Cybertheft, cyberattack, cyberweapons. These concepts of criminal activity are similar to those in the physical world, also illegal and financially damaging to governments, businesses and individuals alike.
Whether the cyberattack takes place to boycott an organisation, to steal valuable information, to make a political, religious or ethical statement, or to elicit a ransom, it is hugely disruptive to business operations and can be very costly. Companies affected by cyberattacks also suffer the scrutiny of the public eye, a possible huge fine for losing private customer data as well as the loss of clients as a result.
Last week, Verint, an American cybersecurity firm was hit with ransomware that affected their on-premise Email and Virtual Desktop Infrastructure. This very ironic example is proof that all businesses are vulnerable to cyberattacks, even those that we believe are the best prepared.
The most financially damaging cyberattacks
The WannaCry epidemic, known as the most widespread cyberattack, resulted in an estimated financial cost of $4bn to $8bn. It affected over 200,000 computers in 150 countries and impacted operations in railway networks across Russia and Germany, car manufacturers such as Nissan and Renault and even hospitals across the UK’s National Health Service.
The costliest cyberattack to date however, has been NotPetya. Also known as ExPetr, this is a ransomware encryptor disguised as a software update that moves around the web encrypting information, totally blocking accessing. This ransomware started by affecting banks, governments and even the Chernobyl plant in the Ukraine, then spread to Europe, hitting Danish shipping company A.P. Moller Maersk and UK advertising agency WPP amongst others and causing damage estimated at $10bn.
Bringing down the networks and power
With the evolution of the Internet of Things, the spreading of cyber bots has allowed for the creation of huge botnets such as Mirai. Mirai started spreading out by infecting older smart devices with no in-built antivirus and was then able to track and infect other devices. The creators of Mirai tested its capability in October 2016 by using the network of infected equipment to flood the DNS service provider Dyn with requests. Dyn could not cope and became unavailable and knocked other dependent services offline: Netflix, Paypal, Twitter, Spotify, Playstation Online and many more. This was a huge wake-up call for the world on the importance of cybersecurity.
It seems clear than no industry is safe from a cyberattack. In recent years, Marriot International (Starwood), Yahoo and the controversial dating site Ashley Madison, have all been hacked leaving costumer’s information and bank details exposed.
The shadowy world of cyberwarfare
Malware has even been written to attack the physical world. The Stuxnet worm, thought to have been developed by American and Israeli intelligence agencies, was introduced to an Iranian Nuclear Power plant, and successfully sent out commands to the centrifuges which sent them spinning at such high speeds that it physically destroyed them. The worm then (unintentionally we presume) made its way out into the wider world and targeted networks built on similar operating system stacks. Eventually over 200,000 computers were infected and 1,000 machines were physically degraded.
Even hacking business are at risk of a cyberattack, proving that no one is exempt from this type of crime. The Hacker Team is an organisation in Italy that sells espionage software to government and law enforcement agencies to combat terrorism. The Hacker Team were hacked in 2015 and lost their customers trust as a result. They have not been able to position themselves back in the market, proving that all a business needs is to have a gap in their system at any point in time, to become vulnerable and highlighting the importance of cybersecurity. The Hacker Team was recently acquired in a hope to rebuild it from scratch and get it back on its feet in a merger named Memento Labs.
Cybersecurity and the future
With the rising threat of cybercrime, new cybersecurity technologies have arisen. Tech experts predict that as artificial intelligence and machine learning technologies evolve, so will the hacking technology, meaning every business should be prepared no matter the size of the organisation or the industry.
Government laws are also evolving. Many countries are already in the process of creating new laws to protect individuals from data theft for example, creating legal responsibilities for all businesses and organisations.
In the UK, the law is dispersed across different regulations such as the Data Protection Act 2018 (GDPR), the Network and Information Regulations Systems 2018 (NIS regulations) the Privacy and Electronic Communications Regulations 2003 (PECR) as well as others. Whether they apply to your organisation or not, depends on the incident and nature of your business.
Whether it is by investing in the best cybersecurity software and personnel, the most important thing is to be aware of the risks and to proactively implement policies and procedures in advance of any incident.