The cost of doing nothing
Not investing in cybersecurity could be your organization’s most expensive mistake
it's easy to forget that hackers can also work their way into systems with physical components, particularly USB devices as it is as convenient to a user perspective and to an hacker. According to a report by Honeywell Forge, 79% of USB cyberattacks are capable of disrupting operational technology, like the day-to-day functions of an industrial plant. Fifty-one percent of them can give an attacker remote access.
Improvements have been made to shore up cybersecurity in many businesses, which have led to the increase in arrests involving these types of crime. While many consider large multinationals as the priority targets of perpetrators, many, in fact, target mid-size businesses.
According to another cybersecurity company called Coveware, the average payment of ransom during the final three months of last year was more than $320,000, which is more than twice the figure of the quarter before that. This is because hackers have begun targeting businesses big enough to pay a significant ransom, but not so large that it would have required significant time and effort into launching the attack.
Cybersecurity researchers at Sonicwall have found that the volume of attempted ransomware attacks that were aimed at their customers increased by 105% last year. This translates to a total of 623.3 million attempted incidents that year.
Researchers reason that although higher ransoms may be taken from big companies, they do not risk their safety by receiving smaller but stabler amounts from mid-sized companies.
Established institutions may suffer greatly from USB threats, and there have been examples of this in the past.
In 2008, a rogue flash drive was inserted into a US military laptop in the Middle East and initiated a “digital beachhead” for a foreign intel agency. The drive’s malicious code permeated classified and unclassified systems, by which data was transferred to foreign control.
In Hong Kong, a USB that could kill a computer was developed. This works by taking power from the USB line until it reaches some 240 volts. Energy is discharged back through data lines in extreme power surges. This USB is sold for just $56.
In Iran back in 2010, a worm that travelled on a USB stick called Stuxnet was able to trespass more than 15 Iranian facilities, including the Natanz nuclear facility. International Atomic Energy Agency inspectors investigated the area and saw that an unusual number of uranium-enriching centrifuges were malfunctioning, the cause of which was unknown at the time. Specific effects of the malware were not disclosed but it was estimated to have ruined close to a thousand uranium-enriching centrifuges. This led to a 30% decrease in enrichment efficiency.
Breaches have dire implications on operations, business, and revenue. But it’s not just the cost of money loss that we should be considering, but also the cost of life. One case in Ukraine led to people not having access to clean water for a month.