Vulnerabilities / Threats

1/15/2019
10:30 AM
Marc Wilczek
Marc Wilczek
Commentary
Connect Directly
Twitter
LinkedIn
Google+
RSS
E-Mail vvv
50%
50%

Why Cyberattacks Are the No. 1 Risk

The paradigm shift toward always-on IT requires business leaders to rethink their defense strategy.

With the world going digital, the dependence on the availability of IT infrastructure keeps exponentially growing, and many people don't comprehend the true scope of the implications. The recent cyberattack on the Los Angeles Times is a prominent example, disrupting the delivery of the Los Angeles Times and Tribune newspapers across the entire US. And in May 2018, a number of distributed-denial-of-service (DDoS) attacks were launched targeting the Netherlands, affecting and temporarily shutting down the online banking of three of the country's largest financial institutions.

Thanks to the emergence of the darknet, cybercrime has become widely accessible and procurable, blurring the lines between legitimate e-commerce and illicit trade. In the Netherlands, an 18-year-old man was arrested in connection with the DDoS attacks who apparently hired a cybercriminal through one of the various marketplaces in the darknet and who "wanted to show that a teenager can simply crash all banks" with a few clicks — unfortunately, he was right.

Society Is More Vulnerable to Cyberthreats
Indeed, society has become much more vulnerable to such attacks. The World Economic Forum (WEF) says business leaders in advanced economies see cyberattacks as their single biggest threat, even more so than terrorist attacks (No. 2), an asset bubble (No. 3), a new financial crisis (No. 4), or failure to adapt to climate change (No. 5).

This is no surprise because the business risks associated with cybercrime are growing along with companies' ever-increasing dependence on technology. Moreover, the massive growth in the use of smart devices has opened up a universe of new ways for cybercriminals to launch attacks through large-scale botnets. By 2025, the number of smart devices in the world is projected to exceed 75 billion, outnumbering the global population by a factor of 10. Meanwhile, geopolitical rivalries are engendering larger and more sophisticated cyberattacks by smart, well-resourced IT teams with generous state backing. Particularly, large organizations need to take into account a whole range of cyber threats — including business interruption, theft, and extortion — reputational damage, economic espionage, and the infiltration of critical infrastructure and services. The evolving threat landscape combined with a mixture of highly sophisticated adversaries makes cyber-risk very challenging to manage.

An Under-Resourced Risk
Awareness of this risk is growing, and more organizations are directing efforts toward cyber-risk management. However, as the WEF highlights, cybersecurity is still under-resourced when measured against the sheer scale of the threat.

Cybercriminals are now estimated to pocket $1.5 trillion annually — a staggering amount equal to Russia's gross domestic product, and five times the cost of approximately $300 billion resulting from natural disasters in 2017. Some studies predict that the takedown of a single cloud provider could result in $50 billion to $120 billion in economic damage — similar to the financial carnage stemming from Hurricane Sandy and Hurricane Katrina. 

Cyber Issues Reduce Value
Cyberattacks can wreak havoc on a company, and severe financial and legal blowback are only the start. Equifax's stock dropped more than 31% after the firm revealed that it had been the victim of a breach. The disclosure erased $5 billion in market value, as reported by MarketWatch. After Yahoo disclosed two large-scale breaches, Verizon cut its buy offer by $350 million, or about 7% of the original price. The breach almost scuttled the deal. Yahoo had to pay a $35 million penalty to settle securities fraud charges levied by the US Securities and Exchange Commission (SEC), and another $80 million to settle lawsuits launched by irate shareholders.

When the Marriott breach hit the news, Sen. Charles E. Schumer (D-NY) called on the hotel chain to foot the bill and replace the passports for as many as 327 million people whose passport numbers might have been exposed in the attack. Marriott pledged to cover the cost, but at $110 per passport — the standard fee — it would have had to fork out an incredible $36 billion, an amount equivalent to the firm's entire market capitalization.

New Risk Imperatives
Other factors influence the consequences of cybercrime. For instance, firms are more heavily leveraged than they were a few years ago. Since 2010, the debt-to-equity ratio for the median S&P 1500 company has nearly doubled. Consequently, according to the WEF, their stability is even more threatened by cybercrime skullduggery.

