Courtesy of industry-leading cyber security publication CSO, here are some eye-watering statistics to get your heartbeat pulsing.
- Up to 92% of businesses have suffered a cyber breach in the last 12 months.
- The typical cost of a cyber breach is more than $3 million, with over $800,000 alone being secured by hackers — on average — during a ransomware attack.
- Companies on the Fortune 500 list have around 500 different active digital system structures available for a cyber attack at any one time.
- 60% of businesses that experience a major cyber breach go bust in 6 months.
This is all made worse by the fact that businesses continue to underinvest in their cyber security. Globally, only 33% of businesses invest in cyber security risk assessment practices (according to CSO).
This number needs to change.
Cyber security services are essential for businesses that want to survive and thrive, as the data above clearly demonstrates. If those figures weren’t enough to get you thinking about your cyber security position, we’re looking at some real-world examples of when cyber security hacks brought big businesses to their knees.
In one of the most carefully coordinated and audacious cyber security hacks to date, the notorious Russian-linked group REvil targeted Kaseya, a network management service provider. Kaseya sells products to managed IT vendors, who then use the software for their customers. Kaseya applications are used downstream across a wide range of networks, everyone from supermarket chains to public transport networks.
By leveraging a weakness in Kaseya software, REvil were able to install ransomware onto the systems of just under 1500 businesses. The hackers made a demand for a total of $70 million in return for the encryption keys to unlock the data the cyber attack took hostage. It was reported that, because this attack happened during a crucial commercial sales period, many organisations committed to negotiating with the hackers to prevent major losses.
While the true fallout of this recent attack is likely only to be fully realised in the future, the potential damage includes the ransomware costs, loss of sales due to downtime, massive financial and reputational hits to Kaseya and the IT services they worked with, and legal challenges from all sides. What’s worse is that Kaseya was aware of the weakness in their systems but failed to fix the problem fast enough, which could make for some difficult conversations for the business and their stakeholders.
The Colonial Pipeline hack is reported to be the most damaging cyber attack on a national infrastructure resource the world’s ever seen. The incident occurred when hackers gained access to the technology that operates the Colonial Pipeline system in the USA, which distributes oil from New Jersey to Texas and supports the lives of tens of millions of people.
It is unclear exactly how the hackers managed to infiltrate the system, although experts have speculated it was an administrative error, likely a phishing email that allowed malware to be downloaded. Once in the network, the cyber attackers ransomed the data systems of Colonial Pipeline, shutting down the service and access to oil resources until their demand of $4.4 million was paid.
Colonial Pipeline opted to pay this fee, and service was resumed. The implications of this attack are likely to be some of the most significant in history. Such ransoming of national resources will lead to massive institutional changes to prevent further attacks, likely at great expense.
Interestingly, the hacker group involved in the attack — DarkSide — issued an apology for the attack, stating they would put into place their own processes to stop national infrastructure from being targeted in the future. While it seems clear they intended to make money and not harm societal interests; the attack nonetheless demonstrates how our continued reliance on networked technology puts operations at serious risk.
Originally the biggest GDPR fine doled out under the new regulations — although later revised to a lower figure — British Airways were charged with covering millions in damages after hackers stole customer details, including information on 500,000 individual credit cards.
The breach occurred when hackers took control of British Airways’ website and redirected users to a fake page. Here, any information entered onto the site was stolen. British Airways were condemned for their archaic systems and cyber security practice, one of the primary reasons behind their hefty GDPR fine.
What Does This Teach Us about Cyber Security?
All these hacks have something in common. Well, two things in common.
The first and most obvious is that they were seriously damaging to the company, either in terms of finances, reputation, or both. They were also all entirely avoidable. Poor cyber security procedures can wipe millions of a major brand’s value and totally collapse smaller enterprises.
The only way to protect your business is to be proactive. Reactive action cannot save you from cyber attacks; you need to get ahead of the threat. Deploy an effective cyber security strategy to safeguard your business and focus on continuous improvement that ensures you never fall behind.
Yes, it’s an investment. Yes, it will cost your business money. But, compared to the alternatives should you face a sizable cyber breach like the businesses mentioned above, the benefits of good cyber security far outweigh the risks.