In May of 2021, all it took was one compromised password take Colonial Pipeline offline. The pipeline moves approximately 2.5 million gallons of fuel daily from the Gulf to the Eastern Seaboard. This disruption, which caused the first complete shutdown of the pipeline in its 57 years of existence, caused fuel shortages and an increase in fuel prices, as well as costing Colonial Pipeline a $4.4 million ransom payment. That same month, JBS Foods paid $11 million in ransom money after hackers attacked—the highest cyber crime ransom payment recorded to date. The cyber attack caused shutdowns of their operations in three countries.
Although Acting Deputy Attorney General John Carlin called 2020 the “worst year ever” for ransomware attacks, things got even worse in 2021. According to the Identity Theft Resource Center’s Q3 Data Breach Report, which analyzes publicly reported data breaches in the United States, the number of data compromises through the end of September 2021 was already 17 percent higher than all of those in 2020. And the total number of cyber-attack related data compromises in that same period? Up 27 percent compared to the entirety of 2020.
Now, more than ever, as we move forward into 2022, educating and protecting yourself from cyber security threats on business is integral to your overall business strategy. Your success depends on your ability to not only mitigate the risks of business and enterprise cyber attacks, but also have definitive measures in place to minimize the damaging effects on your business when an attack occurs. Let’s examine at some of the most common cyber security threats for business.
Ransomware is one of the most common threats out there—costing companies billions of dollars a year. Ransomware is an insidious ploy by cyber criminals to encrypt or steal data and hold it “hostage” until the victim pays a ransom. The United States Treasury Financial Crimes Enforcement Unit (FinCEN) reports that the total value of ransomware-related Suspicious Activity Reports (SARs) from financial institutions alone in the first half of 2021 was $590 million, which is more than the total in 2020 ($416 million). That’s a 42 percent increase!
Phishing is one of the most common entryways to install ransomware or malware onto a system, as well as a method to acquire sensitive information. Cyber criminals send mass quantities of phishing emails claiming to be from a reputable institution to convince victims to give out confidential information, such as passwords or banking information. They may appear on the surface to be from a trusted organization—such as your bank or a government agency—and include a request to provide information or ask you to open a link which installs malware on your computer.
Spearphishing attacks are simply more sophisticated versions of phishing attacks. Instead of sending mass quantities of generic emails hoping that someone unsuspecting will take the bait, the spearphisher sends more personalized emails to specific targets who often have access to privileged information. The criminals often masquerade as a trusted personal sender (such as a colleague or CEO of a known organization).
Smishing is the same concept as phishing except it uses text messages to carry out the scam—posing as a reputable company and asking for a credit card number, password, for you to open a link, etc.
Denial of Service (DoS)
In a DoS attack, the criminal floods the server with false requests, overwhelming the system and causing it to shut down. Individuals attempting to use the service or device are unable to access it. On a much larger scale, Distributed Denial of Service (DDoS) attacks use botnets and multiple (sometimes millions) of internet connections to carry out the attack.
With cyber crime on the rise and cyber criminals becoming more sophisticated and asking for more money, prevention is your first line of defense—including sensible data access policies, password management programs, anti-SPAM filters, and a thorough Disaster Recovery Plan. Rubrik can help you minimize the number of cyber attacks to your business as well as mitigate the damage done from a cyber attack and ensure a swift recovery. Rubrik’s solutions can help you detect an attack before it occurs and recover faster afterwards. After an attack, Rubrik detects the scope of damage and quickly restores data, ensuring your business won’t suffer from lengthy downtimes and lost data. Rubrik backups can’t be encrypted or deleted, making them immune to ransomware. Rubrik offers up to $5M ransomware recovery warranty for Rubrik Enterprise Edition, delivering the ultimate peace of mind. Your data is a valuable resource. Don’t let a lack of preparation make you the next big data breach headline in 2022.
What industry is the most highly targeted for cyber attacks?
While cyber attacks target all industries that use the internet for at least some part of their business, there are certain industries that are seeing increased attacks, including the health care industry, local governments, education institutions, and the supply chain.
How common are cyber attacks on businesses?
A 2020 survey of 5000 IT managers across 26 countries found that 51% of them had been hit by a ransomware attack in the past year. And that’s just from one survey. The Verizon 2021 Data Breach Investigations Report “analyzed 79,635 incidents, of which 29,207 met our quality standards and 5,258 were confirmed data breaches, sampled from 88 countries around the world.” While different research institutions have different numbers based on where they collected data and from who, the overwhelming consensus is that cyber attacks on business are extremely common and the number of crimes and the amount they’re costing businesses and consumers is growing.
How do cyber attacks affect businesses?
Cyber attacks are most often financially motivated, frequently holding data hostage or disrupting your business or services until a ransom is paid with the understanding that the implications of a data loss or mass service disruption will be far more costly in money, time, and reputation than just paying the ransom. According to the Ransomware Task Force, a company, on average, experiences 21 days of downtime due to a ransomware attack and 287 days to fully recover.