Ransomware & Data Theft are Rampant
The reflex answer to why data isn’t adequately protected is “cost.”
Yet, that answer is naïve.
Breached or ransomed companies pay inordinate sums to restore their data and restore their reputation. It’s a desperate act of survival. Obviously, the answer simply isn’t cost. A lack of protection stems from not knowing the tech, not experiencing the risk, and thus not appreciating the value of its protection. Once devastated by an attack, leadership feels it. And with that immediate and immense loss, they’ll pay inordinate sums to stop the bleeding and recover what they can from the damage that’s done.
The bottom line for organizations is to: understand the environment, understand what’s at risk, and budget to effectively mitigate against it. Data is valuable – Protect it!
Federal Bureau of Investigation (FBI)
The FBI is the lead federal agency for investigating cyberattacks by criminals, overseas adversaries, and terrorists. The threat is serious— and growing. Cyber intrusions are becoming more commonplace, more dangerous, and more sophisticated. Our nation’s critical infrastructure, including both private and public sector networks, are targeted by adversaries. American companies are targeted for trade secrets and other sensitive corporate data and universities for their cutting-edge research and development. Citizens are targeted by fraudsters and identity thieves, and children are targeted by online predators.
When it comes to computer and network intrusions the collective impact is staggering. Billions of dollars are lost every year repairing systems hit by such attacks. Some take down vital systems, disrupting and sometimes disabling the work of hospitals, banks, and 9-1-1 centers around the country. Who is behind such attacks? It runs the gamut—from computer geeks looking for bragging rights, to businesses trying to gain an upper hand in the marketplace by hacking competitor websites, to hactivists fighting for a cause to rings of criminals wanting to steal personal information and sell it on black markets, to spies and terrorists looking to rob our nation of vital information or launch cyber strikes.
Today, these computer intrusion cases—counter-terrorism, counter-intelligence, and criminal—are cyber program priorities because of their potential national security nexus.
Cybercrime is big business! It can take the form of targeted hacking to steal data, industrial espionage, phishing, phone scams, extortion, ransomware, or social hacking. The threat can be a lone actor, a small-time ring of hackers, or seasoned professionals who have been at it for years. The end goal of these attackers is to make money. The attacks can be highly complex or basic, depending on the cyber-criminals skills and sophistication. One efficient tactic is combining data theft and ransomware encryption a combination that allows the attacker(s) to get revenue twice. They get payment to decrypt the data and make money on selling the data they managed to steal.
Threats to cybersecurity come from a variety of sources, including a lone ‘hacker’ who could be a digital vandal, disgruntled former employee, romantic interest, or a bored neighborhood kid. The lone hacker may be motivated by financial gain or to cause intentional, or random, ‘just because they can’ harm. Their skill level can be nonexistent to advanced. In the case of a former employee or romantic interest, insider knowledge can make this threat capable of incredible harm even with no real ‘hacking’ ability. Because they are more random and variable, lone hacker incarnations may be best addressed by an overall strong security culture and hardened infrastructure.
Hacktivists are motivated by causes beyond just financial gain or random ‘just because they can’ harm. It may be politics, ideology, or some other motivator that gets an organization on their radar. The fact that this type of cyberattack is usually intentional and directed can increase the potential for harm. Defending against this threat is likely not a priority for most, but for those in government, defense, healthcare, law enforcement, and other verticals that may catch their attention, it should not be ignored. Unlike cybercrime for profit groups, Hacktivists also tend to bring a social element that can lead to additional attention and potential ‘bandwagon’ attacks.
The most potent cybersecurity threats are nation state actors. This cyberthreat backed by governments brings incredibly advanced skills, and nearly limitless resources, to bear against their targets. They are a figurative and literal army, sometimes reaching out with the full and open public support of their leadership. In some cases they take the form of highly educated and trained members of massive cubical farms. In other incarnations they are loosely organized and largely autonomous, left to apply whatever means available to achieve the goals they have been assigned. Any organization of strategic value should prioritize cybersecurity and defending against this considerable threat.
Department of Homeland Security (DHS)
“Because of its geopolitical position in the world and its considerable and vulnerable attack surface, the West faces particular challenges in addressing the cyberthreat and several issues exacerbate an already problematic environment including an inconsistent ability to hold actors responsible. Among the key issues that may need to be addressed are the lack of clear redlines that set expectations and implications for the use of cyberweapons by state and non-state actors. Another consideration is the evolving understanding of how escalation and unintended consequences can and should be managed in a cyberattack. Overall, as would be expected from a relatively new area of warfare, the rules of engagement are still emerging and unclear.”
From: Commodification of Cyber Capabilities: A Grand Cyber Arms Bazaar (2019 Public-Private Analytic Exchange Program)
July 2020: Garmin suffered a cyberattack that impacted online services including website functions, customer support, customer facing applications, and company communications. Some reports indicated the attack may have included ransomware along with substantial financial demands for the key required to decrypt impacted resources.
July 2019: A previously unidentified Chinese espionage group was found to have been active since at least 2012 to gather data from foreign firms in industries identified as strategic priorities of the Chinese government. Some of the targets included were: telecommunications, healthcare, semiconductor manufacturing, and machine learning. The group was also involved in stealing cryptocurrencies and in monitoring Hong Kong dissidents.
September 2017: Equifax announced a data breach that exposed the personal information of 147 million people. Some of the exposed information included: Social Security numbers, names, gender, phone numbers, driver’s license numbers & state, email addresses, credit card information, tax IDs, dates of birth, and addresses. In addition, some images uploaded were compromised including: driver’s licenses, passports, Social Security & taxpayer ID cards, and more.