Cyberattacks continue to increase at a phenomenal rate. Organizations have never faced such threats – and the future doesn’t look any brighter. Yet there is arguably a “silver lining” for those who have been victims of a successful breach.
The surge in threats is encouraging companies to take a more proactive approach to defense hardening. In fact, investment in cybersecurity is at an all-time high as the UK Government reports a 14% increase in revenue generated by UK cyber businesses to £10.1 billion in February 2022. The rate of increase is unsurprising given that the average cost of a data breach is now at $4.24 million.
There’s no doubt that all attacks are devastating to victims, but each breach offers the opportunity for greater resilience and improved security strategies. Take the example of ransomware. Sadly, not a day goes by without another attack of this nature being reported against businesses around the world.
According to sonic wall, 2021 has seen a “sustained and meteoric rise” in breaches, with 623.3 million ransomware attacks recorded worldwide, a 105% increase from the previous year. Yet each tragedy serves as a warning to the rest of us and has helped accelerate global investment in cybersecurity as businesses scramble to prepare for the next onslaught.
The reality of the future of attacks
Over the past two years, threat actors have become bolder and more sophisticated, but intelligence continues to hint at greater devastation in the years to come. A ransomware attack can be extremely damaging to an organization. Yet if you compare it to the dangers and damage associated with a nation-state assault – something we have all seen only too recently – it may be relatively small in comparison. While they may use similar attack vectors, the nation-state campaign investment and support is significantly greater and therefore has the potential to cause far greater destruction.
For example, the attack on the Colonial Pipeline in the United States, which was linked to a subsidiary of a Russian-linked cybercrime group called DarkSide, demonstrates the devastation caused by larger attacks. The entire infrastructure responsible for about half of the East Coast’s fuel supply has come to a halt as hackers managed to disable its billing systems. This attack highlighted just how vulnerable governments and industries are and how even the smallest of vulnerabilities – like a compromised ID – can cause nationwide disruption.
Growing Weapons Developments (and Concerns)
Sophisticated cybercriminals and nation states have access to advanced technologies and resources, which could have dire consequences in a war scenario, as the conflict in Ukraine is currently demonstrating. Over 70 million people were killed during World War II, but they did not have access to the advanced cyber weapons available today. Conflicts today have two platforms – physical and cyber. The modern soldier was born with a gun in one hand and a button capable of disrupting critical infrastructure in the other.
We are witnessing an alarming buildup of cyberweapons in the arsenals of threat actors. Once conflict erupts, whether at a nation-state or corporate level, things can escalate quickly and these weapons could be potentially catastrophic. the NCSC is currently urging companies to take steps to “strengthen their defences” amid the ongoing war in Ukraine.
The ‘silver lining’ of past attacks
Organizations that have already been infiltrated and applied the lessons learned have a better chance of resisting these kinds of destructive attacks. With the increase in the number and scale of ransomware attacks, those who faced early attacks, perhaps on a smaller scale, faced the consequences, understood how damaging an attack could be and built more robust and resilient cyber defenses.
Overall, the massive investment in cybersecurity is a response to past attacks. The only way organizations feel threatened is if they themselves feel under attack, so the results of these earlier small attacks paint a grim (but very real) picture for many.
The breaches will only get worse as we continue into a digital world and the attack surface expands. The tide has well and truly turned for those in the public and private sectors who are finally realizing they can no longer afford to sit still, and oddly enough, we have ransomware attacks to thank.
We are well past the time when the government alone can defend the country against these attacks; there are too many moving and interconnected parts. Organizations themselves must take responsibility for defending themselves, which, in turn, helps protect the country against the growing threat of nation-state actors using the most advanced cyber weapons.
Organizations are on high alert, having been bitten early on by smaller financially motivated attacks. The reality is that cyberattacks are deadly, not only for finances but also for human life. While companies stung in the past have likely suffered greatly financially, they are in a much better position to defend themselves – and the country – against more sinister intentions.
Increasing attacks is by no means the desired scenario, but the resilience gained from past attacks should be seen as a silver lining in the face of greater dangers.