March 4, 2021
If you’re not already sitting down, you might want to pull up a chair. Ok, ready?
The total cost of global cybercrime in 2021 alone is estimated at $6 trillion. That’s trillion with a “T”. Here’s a word that begins with “P” to consider: Prevention. Merely reacting to one of these nefarious incursions after it happens is very bad for business — a financial and reputational nightmare. (Just ask the targets of these attacks perpetrated in 2020.) Oh, and over the next four years, that $6 trillion figure could come to seem almost quaint as the cost rises as high as $10.5 trillion.
And yet, not enough companies — and certainly not enough SMBs — take the looming and ever-morphing threat seriously. “Part of it has to do with people not thinking that they will be the victim,” Mindsight Cybersecurity Practice Lead Mishaal Khan said in a previous blog post, “so that tends to have a reactionary effect. “The other reason is they think cybersecurity is going to be costly. In fact, the lack of security is going to cost them more.”
According to CDNetworks, the five sectors that are most at-risk from cyberthreats — especially ransomware — in 2021 include small businesses, healthcare institutions, government agencies, energy companies and higher education facilities. Scarily, the report notes, “Even those with little to no programming skills can carry out these cybersecurity attacks, due part to the easily acquired ransomware attack kits available on the dark web.”
But why are these industries, in particular, so vulnerable to attack? The reasons, as Khan explains, are as varied as the industries themselves.
The big brands get most of the “unwanted” media attention when they’re hacked, but the reality is, small and medium size businesses are hacked far more frequently. According to experts, 60% of SMBs will fail within 6 months of a cyberattack. What’s more, cyber criminals have industries they target due to the lucrative nature of the information they maintain. According to Khan, “the priority of SMBs is making money, not spending money for protection. Everything is looked at from a profit/cost perspective. Smaller ransom amounts spread out across thousands of companies provides a much better ROI for hackers versus larger enterprises that tend to negotiate, delay or deny ransom because part of it may be covered by insurance or they have sufficient backups and protection in place to quickly recovery.”
According to CDNetworks, ransomware is a top threat to healthcare organizations. At least one breach occurred every day impacting 27 million patient records. “Personally identifiable information (PII) is extremely valuable to hackers and sold in the dark markets, says Khan. A PII breach enables further social engineering attacks that involve phone and email impersonation tactics. Healthcare software and hardware equipment manufacturers are slow to adopt new technology or patch and upgrade legacy systems, further exacerbating the problem.”
Government agencies maintain social security data, fingerprints, and so much more. The infrastructure housing this information has known vulnerabilities. “Budgetary challenges are preventing infrastructure from being modernized and security gaps addressed, says Khan. “The lack of money is causing an exodus of qualified staff to the more lucrative private sector. Fewer qualified staff means less vigilance and more vulnerability to cyberattacks.”
“Unlike the other sectors, energy is considered critical infrastructure. Disrupting it in any way can throw entire nations into disarray and panic. It could be a dam opening up or a reactor overheating — or a water supply getting poisoned, as happened recently in Florida when a hacker attempted (unsuccessfully) to increase the amount of sodium hydroxide to 100 times the normal level.”
Of all industries, universities have been hit the hardest, experiencing the highest number of cyberattacks in the last decade. “The financial incentive to breach accounts of active students and steal financial information is huge. Unfortunately, and despite the fact that student debt is a national crisis, university IT admins are slow to react and limited by insufficient budgets and resources.”
“The inconvenience security brings to these processes directly affects preventing attacks,” Khan says. “If security awareness and education is done right, the inconvenience factor decreases significantly.”
Learn more about Khan’s perspective on cybersecurity by requesting a vulnerability scan of your organization’s network environment.
Mindsight is industry recognized for delivering secure IT solutions and thought leadership that address your infrastructure and communications needs. Our engineers are expert level only – and they’re known as the most respected and valued engineering team based in Chicago, serving emerging to enterprise organizations around the globe. That’s why clients trust Mindsight as an extension of their IT team.
Visit us at http://www.gomindsight.com.
About The Expert
Mishaal Khan, Mindsight’s Security Solutions Architect, has been breaking and – thankfully – rebuilding computers for as long as he can remember. As a Certified Ethical Hacker (CEH), CCIE R&S, Security Practitioner, and Certified Social Engineer Pentester, Khan offers insight into the often murky world of cybersecurity. Khan brings a multinational perspective to the business security posture, and he has consulted with SMBs, schools, government institutions, and global enterprises, seeking to spread awareness in security, privacy, and open source intelligence.