated against small businesses
A global survey conducted by the Microsoft Digital Crimes Unit last year showed two out of three people experienced a tech support scam during the previous 12 months.
91% of attacks by sophisticated cybercriminals start through spear phishing emails.
Cyber criminals are creating an average of around 1.4 million phishing websites every month with fake pages designed to mimic the company they’re spoofing.
The average size of distributed denial-of-service (DDoS) attacks is 4 times larger than what cybercriminals were launching two years ago — and more than 42 percent of DDoS incidents in 2017 exceed a whopping 50Gbps, up from 10 percent of cases in 2015.
Conclusion: what is the true cost of cyberattacks
Businesses and organizations need to have meaningful conversations with their internal tech support teams and external advisors concerning cybersecurity. It is vital that they identify how and where data is stored, how it is protected, and what processes are in place for data mapping and recovery of lost or damaged data. A full review of the company’s information security policy should be conducted.
To have meaningful dialogue between all parties, everyone must view cybersecurity as a top priority. Levels of awareness concerning the risks associated with cybersecurity should be assessed – and appropriate training should be provided where required.
It’s inevitable that the frequency and sophistication of cyber-attack attempts will continue to increase. Periodic reviews and ongoing education concerning the risks and methods that attackers are using is one of the most effective ways to prevent a data breach.
Sources & Further reading: