The cost of cybercrime is predicted to hit $8 trillion, that’s correct, trillion, in 2023, growing to $10.5 trillion by 2025, according to the 2022 Official Cybercrime Report from Cybersecurity Ventures.
To put that into perspective, it is the combined Gross Domestic Product (GDP) of Japan and the United Kingdom combined. If cybercrime were a country, it would be third in terms of GDP after the US and China.
It is a lucrative business, and the currency is one: data. The total volume of data in the world tops 150 zettabytes (150 followed by 21 zeroes) and that data needs to be protected.
Cybercriminals do not discriminate their victims. Every individual and every organisation is fair game. The human element is the most common threat vector.
Why? Humans are the least prepared, least knowledgeable and the weakest link. According to Verizon’s 2022 data breach report, 82% of breaches were caused by users.
Cybersecurity measures alone are not enough to counter cybercriminals’ sophisticated methods. Today, more and more organisations are including security training for employees. It’s effective and shuts the door on most attacks that require some form of human intervention.
Let’s take a look at 10 most common and prevalent cyber attacks that business and their staff should be aware of:
Phishing attacks: This is one of the most common types of cyberattacks, where hackers use social engineering to trick people into revealing sensitive information. For example, an email claiming to be from your bank, requesting your login credentials. In the third quarter of 2022, 3 million phishing attacks were reported (Anti-Phishing Working Group).
Supply Chain Attacks: Supply chain attacks involve targeting a company’s suppliers or partners to gain access to a company’s network or systems. Attackers may use a variety of techniques, such as malware or phishing, to gain access to a supplier’s network and then use that access to gain access to a company’s network.
Ransomware: This type of attack involves hackers gaining control of your system or data and demanding payment for its release. A recent example of this is the ransomware attack on the Costa Rican government to the tune of $30 million. No payment was made and 50% of the encrypted data was leaked to the public.
DDoS attacks: Distributed Denial of Service (DDoS) attacks involve overwhelming a website or server with traffic, making it inaccessible to users. Cloudflare reported that there was a 67% rise in ransom DDoS attacks in 2022.
Insider threats: These are threats posed by employees, contractors, or other insiders who have access to sensitive information. For example, an employee who steals customer data or changes master passwords, effectively shutting access to a network and its systems.
Code Injection Attacks: Code injection attacks involve adding malicious code to a legitimate program or website. Attackers may use code injection to steal data, cause damage to systems, or gain access to networks. An example of a code injection attack is a hacker adding malicious code to a website’s database.
Man-in-the-middle attacks: These attacks involve intercepting communication between two parties to steal information or alter messages. For example, a hacker could intercept a user’s login credentials while they’re logging into a website.
Social engineering attacks: These attacks involve using psychological manipulation to trick people into revealing sensitive information. For example, a hacker could pose as a technical support representative and convince a user to give them access to their computer.
IoT attacks: Internet of Things (IoT) devices, such as smart home devices, are vulnerable to attacks if they are not properly secured. An example of this is the Mirai botnet, which hijacked thousands of IoT devices to launch DDoS attacks.
Malware: Malware is malicious software that can infect your computer, smartphone, or other devices. It can steal information, delete files, or even take control of your device. Mydoom arguably had the most serious impact in history causing $38 billion worth of damages in 2004.
This is the reality we are living in. Organisations that adopt a ‘it won’t happen to us’ attitude are simply postponing the inevitable. Security is a cost but it is also an investment that is far less costly than dealing with a breach, loss of data and money.
How can you protect your business?
- Educate your employees: Train your employees on how to identify and respond to potential cyberattacks, such as phishing emails.
- Keep software up to date: Make sure all software and hardware are up to date with the latest security patches.
- Use strong passwords: Require employees to use strong, unique passwords and enable two-factor authentication where possible.
- Backup your data: Regularly back up your data to a secure, offsite location.
- Implement access controls: Restrict access to sensitive information to only those who need it.
- Monitor your systems: Regularly monitor your systems for unusual activity or potential security breaches.
Creating a strong security posture in your business is an investment that requires time and guidance. At BMIT, we can help your business take that important first step: assessing your cybersecurity readiness and the providing advice and a complete strategy on how to address any weaknesses and vulnerabilities in your enterprise IT setup.
Cyberthreats are constantly evolving. Assess, secure, and fortify your business today with BMIT.