Understanding Cybersecurity For Business Needs
Almost everyone in today’s world has an idea of cybercrimes and its impact on individuals as well as organizations. Often, we come across news like online frauds, hacking and network tempering to the corporations that we instinctively thought had a great cybersecurity architecture. We need to understand that we live in an era where the assumptions about trust and anonymity from issues such as what is your privacy and personal rights to what is classified information and how information is communicated as fact or opinion are being challenged by the convergence of new information technology.
Theft of corporate information, cost of repairing the damaged infrastructure, disruption in operations and Leak of intellectual data
Lost of trust from consumers and clients, Poor media coverage and loss of potential future customers to competitors
Non-compliance of regulations regarding Data Privacy and GDPR can come up with a hefty penalty and sanctions on the organization
It is important to understand that cybersecurity in many ways depends on humans and there is a need to design and build security systems with humans in mind. It shows that cybersecurity should not be viewed as a fixed cost factor by businesses, which can only be addressed through technological upgrades.
Cyberattacks have various impacts on companies working not just it affects their operations and financial standing; it leaves a long-lasting scar on reputation and digital strategy along with other repugnant impacts.
Usually, a large-scale cyberattack is executed after planning and research on the target. Varying with the motivation of the attack, most of the cyberattacks commonly follow the timeline which includes the following steps:
Motivation of cyber attackers
Cyber attackers during the inception of the digital era had a major question of intellectual curiosity. Yet, hacker motivation has progressively translated from primarily intrinsic to primarily financial. However, it was the provenance of social networks and the Dark Web from the early 2000s that money became one of the main driving factors for the adversaries. However, it would be incorrect to say that all hackers are after money. Cyberattacks may aim to compromise data integrity (destroy or change data) to breed distrust in an organization or government. Some of them just wanted to challenge the sanctions and restrictions or were unhappy with the target’s functionality or philosophy.
Cyber attackers during the inception of the digital era had a major question of intellectual curiosity. Yet, hacker motivation has progressively translated from primarily intrinsic to primarily financial. However, it was the provenance of social networks and the Dark Web from the early 2000s that money became one of the main driving factors for the adversaries.
Importance of Cybersecurity
Cybersecurity is one of the major necessities these days as it surrounds and tries to protect everything about us that is digitized. Sensitive data, personal information, intellectual property, data, and governmental and industry information systems from theft and damage attempted by criminals and adversaries. Cybercriminals are becoming more sophisticated, changing what they target, how they affect organizations and their methods of attack for different security systems.
Social engineering remains the easiest form of cyberattack with ransomware and phishing being the easiest form of entry. Third-party and fourth-party vendors who process your data and have poor cybersecurity practices are another common attack vector, making vendor risk management and third-party risk management even more important. Few of the cyberattacks that caught the attention of the business leaders around the world include:
A series of attacks brought down much of the internet in Estonia in apparent retaliation to the removal of a Soviet war memorial17. This hit Estonia particularly hard as it had deeply embraced the internet revolution18. The attack started in April 2008 with a series of distributed denial of service attacks. The attacks started with ‘script kiddies’ (unskilled hackers) running programs to flood servers at various targets. As the attack progressed, it was intensified using botnets. Other hackers broke into websites deleting content and adding their own messages. There has been a lot of speculation about who initiated and ran the attack. The attack is an early example of a large-scale coordinated and targeted disruption.
Equifax Data Breach
Equifax, one of the largest credit bureaus and reporting agency faced a huge data breach in September 2017. Sensitive information of more than 150 million Americans was compromised. The data breached included names, home addresses, phone numbers, dates of birth, social security numbers, and driver’s license numbers. The credit card numbers of approximately 209,000 consumers were also breached. The sensitivity of the personal information held by Equifax and the scale of the problem makes this breach unprecedented.
Such attacks and data thefts have driven regulatory bodies like the National Institute of Standards and Technology (NIST) to release frameworks to help organizations understand their security risks, improve cybersecurity measures and prevent cyberattacks. We will be covering them in our next articles about Cybersecurity Frameworks.