Cybercrime is a major concern – recent studies show that while crimes like burglary and grand theft auto are down, fraud and cybercrime instances continue to rise. It’s a sign of criminals discovering new ways to make profits. Whether exploiting vulnerabilities to access and sell sensitive information or installing ransomware that forces users to pay to unlock their own data, cybercrime is getting more sophisticated too.
In 2014, CNN reported 47% of all American adults had already been hacked, and that was before Yahoo’s admission at the end of 2016 that over 1.5 billion user accounts were compromised over a series of attacks spanning from 2013-2016. Yahoo’s announcement dropped its sale price to Verizon by $250 million and delayed its acquisition until Q2 2017, but what are the real costs associated with these types of cybercrime?
Costs of Information Security
Anyone who’s worked in IT or played with Anonymous online is likely familiar with the term infosec, a shortened term for information security. The industry is growing exponentially in response to modern cybersecurity threats, with Gartner reporting $81.6 billion spent on infosec products and services in 2016 alone.
This number represents the investments corporations, governments, and other organizations spent on security testing, IT outsourcing, and data loss prevention. Between 2017 and 2021, Cybersecurity Ventures anticipates $1 trillion global infosec spending.
Bank of America, one of the world’s largest companies, is responding by implementing an unlimited cybersecurity budget. Giving a blank check and carte blanch spending approval says everything you need to know. Cybersecurity and protection against hackers, pirates, phishers, and other malicious actors is a top priority across the board.
The High Costs of Breaches
Corporations don’t spend money unless it’s necessary, so it’s a sign they all understand the costs of a security breach. Breaches of proprietary company information is one thing, but once customer data is leaked, companies face a slew of reputation and financial risks. Government fines, loss of business, and intense media scrutiny can be enough to shut any business down.
Yahoo’s troubles aren’t limited to outrage over compromised customer information leaking – the type of information being scanned in the company’s email servers is a problem for privacy advocates as well. Complying with a classified order from the U.S. government, Yahoo built software that read people’s email on unprecedented levels.
The Herjavec Group recently predicted cybercrime damages will cost the world more than $6 trillion by 2021 (six times the amount being spent on preventing it). This number represents data destruction, stolen money/IP/data, lost productivity, forensic investigation, and everything necessary to recover normal business operations after an attack.
While breaches at large companies like Yahoo, Sony, and Target often receive the most media attention, nearly half of all cyberattacks are committed against small businesses. By 2020, there will be 4 billion people online, greatly increasing the human attack surface and putting individuals at the same level of risk as businesses.
In addition, the IoT is expected to raise the amount of connected devices up to 200 billion by 2020. Smart devices like DVRs, smart lights, and video game consoles aren’t always thought of when securing a network. Most people have no clue how to install a firewall on these devices, and many are developed by small businesses that don’t have the capital to afford penetration testing and security measures.
Emerging Threats in 2017 and Beyond
These IoT devices have been used several times in 2016 and 2017 as a botnet to take several websites down using a DDoS attack. These types of attacks have hidden costs that are often difficult to fully understand. Thankfully, Akamai set up a calculator that can determine lost revenue, brand damage, staffing response, help desk support, and other operational costs associated with a DDoS attack.
When Mirai took down the Dyn server late in 2016, it cost companies between $20,000 and $100,000 per hour of downtime. Even I was unable to work, as several blog backends went down, but the threat even I fear is ransomware.
In 2016, ransomware attacks cost an estimated $1 billion – computer programmers are feeling the strain of the economy like everyone else. Some of these talented designers have learned creating ransomware is more financially beneficial than a legitimate app. These programs encrypt the files on your computer and force you to pay for the key to unlock it. Unable to survive without access to bank accounts, email, social media, and other services, many people end up paying.
Since payments are made in cryptocurrencies like bitcoin, they’re untraceable, making ransomware a lucrative project for the developer. It’s not fun being a victim of these cybercrimes, however, and preventative steps can be taken to reduce the frequency and impact.
Protecting Yourself from Cybercrime
End-to-end encryption, virtual machines, virtual private networks, firewalls, and safe web browsing practices all play key roles in protecting us from cybercrime. Firewalls form a barrier between your device and the rest of the Internet, VPNs protect data transferred across the Internet, and virtual machines protect data stored locally.
The sum of these tools provides end-to-end encryption that means the only way someone can steal your data is by compromising either your device or the web server. It makes you the weak link in your own security, which is the exact same position even the most powerful organizations in the world face. Once you become the weak link, all you have to do is stay strong, alert, and informed.
Create passwords that are hard to guess, and change them frequently. Using patterns for passwords (for example, changing your base password of CamelCrush to Cam3l!Crush, Cam3l#Crush, Cam3l$Crush) is a bad idea as these patterns will easily be noticed. Leaked passwords from sites you no longer use over time show hackers exactly how you think.
Cybersecurity is a problem, but it’s not something you should spend your every waking moment stressing about (unless that’s what you’re into). If you’ve somehow managed to not be hacked yet, it’s going to happen sooner or later. No method is 100% fool-proof, but with due diligence, you can stay as safe as possible.