In 2013, numerous employees in the accounting departments of Google and Facebook began receiving...
October is Cybersecurity Awareness Month, and we would like to take this opportunity to raise awareness of this subject, which, in recent years, has become a rather significant one in our personal and professional lives. In the following series, we will discuss this issue more thoroughly, by illustrating recent statistics, different types of cybercrime, and how you can protect yourself and your business from these threats.
While there are countless types of criminal activity in the cyberspace, we have decided to highlight those that currently pose the most significant threat to businesses, in a series of four articles published weekly throughout the month of October.
As technology advances, most of our information, spanning from personal data over confidential company information to classified government records, is stored in digital systems. Threatening said systems, and the data they contain, has thus become increasingly profitable for cybercriminals. The number of individuals and organisations falling victim to these vicious attacks is ever-growing, with 2022 showing a 38% increase in attacks globally, compared to 2021. The global volume of cyberattacks reached an all-time high with an average of 1168 weekly attacks on organisations recorded in the last quarter of 2022. Europe experienced an increase of 26% compared to the previous year, whereas the USA and the UK saw overall cyberattacks skyrocket by 57% and 77% respectively.
Over recent decades, more, and less sophisticated attempts to scam consumers out of their money have evolved into what are now highly advanced, malicious attacks by growingly agile hackers, targeting anything from the everyday consumer, to healthcare institutions and whole governments.
After the 2017 cyberattack on the campaign of French President Emmanuel Macron, investigations linked the digital fingerprints with those targeting the former US presidential candidate Hilary Clinton in 2016, and German Chancellor Angela Merkel, in April and May of the same year.
Macron later invested €1 billion in a package to strengthen France’s cyber defence, after two paralysing attacks on French hospitals in February 2021. For hours, during these attacks, patient files were blocked, as well as phones and surgical equipment.
Similarly, the Health Service Executive (HSE) of Ireland suffered a major ransomware attack in May 2021, during the COVID-19 pandemic, by Russian cybercrime-gang Conti, causing the systems of 54 public hospitals nationwide to shut down. In the attack, 80% of the HSE IT environment was encrypted, and 700 GB of unencrypted data, including protected health information (PHI) exfiltrated. According to the HSE, it took four months to recover from the attack, and large financial losses were suffered to respond to the incident and subsequent lawsuits from patients.
2022, however, marks a milestone, as the first ever national state of emergency due to cybercrime was declared by Costa Rica’s President Rodrigo Chavez, after a chain of crippling ransomware attacks by the Conti group, demanding a $20 million ransom. In this series of attacks, starting in April 2022, 27 different Costa Rican public institutions were targeted, including its Ministry of Finance, the Ministry of Science, Technology and Telecommunications (MICITT), the National Meteorological Institute, the Social Security Fund, and the Ministry of Labor and Social Security, causing the nation to suffer an economic loss of $125 million in the first 48 hours following the first attack.
Whereas attacks on government bodies and public institutions are arguably the most impactful, numerous other sectors have been – and are continuing to be affected by similar threats and attacks, threatening leaders of economic growth and systems crucial to it. With attacks on government (4.8%), healthcare (5.8%), and education (7.3%) making up a minority of their distribution across global industries, the most targeted sectors as of 2022 are manufacturing, and finance and insurance, at 24.8% and 18.9% respectively.
Rather than try to counteract them, which can prove futile when considerable amounts of sensitive data are at stake and the clock is running out, we must do our utmost to prevent these attacks, starting with helping people better understand the threat. To do so, it is necessary to illustrate the different types of cybercrime practices more profoundly.
Do you know how many of the emails you receive in a week are phishing attempts? Is your company up to date on how ransomware gets into your servers, or what cryptomining means?
We are dedicating the entire month of October to informing and educating our readers on different types of threats to look out for, best practices to shield yourself from cybercrime, and what to do if you have detected suspicious behaviour.
Sources: HHS , The Guardian , The Local , Check Point Research