In response, regulatory frameworks are being tightening up around the globe — witness the General Data Protection Regulation in Europe and the new SEC directives in the US. The authorities want to see better preparation that will mitigate risk, and more transparency after cyberattacks. In a press release, SEC Chairman Jay Clayton urged public companies to "examine their controls and procedures, with not only their securities law disclosure obligations in mind, but also reputational considerations around sales of securities by executives."

Businesses need to focus on their resilience to cyber events and generally need to put emphasis on prevention and response. Research suggests that only about half (52%) of organizations have a CISO on their payroll, and only 44% say their corporate boards actively participate in their companies' overall security strategy. In the digital age, this is no longer good enough and needs rethinking.

Because virtually every business is going digital in one way or another, it's naive to think that today's cyberattacks primarily affect technology companies. In fact, cybercrime is setting its sights on industries across the board, many of which were left alone in the pre-digital era. Hotels, airlines, and banks, for example, are now squarely in the cybercriminals' crosshairs.

The upshot is that modern corporate innovation and growth must be balanced against cyber-risk and IT stability. More than ever, business leaders must create strategic plans that pave the road to emerging opportunities but also outline how their companies will ensure business continuity and deal with the complex set of cyber threats blighting the global digital landscape.

Related Content:

 

Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio
Comment  | 
Print  | 
More Insights
Comments
Newest First  |  Oldest First  |  Threaded View
michaelmaloney
50%
50%
michaelmaloney,
User Rank: Apprentice
1/25/2019 | 3:39:06 AM
What's the world coming to
All of this really sounds like a plot for the next thriller movie. I mean, it's not hard to imagine that a kid would be able to do all of that if he wanted to, but the problem here is are we really bringing up kids to be like that in this day and age? Businesses should be very, very afraid...
CameronRobertson
50%
50%
CameronRobertson,
User Rank: Moderator
1/22/2019 | 3:33:55 AM
Use less, worry less
It should be anticipated that we make ourselves become vulnerable to online attacks when we expose ourselves online around the clock. We need to rethink how we manage our operations and come up with an alternative solution that perhaps involve a little less digital involvement. The less time we spend online, the smaller the window for potential attacks.
sophiared
50%
50%
sophiared,
User Rank: Apprentice
1/17/2019 | 3:00:35 AM
Concern for Cyber security
It is undoubtedly a valid concern regarding such Cybersecurity as there are many unauthorized persons are moving around to steal the users' sensitive information. They can get other fruitful suggestions instructed by error code 0x80070057 that will guide them in a proper manner.
Russia Hacked Clinton's Computers Five Hours After Trump's Call
Robert Lemos, Technology Journalist/Data Researcher,  4/19/2019
Tips for the Aftermath of a Cyberattack
Kelly Sheridan, Staff Editor, Dark Reading,  4/17/2019
Register for Dark Reading Newsletters
White Papers
Video
Cartoon
Current Issue
5 Emerging Cyber Threats to Watch for in 2019
Online attackers are constantly developing new, innovative ways to break into the enterprise. This Dark Reading Tech Digest gives an in-depth look at five emerging attack trends and exploits your security team should look out for, along with helpful recommendations on how you can prevent your organization from falling victim.
Flash Poll
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2019-11378
PUBLISHED: 2019-04-20
An issue was discovered in ProjectSend r1053. upload-process-form.php allows finished_files[]=../ directory traversal. It is possible for users to read arbitrary files and (potentially) access the supporting database, delete arbitrary files, access user passwords, or run arbitrary code.
CVE-2019-11372
PUBLISHED: 2019-04-20
An out-of-bounds read in MediaInfoLib::File__Tags_Helper::Synched_Test in Tag/File__Tags.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-11373
PUBLISHED: 2019-04-20
An out-of-bounds read in File__Analyze::Get_L8 in File__Analyze_Buffer.cpp in MediaInfoLib in MediaArea MediaInfo 18.12 leads to a crash.
CVE-2019-11374
PUBLISHED: 2019-04-20
74CMS v5.0.1 has a CSRF vulnerability to add a new admin user via the index.php?m=Admin&c=admin&a=add URI.
CVE-2019-11375
PUBLISHED: 2019-04-20
Msvod v10 has a CSRF vulnerability to change user information via the admin/member/edit.html URI.