Companies, individuals must protect themselves from cyberattacks
This year has seen a significant rise in the number of cyberattacks launched worldwide, making this threat one of the top-rated risks that the public and private sectors, as well as individuals, face on a daily basis.
Data breaches so far in 2023 have exposed nearly 4.5 billion records. Some of the major cyberattacks launched this year include: the hacking of the US State Department’s emails by a threat actor dubbed Storm-0558; a data extortion group called Scattered Spider carrying out cyberattacks against MGM Resorts and Caesars Entertainment; the passport records of nearly 34 million Indonesian citizens being stolen from the Indonesian Immigration Directorate General; and the genetic testing company 23andMe having the data of millions of its members leaked.
In addition, T-Mobile has disclosed two data breaches this year, the first of which affected about 37 million customers. Similarly, AT&T faced a data breach that exposed about 9 million customers’ personal details. A hacker also targeted X, leaking more than 220 million users’ email addresses. The UK Electoral Commission announced in August that its database had been breached, exposing the personal information of about 40 million people, and a group known as Cyber Av3ngers last week gained control of at least one device at the Municipal Water Authority of Aliquippa, Pennsylvania.
One of the major problems associated with cyberattacks is the cost, as the motivation for most of them is mainly financial. Businesses often have to pay millions of dollars for every breach.
Nevertheless, it is critical to point out that paying a ransom does not necessarily guarantee that stolen data will be returned, since only 8 percent of businesses that paid ransoms in 2021 received all their data back.
The average ransomware payout in 2023 has been almost double what it was in 2022. The average cost of a data breach is now reportedly $4.45 million. While the US ranks first when it comes to the highest average total cost of a data breach ($9.48 million), the Middle East comes a close second ($8.07 million).
It is predicted that cybercrime will cost the global economy about $10.5 trillion annually by 2025, which reportedly represents “the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.”
In addition to targeting companies and individuals, some cyberattacks could have consequences as severe as military action. For example, cyberattacks can lead to rogue actors taking control of or disrupting an entire nation’s infrastructure, including public services, hospitals, transport systems, the internet, municipal or governmental institutions and the energy sector. They can steal people’s private information or take control of a country’s missiles and drones, and even its military’s intelligence, command, control and communications.
One of the major problems associated with cyberattacks is the cost, as the motivation is mainly financial.
Dr. Majid Rafizadeh
So, what should companies and individuals do to protect themselves from this dramatic rise in cyberattacks?
First of all, it is important for every company to set up a cybersecurity policy and then regularly conduct special training for employees in order to educate them about the key security practices and guidelines.
Some large companies have their own cybersecurity teams to protect the business from cyberattacks. But even smaller businesses can take steps, such as making sure to have the most up-to-date versions of all software, computer operating systems and internet browsers. Having firewall security for their internet connection is important as well.
It is also important for companies to have additional copies of their important data, to limit access to their critical data and require multifactor authentication or additional information for logging on and gaining entry to their system.
To protect themselves, companies and individuals ought to regularly learn about the latest tactics used by hackers and cybercriminals. Attackers use various tactics, such as malware attacks and social engineering scams. Social engineering scams are one of the most widespread methods used by cybercriminals.
It is important to point out that 74 percent of all breaches involve a human element. Instead of manipulating technology, cybercriminals and hackers often rely on exploiting human error, as well as psychologically manipulating or tricking someone into directly or indirectly revealing sensitive personal information.
Scareware is another tactic, as it scares a person into acting fast in order to get rid of a computer virus. Other tactics include phishing attempts or domain name system spoofs, where server data is tampered with in order to redirect users to fake websites. Some attackers may also disguise themselves as a friend, relative or business in an attempt to have a targeted individual click on an infected link or share personal information.
Companies and individuals should also be aware of the exposure they might have to third-party contractors. Cybercriminals can get access to information through third parties that might have less protection for their security systems. For instance, in 2021, the personal records of millions of users on Facebook, Instagram and LinkedIn were breached due to a misconfigured database run by a third-party contractor, the Chinese social media management company SocialArks.
In a nutshell, 2023 has seen a dramatic rise in the number of cyberattacks on businesses, governmental and nongovernmental organizations and individuals. To protect themselves from cyberattacks, it is important for companies and individuals to regularly update themselves about the latest cybersecurity practices and policies.
• Dr. Majid Rafizadeh is a Harvard-educated Iranian-American political scientist.