“Cybercrime is the biggest threat to every company in the world. Security used to be a barrier, but now it’s a necessity of all time”
The digital growth strategy that every organization is embarking on provides a great opportunity, however, the increased reliance on technology means that the type of harm that can be inflicted on a business is increasing dramatically.
No longer do businesses rely purely on IT departments to protect an organization, it has now become an issue for the board and the rest of the business to manage. The catastrophic attack by the WannaCry ransomware on the NHS on 12 May 2017 was not even targeted directly at them but the consequences were clear.
Cyber attacks are taking place all the time even as we breathe. Incidents related to cyber security have increased exponentially during the pandemic. The incidents jumped from 3,94,499 in 2019 to 11,58,208 in 2020 as per government data. That is why, to raise awareness and prevent such incidents from happening, the government of India took several steps. One of them is the launch of Cyber Swachhta Kendra, a Botnet Cleaning and Malware Analysis Centre. CSK is part of the Govt’s India’s Digital India initiative that aims to create secure cyberspace in India.
COMMON CYBERSECURITY THREATS
The security of some organizations big or small is being compromised. The most common cybersecurity threats are-
- Malware: Malware is defined as code with malicious intent that generally steals data or destroys something on the computer. Malware is an all-encompassing term for a variety of cyberattacks including Computer viruses, Worms, Spyware, Adware, and Trojan horse.
- Phishing: Most of the attacks on financial institutions in the past 3 years have not been through brute force attacks on firewall appliances, it has been through acquiring users’ passwords, this technique is called Phishing. Phishing emails have gotten much more sophisticated in recent years making it difficult for some people to discern a legitimate request for information from a false one.
- Password Attacks: Hackers use cracking programs, dictionary attacks, and password sniffers in password attacks as an operation to collect or decrypt a user’s password for illicit purposes. Password cracking refers to several regulations used to uncover computer passwords, this is usually achieved by recovering passwords from data stored in or transported from a computer system.
- Distributed Denial of Service: DDoS or DOS attack focuses on disrupting the service to a network, attackers send a high volume of data or traffic through the network until the network becomes overloaded and can no longer continue operations. Many instances of large-scale DOS attacks have been implemented as a single sign of protests towards governments or individuals that have led to severe punishment including major jail time.
- Man in the Middle Attacks: By impersonating the endpoints in an online information exchange the man in the middle attacks and obtains information from the end-user and the entity he or she is communicating with. The MITM gains access through a non-encrypted wireless access point that does not use WEP, WPA, or any other security measures then they access all the data being transferred between both parties by parodying the Address Resolution Protocol.
- Malvertising: It is a name given to criminally controlled advertisements that intentionally infect people or businesses, these can be any advertisement on any site.
- Rogue Software: Rogue security software is a form of malicious software and internet fraud that misleads users into believing that there is a virus on their computer and manipulates them into paying money for a fake malware removal tool. It is a form of scareware that manipulates users through fear and a form of ransomware.
CYBER ATTACK CONSEQUENCES ON A COMPANY
Consequences can be referred to as the effects of a cyber-security attack. There are three main consequences:
Having none or less of both tangible and intangible assets following an attack.
- Financial loss where money may be stolen in the attack, fine may be imposed and it may cost money to recover from the attack. British Airways was fined £20 million for a data breach in 2018.
- Loss of data is often the most disastrous intangible loss as the data may be destroyed, manipulated, or modified to a point that can not be recovered. The devastating cyberattack on an email provider destroyed 18 years of data in 2019.
- Loss of reputation is common for any organization which takes a major hit on its reputation following any cyberattack. The cyberattack on telecom company TalkTalk in 2015 resulted in a loss of 101,000 customers which cost the firm around £77 million.
- The delay in responding and recovering from a cyber-security attack causes operational disruption to day-to-day business.
- A loss of customers causes businesses to restructure their financial commitments resulting in financial disruption.
- Businesses may not be able to sell their product or services for a period causing a commercial disruption.
- A cyber attack can target critical national infrastructures like healthcare, nuclear plants, power stations, and many more resulting in individual safety.
- Critical equipment like life support machines can fail.
- Individuals and businesses may be unable to access their money, and so no longer pay for essentials.
IDENTITY THEFT: LEAVING VICTIM POOR & VIOLATED
Identity theft is the deliberate use of someone else’s personal information to commit fraud or to gain financial benefits. Identity theft is one of the most pervasive crimes of the 21st century. Every two seconds another person becomes a victim of identity theft. Craft fraudsters can steal identities in several ways, it is a global problem where millions of identities are stolen every year resulting in losses of billions of dollars. Based on a survey 4.8 million people became victims of identity threat and fraud in 2020, which increased by 45 percent from 3.3 million in 2019.
Personal information includes a person’s name, identification code, address, banking information, medical records, email address, and date of birth. Identity thieves get personal information through hacking company databases, data breaches making telemarketing calls asking for personal information, stealing mail from residential mailboxes, people may also provide easy access to their personal information by behaving carelessly. Once identity thieves get hold of personal information they can commit financial fraud, buy expensive items, take over existing accounts, obtain genuine documents, and commit serious crimes like murder, money laundering, and so on. As a result, the victims may end up being saddled with debts or behind the bars in extreme scenarios.
Identity theft evolved rapidly as new mediums, as social media developed it became nearly impossible to completely prevent identity theft. However, it is possible to reduce the likelihood of being a target by taking certain precautions such as-
- Protecting online privacy and limiting what one shares on social media.
- Being aware of suspicious emails.
- Destroying documents containing personal information rather than just throwing them in the dustbin.
- Changing account passwords regularly.
- Checking credit profile regularly for unauthorized transactions.
- Investing in identity theft protection service.