Dark Reading is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Vulnerabilities / Threats

1/15/2019
10:30 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
RSS
E-Mail vvv
50%
50%

Why Cyberattacks Are the No. 1 Risk

The paradigm shift toward always-on IT requires business leaders to rethink their defense strategy.

With the world going digital, the dependence on the availability of IT infrastructure keeps exponentially growing, and many people don't comprehend the true scope of the implications. The recent cyberattack on the Los Angeles Times is a prominent example, disrupting the delivery of the Los Angeles Times and Tribune newspapers across the entire US. And in May 2018, a number of distributed-denial-of-service (DDoS) attacks were launched targeting the Netherlands, affecting and temporarily shutting down the online banking of three of the country's largest financial institutions.

Thanks to the emergence of the darknet, cybercrime has become widely accessible and procurable, blurring the lines between legitimate e-commerce and illicit trade. In the Netherlands, an 18-year-old man was arrested in connection with the DDoS attacks who apparently hired a cybercriminal through one of the various marketplaces in the darknet and who "wanted to show that a teenager can simply crash all banks" with a few clicks — unfortunately, he was right.

Society Is More Vulnerable to Cyberthreats
Indeed, society has become much more vulnerable to such attacks. The World Economic Forum (WEF) says business leaders in advanced economies see cyberattacks as their single biggest threat, even more so than terrorist attacks (No. 2), an asset bubble (No. 3), a new financial crisis (No. 4), or failure to adapt to climate change (No. 5).

This is no surprise because the business risks associated with cybercrime are growing along with companies' ever-increasing dependence on technology. Moreover, the massive growth in the use of smart devices has opened up a universe of new ways for cybercriminals to launch attacks through large-scale botnets. By 2025, the number of smart devices in the world is projected to exceed 75 billion, outnumbering the global population by a factor of 10. Meanwhile, geopolitical rivalries are engendering larger and more sophisticated cyberattacks by smart, well-resourced IT teams with generous state backing. Particularly, large organizations need to take into account a whole range of cyber threats — including business interruption, theft, and extortion — reputational damage, economic espionage, and the infiltration of critical infrastructure and services. The evolving threat landscape combined with a mixture of highly sophisticated adversaries makes cyber-risk very challenging to manage.

An Under-Resourced Risk
Awareness of this risk is growing, and more organizations are directing efforts toward cyber-risk management. However, as the WEF highlights, cybersecurity is still under-resourced when measured against the sheer scale of the threat.

Cybercriminals are now estimated to pocket $1.5 trillion annually — a staggering amount equal to Russia's gross domestic product, and five times the cost of approximately $300 billion resulting from natural disasters in 2017. Some studies predict that the takedown of a single cloud provider could result in $50 billion to $120 billion in economic damage — similar to the financial carnage stemming from Hurricane Sandy and Hurricane Katrina. 

Cyber Issues Reduce Value
Cyberattacks can wreak havoc on a company, and severe financial and legal blowback are only the start. Equifax's stock dropped more than 31% after the firm revealed that it had been the victim of a breach. The disclosure erased $5 billion in market value, as reported by MarketWatch. After Yahoo disclosed two large-scale breaches, Verizon cut its buy offer by $350 million, or about 7% of the original price. The breach almost scuttled the deal. Yahoo had to pay a $35 million penalty to settle securities fraud charges levied by the US Securities and Exchange Commission (SEC), and another $80 million to settle lawsuits launched by irate shareholders.

When the Marriott breach hit the news, Sen. Charles E. Schumer (D-NY) called on the hotel chain to foot the bill and replace the passports for as many as 327 million people whose passport numbers might have been exposed in the attack. Marriott pledged to cover the cost, but at $110 per passport — the standard fee — it would have had to fork out an incredible $36 billion, an amount equivalent to the firm's entire market capitalization.

New Risk Imperatives
Other factors influence the consequences of cybercrime. For instance, firms are more heavily leveraged than they were a few years ago. Since 2010, the debt-to-equity ratio for the median S&P 1500 company has nearly doubled. Consequently, according to the WEF, their stability is even more threatened by cybercrime skullduggery.

In response, regulatory frameworks are being tightening up around the globe — witness the General Data Protection Regulation in Europe and the new SEC directives in the US. The authorities want to see better preparation that will mitigate risk, and more transparency after cyberattacks. In a press release, SEC Chairman Jay Clayton urged public companies to "examine their controls and procedures, with not only their securities law disclosure obligations in mind, but also reputational considerations around sales of securities by executives."

