Cybersecurity threats are becoming more dangerous with global losses from cybercrime increasing 50 percent since 2018 with losses now exceeding $1 trillion.
“The severity and frequency of cyberattacks on businesses continues to rise as techniques evolve, new technologies broaden the threat surface, and the nature of work expands into home and remote environments,” said Steve Grobman, SVP and CTO at McAfee.
The growing cybersecurity threats was a theme at the recently completed 6th Annual Aspen Cyber Summit.
“Over the past two years, the rise of big-ticket ransomware attacks and revelations of harmful software supply chain infections have elevated cybersecurity to the top of the government’s agenda. At the same time, corporate America and even the general public have awakened to the new array of digital dangers posed by nation-state actors and criminal organizations,” wrote Cynthia Brumfield who covered the Aspen Cyber Summit for CSO.
McAfee and the Center for Strategic and International Studies (CSIS) released a global report last December, “The Hidden Costs of Cybercrime”, which looked at the significant financial and unseen impacts that cybersecurity threats pose.
“While industry and government are aware of the financial and national security implications of cyberattacks, unplanned downtime, the cost of investigating breaches and disruptions to productivity represent less appreciated high impact costs. We need a greater understanding of the comprehensive impact of cyber risk and effective plans in place to respond and prevent cyber incidents give the hundreds of billions of dollars of global financial impact,” Grobman said.
The McAfee and CISIS report found that:
Government and industry experts at the 6th Annual Aspen Cyber Summit concluded that greater complexity and systems interdependence has given attackers the edge to do more widespread global damage.
“We’ve got this growing complexity and growing interdependence so the opportunities [for cybersecurity threats] are growing faster than we’re able to mitigate them,” said Window Snyder who has helped lead cybersecurity operations at Apple, Fastly, Microsoft, Mozilla and Square. “The core problem here is complexity and our interdependence. That is something that we’re not going to move away from because that is providing us flexibility and functionality and all these other critical functions that we need. We’ve got a growing problem.
Snyder was part of the Aspen Cyber Summit panel on “Monsters under the Bed: Demystifying Systemic Cyber Risk” along with Jay Healey, Senior Research Scholar at Columbia University, and Jonathan Welburn, Operations Researcher at the RAND corporation.
Welburn addressed the growing rise of ransomware attacks around the world such as the 2021 Colonial Pipeline attack which forced the largest fuel pipelines in the United States to go offline.
“I think that the ransomware attackers have found a perfectly successful illegitimate business model. Every time there’s a large-scale attack, we see that [organizations] issue a payment, and it solves the problem. It’s a really good advertisement for that business model.”
In the Colonial Pipeline attack, Russian-linked hackers demanded and received $4.4 million of cryptocurrency.
Hackers had gained access into the Colonial Pipeline network via a single compromised password that logged into the company’s virtual private network (VPN) that allowed remote network access for employees. The VPN account did not require multi factor authentication, which cybersecurity experts recommend.
The attack surface today gives more opportunity for cyber criminals with a growing reliance on network-connected devices and a move to remote work and logins accelerated by the COVID-19 crisis.
The FBI saw a fourfold increase in cybercrime during the start of the COVID-19 pandemic with the bureau receiving between 3,000 and 4,000 cybersecurity complaints each day, up from an average of 1,000 complaints per day before COVID.
Internet of Things (Iot) and 5G wireless are gaining ground and could lead to more cybersecurity threats with new devices, many near users, coming online.
“A lot of these devices don’t have the amount of memory or storage or CPU capabilities [needed for security updates],” Snyder said. “It’s a huge opportunity for attackers. It’s very difficult for the people who manage these devices to be able to even inspect and recognize whether they are actually compromised or are using the code that we intended for them to run at deployment. That’s the big, hairy monster under the bed for me.”
Security magazine wrote in February that “cyber threats are getting more sophisticated and intense amid the increasing levels of remote work and dependence on digital devices.”
According to the magazine the top five cybersecurity threats in 2020 were:
Contact DCS today to find out more about how we provide reliable, scalable, high-performance connectivity to some of the largest data centers in the world.