What is a Cyber Attack?

• A Cyber Attack is a malicious and deliberate attempt by an individual / organization to breach the information system of another individual / organization or networks.
• A Cyber Attack can maliciously disable computers, steal data, or use a breached computer as a launch point for other attacks.
• Cybercriminals use a variety of methods to launch a cyber attack, including malware, phishing, ransomware, denial of service, among other methods.
• The attacker seeks some type of benefit from disrupting the victim’s network.

Why do people launch Cyber Attacks?

• Cybercrime has increased every year as people try to benefit from vulnerable business systems. Often, attackers are looking for ransom:
• 53 percent of cyber attacks resulted in damages of $500,000 or more.
• Cyberthreats can also be launched with secret motives.
• Some attackers look to destroy systems and data as a form of “Hacktivism.”

How often do Cyber Attacks occur?

• Cyber attacks hit businesses every day.
• According to the Cisco Annual Cyber Security Report, the total volume of events has increased almost fourfold between January 2016 and October 2017.
• There are two types of cyber attack victims –
  • Those that have been hacked.
  • Those who don’t yet know they have been hacked.

Types of Cyber Attacks

Though there are many different ways that an attacker can infiltrate an IT system, most cyber-attacks rely on pretty similar techniques. Below are some of the most common types of cyber-attacks:

Risk of Cyber Attack

• Cyber attacks have been rated the fifth top rated risk in 2020.
• This risky industry continues to grow in 2023 as IoT cyber attacks alone are expected to double by 2025.
• World Economic Forum’s 2020 Global Risk Report states that the rate of detection is as low as 0.05 percent in the U.S.

Impact and Severity of Cyber Attacks

• Cyber attacks can impact an organization in many ways — from minor disruptions in operations to major financial losses. Regardless of the type of cyber attack, every consequence has some form of cost, whether monetary or otherwise.
• Consequences of the cyber Security incident may still impact your business weeks, if not months, later. Below are five areas where your business may suffer:
  • Financial losses
  • Loss of productivity
  • Reputation damage
  • Legal liability
  • Business continuity problems

Impact on Covid

• The pandemic affected all types of businesses — big and small.
• If anything, the pandemic amplified cybercrime due to the uncertainty around remote working and how to protect your business.
• Cybercrime, which includes everything from theft or embezzlement to data hacking and destruction, is up 600% as a result of the COVID-19 pandemic.
• Nearly every industry has had to embrace new solutions and it forced companies to adapt, quickly.

Costs of Cybercrime

Cybercrime will cost companies worldwide an estimated $10.5 trillion
annually by 2025, up from $3 trillion in 2015. At a growth rate of 15 percent year over year — Cyber Security Ventures also reports that cybercrime represents the greatest transfer of economic wealth in history.

“The average cost of a single ransomware attack is $1.85 million.”

Cyber Attacks by Industry

• Some industries are more vulnerable to cyber attacks than others, simply due to the nature of their business. While any industry could be subject to a data breach, those most at risk are businesses that are closely involved with people’s daily lives.
• Companies that hold sensitive data or personally identifiable information are common targets for hackers. Types of businesses or organizations that are most vulnerable to cyber attacks include:
• Banks and Financial Institutions: Contain credit card information, bank account information, and personal customer or client data.
• Healthcare Institutions: Repositories for health records, clinical research data, and patient records such as social security numbers, billing information, and insurance claims.

• Corporations: Has inclusive data such as product concepts, intellectual property, marketing strategies, client and employee databases, contract deals, client pitches, and more.
• Higher Education: Hold information on enrollment data, academic research, financial records, and personally identifiable information like names, addresses, and billing info.

Breach Discovery

• Breach discovery is when the company or business becomes aware that the incident occurred.
• According to IBM, it takes a company 197 days to discover the breach and up to 69 days to contain it.

• Companies that contained a breach in less than 30 days saved more than $1 million compared to those that took more than 30 days.
• A slow response to a data breach can cause even more trouble for your company. It can result in a loss of customer trust, productivity, or major fines.

Information Security Spending

• Statista Market Reports states that revenue in the Cyber Security Market is projected to reach $162 billion in 2023.
• It is expected to show an annual growth rate from 2023 to 2028 of 9.63%, resulting in a market volume of $256.50 billion by 2028.

Cybercrime for Small and Medium Businesses

• Cyber attacks on all businesses, but particularly small to medium sized businesses, are becoming more frequent, targeted, and complex. According to Accenture’s Cost of Cybercrime Study, 43% of cyber attacks are aimed at small businesses, but only 14% are prepared to defend themselves.
• Not only does a cyber attack disrupt normal operations, but it may cause damage to important IT assets and infrastructure that can be impossible to recover from without the budget or resources to do so.

• Small businesses struggling to defend themselves because of this. According to Ponemon Institute’s State of Cyber Security Report, small to medium sized business around the globe report recent experiences with cyber attacks:
• Insufficient security measures: 45% say that their processes are ineffective at mitigating attacks.
• Frequency of attacks: 66% have experienced a cyber attack in the past 12 months.
• Background of attacks: 69% say that cyber attacks are becoming more targeted.
• The most common types of include:
  • Phishing/Social Engineering : 57%
  • Compromised/Stolen Devices : 33%
  • Credential Theft : 30%

Frequency of Ransomware

• Ransomware attacks are becoming more prevalent as a concern.
• In 2022, 70% of businesses fell victim to ransomware attacks. This is expected to rise to every 11 seconds by 2021.

Longtail Cost of Cyber Attacks

• The long tail costs of a data breach can extend for months to years.
• Unanticipated significant expenses.
• These costs include lost data, business disruption, revenue losses from system downtime, notification costs, or even damage to a brand’s reputation.

Who’s Behind Data Breaches?

Costliest Cyberattacks in 2022

( Source : https://informationisbeautiful.net/visualizations/worlds-biggest-data-breaches-hacks/ )

Why is cyber security important?

• The costs of cyber security breaches are rising : Organisations that suffer cyber security breaches may face significant fines. There are also non-financial costs to be considered, like reputational damage.
• Cyber attacks are increasingly sophisticated : Cyber attacks continue to grow in sophistication, with attackers using an ever-expanding variety of tactics. These include social engineering, malware and ransomware.
• Cyber security is a critical, board-level issue : New regulations and reporting requirements make cyber security risk oversight a challenge. The board needs assurance from management that its cyber risk strategies will reduce the risk of attacks and limit financial and operational impacts.
• Cyber crime is a big business : According to a study by McAfee and the CSIS, based on data collected by Vanson Bourne, the world economy loses more than $1 trillion each year due to cybercrime. Political, ethical, and social incentives can also drive attackers.

Who needs cyber security?

It is a mistake to believe that you are of no interest to cyber attackers.
Everyone who is connected to the Internet needs cyber security. This is because most cyber attacks are automated and aim to exploit common vulnerabilities rather than specific websites or organisations.

Why Need Cyber Security Audit?

A risk-based approach to cyber security will ensure your efforts are focused where they are most needed. Cyber Security audit is essential –

1. To be continuously vigilant against cyber attacks.
2. To safeguards the digital data from Various types of cyber attacks.
3. To prevent the money loss / reputation loss / public data from the cyber attacks.
4. Improve organization’s cyber Security postures in time to meet the next threat.
5. To comply with the statutory guidelines of the regulators.