Businesses need to focus on their resilience to cyber events and generally need to put emphasis on prevention and response. Research suggests that only about half (52%) of organizations have a CISO on their payroll, and only 44% say their corporate boards actively participate in their companies' overall security strategy. In the digital age, this is no longer good enough and needs rethinking.

Because virtually every business is going digital in one way or another, it's naive to think that today's cyberattacks primarily affect technology companies. In fact, cybercrime is setting its sights on industries across the board, many of which were left alone in the pre-digital era. Hotels, airlines, and banks, for example, are now squarely in the cybercriminals' crosshairs.

The upshot is that modern corporate innovation and growth must be balanced against cyber-risk and IT stability. More than ever, business leaders must create strategic plans that pave the road to emerging opportunities but also outline how their companies will ensure business continuity and deal with the complex set of cyber threats blighting the global digital landscape.

Related Content:

 

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
 

Recommended Reading:

Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
michaelmaloney
50%
50%
michaelmaloney,
User Rank: Apprentice
1/25/2019 | 3:39:06 AM
What's the world coming to
All of this really sounds like a plot for the next thriller movie. I mean, it's not hard to imagine that a kid would be able to do all of that if he wanted to, but the problem here is are we really bringing up kids to be like that in this day and age? Businesses should be very, very afraid...
CameronRobertson
50%
50%
CameronRobertson,
User Rank: Moderator
1/22/2019 | 3:33:55 AM
Use less, worry less
It should be anticipated that we make ourselves become vulnerable to online attacks when we expose ourselves online around the clock. We need to rethink how we manage our operations and come up with an alternative solution that perhaps involve a little less digital involvement. The less time we spend online, the smaller the window for potential attacks.
sophiared
50%
50%
sophiared,
User Rank: Apprentice
1/17/2019 | 3:00:35 AM
Concern for Cyber security
It is undoubtedly a valid concern regarding such Cybersecurity as there are many unauthorized persons are moving around to steal the users' sensitive information. They can get other fruitful suggestions instructed by error code 0x80070057 that will guide them in a proper manner.
COVID-19: Latest Security News & Commentary
Dark Reading Staff 7/9/2020
Omdia Research Launches Page on Dark Reading
Tim Wilson, Editor in Chief, Dark Reading 7/9/2020
Mobile App Fraud Jumped in Q1 as Attackers Pivot from Browsers
Jai Vijayan, Contributing Writer,  7/10/2020
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
Special Report: Computing's New Normal, a Dark Reading Perspective
This special report examines how IT security organizations have adapted to the "new normal" of computing and what the long-term effects will be. Read it and get a unique set of perspectives on issues ranging from new threats & vulnerabilities as a result of remote working to how enterprise security strategy will be affected long term.
Flash Poll
The Threat from the Internetand What Your Organization Can Do About It
The Threat from the Internetand What Your Organization Can Do About It
This report describes some of the latest attacks and threats emanating from the Internet, as well as advice and tips on how your organization can mitigate those threats before they affect your business. Download it today!
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2020-15105
PUBLISHED: 2020-07-10
Django Two-Factor Authentication before 1.12, stores the user's password in clear text in the user session (base64-encoded). The password is stored in the session when the user submits their username and password, and is removed once they complete authentication by entering a two-factor authenticati...
CVE-2020-11061
PUBLISHED: 2020-07-10
In Bareos Director less than or equal to 16.2.10, 17.2.9, 18.2.8, and 19.2.7, a heap overflow allows a malicious client to corrupt the director's memory via oversized digest strings sent during initialization of a verify job. Disabling verify jobs mitigates the problem. This issue is also patched in...
CVE-2020-4042
PUBLISHED: 2020-07-10
Bareos before version 19.2.8 and earlier allows a malicious client to communicate with the director without knowledge of the shared secret if the director allows client initiated connection and connects to the client itself. The malicious client can replay the Bareos director's cram-md5 challenge to...
CVE-2020-11081
PUBLISHED: 2020-07-10
osquery before version 4.4.0 enables a priviledge escalation vulnerability. If a Window system is configured with a PATH that contains a user-writable directory then a local user may write a zlib1.dll DLL, which osquery will attempt to load. Since osquery runs with elevated privileges this enables l...
CVE-2020-6114
PUBLISHED: 2020-07-10
An exploitable SQL injection vulnerability exists in the Admin Reports functionality of Glacies IceHRM v26.6.0.OS (Commit bb274de1751ffb9d09482fd2538f9950a94c510a) . A specially crafted HTTP request can cause SQL injection. An attacker can make an authenticated HTTP request to trigger this vulnerabi...