Cyber-attack is a general term given to any ongoing threat on a system. Threats can be from internal users who fall victim to a phishing attack, or they can be an outsider who finds a vulnerability in a web application and exploits it. Cyber-attacks are a primary concern for businesses that can lose millions in lost revenue, brand damage, and litigation costs should a threat successfully breach a system and steal data.
The Latest Cyber-Attacks
Every day, attackers focus on breaching internet resources. Compromises plague large and small businesses, but not every incident makes national news. Small businesses often don't consider themselves a target, but attackers know that small businesses lack the resources necessary to detect sophisticated attacks.
Here are a few of the latest cyber-attacks:
- The Alaska Department of Health suffered a data breach that exposed residential, financial, health, and personal information.
- Similar to the Mirai botnet, the Meris botnet attacked the security research publication, KrebsOnSecurity, and the Russian search engine, Yandex, with one of the biggest distributed denial-of-service (DDoS) attacks to date.
- The host provider, Epik, experienced a data breach after attackers gained access to a decade’s worth of information from their internal databases.
- The Dallas, Texas school district reported a data breach that allowed attackers to access student and employee personal information.
- A small Nevada food chain known for hosting gambling services reported that attackers installed malware on their systems and stole customer personal information.
The above five cyber-incidents occurred within a single month. That's not surprising when you consider that a new vulnerability is discovered every day, giving attackers the leverage necessary to steal data. No business should assume that it's not a target. Every business should prioritize cybersecurity to protect its digital assets and customer data.
The Biggest Cyber-Attacks in History
We're accustomed to reading about significant breaches that affect government agencies and millions of users. However, the reality is that more minor breaches are a daily occurrence; they just don't make the headlines. In fact, the past few decades have seen unprecedented cyber-attacks that taught their targeted victims the importance of cybersecurity.
Here are a few of the biggest data breaches in history:
1999 – NASA and the US Department of Defense. In 1999, NASA suffered a data breach when a 15-year-old hacker exploited a router vulnerability and stole source code for software used to control temperature and humidity for NASA’s space station. The breach caused 21 days of downtime and cost NASA $41,000.
1999 – The Melissa Virus. The first large mass-mailing macro leveraged Microsoft Word and Outlook to send email messages to all victim contacts. When these contacts opened the attached Word document, their contacts received the same message. The virus spread exponentially and cost $80 million worldwide.
2017 – WannaCry. Although ransomware was around for years before WannaCry launched, the world had never seen this level of sophisticated cyber-attack that quickly crippled business systems across the globe. It spawned several variants and continues to be the foundation for many ransomware attacks.
2017 – Equifax. After months of leaving outdated software installed on web servers, Equifax experienced a massive data breach when attackers exploited unpatched software and stole millions of consumers' financial and personal information. The carelessness on Equifax’s part cost them millions of dollars in litigation and reparations.
2020 – World Health Organization. During coronavirus research, attackers gained access to 25,000 email addresses and passwords for the World Health Organization and Gates Foundation. It’s unclear how attackers gained access, but it’s thought that it could have come from a phishing attack.
The Cost of Cyber-Attacks
The World Economic Forum’s Global Risks Report 2020 rates cyber-attacks as the fifth largest risk to organizations, with both impact and likelihood rated as “very likely” and “financially damaging.” Due to the pandemic, the cost of a data breach skyrocketed in 2020 from $3.86 million to $4.24 million, a record-breaking price for a data breach in 17 years. Stolen credentials are the most common target of a data breach, but cyber-attack targets have expanded beyond stolen credentials.
Digital crime and cyber-attacks increased by 600% “post-pandemic,” mainly because users now work from home and don’t have enterprise-level cyber-defenses on their personal devices. Worldwide, costs are estimated to skyrocket by 2025 to over $10.5 trillion globally, up from $3 trillion in 2015.
