Cyber-attacks have increased by over 800% since the start of the Russia-Ukraine war from suspected Russian bad actors. Attacks have become so much more frequent and unprecedented and their impacts even more devastating. The Colonial Pipeline ransomware attack in 2021 is a recent example and is the largest publicly disclosed attack against critical infrastructure in the United States. The Colonial Pipeline is the largest refined oil product pipeline in the U.S. and can carry 3 million barrels of fuel per day between Texas and New York. Attackers exploited an exposed password for a VPN account, stole data, and asked for a ransom of $4.4M. The attack was felt across the country through shortages of jet fuel, and fear of a gas shortage caused panic-buying, and a spike in gas prices.
Global threats are not only dominating mainstream media headlines but unfortunately our cyber infrastructures as well. 2022 has already seen its fair share of challenges between Covid-19, supply chain issues, natural disasters, and the Russia-Ukraine war. Amidst all these events, cyber incidents were still the top global threat according to the Allianz Risk Barometer 2022.
Ransomware attacks cost companies millions each year. The top 5 known ransom payments include:
- CWT Global
AMOUNT PAID: $4.5 MILLION
RANSOMWARE: RAGNAR LOCKER>
- Colonial Pipeline
AMOUNT PAID: $4.4 MILLION
RANSOMWARE: DARKSIDE
- Brenntag
AMOUNT PAID: $4.4 MILLION
RANSOMWARE: DARKSIDE
- Travelex
AMOUNT PAID: $2.3 MILLION
RANSOMWARE: SODINOKIBI
- University of California San Francisco (UCSF)
AMOUNT PAID: $1.14 MILLION
RANSOMWARE: NETWALKER
Most of these vulnerabilities were hacked due to weak passwords or not having many defenses in place and only relying on firewalls. Most of these incidents could have been prevented through a proactive cybersecurity solution such as Identity and Access Management Services.
Cyber criminals will often pose as co-workers, friends, or family members for network/password credentials or financial gain-this is called social engineering. The sense of urgency from an authority figure or family member often outwits our sense of realizing this is an out of character request. It often leads to instantly sending money to what seems like a familiar face. The network/password credentials shared provides entry that your typical security hardware and software won’t notice and allows unfettered access to valuable, critical data.
Existential Threats
As the attacks increase, so do the costs associated with them. The average cost of a data breach is $4.24 million for companies worldwide according to the 2021 Cost of a Data Breach Report. With all the hackers and scammers flooding our cyber infrastructures today, it is more crucial than ever to have the proper defenses in place. The toll on business productivity and financial standing is far too much.
- Existential Threat: Ransomware
- Real World Impact: Average cost of a ransomware attack is $732,520 when the ransom was not paid, but doubles to $1,448,458 if the ransom is paid
- Existential Threat: Downtime
- Real World Impact: Amazon, Microsoft,
Delta, Sony, Nvidia—no company is immune from downtime and the brand damage
it inflicts
- Existential Threat: Compliance Fines
- Real World Impact: New state compliance requirements are rolling out and the penalties are no slap on the wrist—California Consumer Privacy (CCPA) fines can run up to $7,500 per violation with no cap
- Existential Threat: Data Loss
- Real World Impact: Whether from a cyberattack or human error, 40%-60% of SMBs won’t reopen after data loss
In addition to these existential threats, enterprises have faced a slew of IT challenges:
- The average enterprise has 6 different forms of application infrastructure
- …each of which comes with unique management systems and tools
- 80% of time is spent managing risk
- …which leaves little time for IT to create additional value for the business
- Compliance requirements are evolving in real-time including the addition of state privacy laws. California led the way with CCPA and 38 other states recently implemented privacy laws.
- IT is expected to do more with less year-after-year managing cross-platforms, and security and compliance of different environments
With the ever-increasing threat landscape affecting more businesses and individuals each year, it is understandable companies are seeking out a reliable partner to protect their cyber infrastructure. Ntirety can help your business build a security and compliance solution that meets today’s needs while strengthening your long-term strategy. For more information watch our recent webinar here and stay tuned for the next blog in this series.