The costs associated with a cyber-attack are severe and can put a financial strain on an organization. Indirect costs to consider include:
- Revenue loss
- Downtime causing a loss of productivity
- Reputation damage leading to lower sales and constrained growth
- Business continuity issues
- Litigation and reparation costs
Examples of Common Cyber-Attacks
“Cyber-attack” is an umbrella term used to describe a digital threat. These threats use various exploits and vectors, but all of them cause downtime, data damage, theft, and malware installation. The type of threat determines the incident response steps necessary to eradicate the threat, but every breach requires the right experts to investigate, contain, and remove vulnerabilities.
Here are a few common threats that organizations should consider when defining their cybersecurity plan:
- Phishing: Email is the most common form of attack, but attackers also use text messages and voice calls to trick users into divulging sensitive information. A successful phishing attack can be avoided by using email security and filters.
- Malware: Any malicious code or executables on the network could open the organization to sophisticated malware attacks, such as ransomware. Attackers install malware using phishing attacks, malicious web pages, and USB devices.
- Man-in-the-middle (MitM): When users connect to corporate networks using public Wi-Fi hotspots, they open their devices to the risk of MitM attacks. VPN connections help stop these attacks.
- Distributed denial-of-service (DDoS): Administrators have no warning before a DDoS occurs, so its swift and sudden attack exhausts resources and causes downtime. Some cybersecurity systems detect a DDoS early during the attack so that administrators can react quickly.
- SQL injection: Malformed SQL statements injected into the input and sent to a database server can be leveraged to retrieve data, damage database objects (e.g., tables), and elevate permissions. Developers should always validate SQL input and avoid building queries from strings and user input.
When the pandemic changed how people work, the trends in cyber-attacks also changed. These changes exploit human error and the inadequate cybersecurity home users install on their computers. Phishing attacks continue to trend upward as one of the most popular vectors targeting users and tricking them into downloading malware or divulging their network credentials. These methods give attackers access to internal resources, making them difficult to detect when attackers appear to be legitimate users.
Users often work with their own smartphones and IoT devices, and these edge devices pose a threat to network security. Attackers know that antivirus likely runs on a desktop computer, but IoT and smart devices lack the same level of protection. Targeting IoT devices is a popular method for attackers. The largest DDoS attacks have stemmed from hacked IoT devices used to flood global networks with traffic.
Ransomware gives attackers a way to monetize their efforts. This malware attack is one of the most damaging to organizations because there's no method to reverse the payload. Ransomware encrypts data with cryptographically secure ciphers (e.g., AES-256), so organizations must restore backup data. Paying the ransom does not guarantee return of the organization’s data, so it can be devastating for organizations with poor backup strategies.
To prevent cyber-attacks, every organization needs a strategy. Strategies cover the infrastructure, software, policies, and training necessary to stop threats. No strategy can eliminate risk 100%, but it can reduce it significantly and provide ways for organizations to respond and recover quickly.
Here are a few ways organizations can prevent data breaches and downtime from attacks:
- Create cybersecurity policies: These policies usually require a professional so that every vector is covered. Policies tell administrators and employees how to handle specific attacks such as phishing, social engineering, spam, and physical threats (e.g., piggybacking).
- Penetration test software: Before deploying to production, always conduct a security review and penetration test of code to catch vulnerabilities. These vulnerabilities should be remediated before deployment.
- Offer company-wide security training: All employees should be trained to detect phishing and social engineering to report it rather than engage with attackers. Proofpoint security awareness training offers unique people-centric approach can reduce successful phishing attacks and malware infections by up to 90%. And our solution has been named a Leader by Gartner in its Magic Quadrant for 6 years in a row.
- Implement threat intelligence and monitoring applications: Most organizations use a SIEM (security information and event management) to help them analyze events and alert administrators to suspicious network activity.
- Deploy intrusion detection systems: An intrusion detection system (IDS) helps administrators detect and block potential attacks. These systems work with prevention systems to automatically block access should an attacker find a vulnerability.
- Keep frequent backups: Backups are the ultimate failover should ransomware or other malware damage data and applications. A backup strategy is a part of a good disaster recovery plan and improves business continuity.