Today, cyber attacks are part of our daily life: almost every day, a new one appears, emails are sent to users to inform them of a potential theft of their data, employees are out of work: either their computer is blocked, or the data on it is encrypted. Is what seems to have become the first challenge for IT departments a foregone conclusion? Let’s take a first look at the situation.
How much does a cyber attack cost?
Beyond the painful and legal risks that a cyber attack can generate, let’s focus on what it can cost. According to Accenture’s study: Cybercrime in 2019, the average annual cost of cybercrime is around 12 million euros per company. This is a 12% increase over 2018. In France, in 2018, cybercrime will have cost 8.6 million euros per company. Cybercrime has increased by 23% in one year. To have a clear view of the cost of cyber attacks, these costs must of course be broken down into two categories :
- investments linked to detection, around 36% of the overall cost
- the cost of resolving and repairing the damage caused by these attacks
The loss of information is the main consequence of cyber attacks, followed by the cost generated by the disruption of the company’s activity. Cybercrime could cost companies 4.6 billion euros worldwide over the next five years. Nor should we underestimate the human damage caused by a cyber attack: weakening individuals, loss of group cohesion. Some may even lose their jobs, such as Uber’s security director, for example, during the data theft that caused such a stir. For large companies, the situation is serious: already in 2016, the EDF group explained that it would have to face 10 million cyber attacks per year. Orano (ex Areva) would be victim of 200 attacks every day. Let’s focus on the French communities. Last month, the agglomeration Grand Cognac was victim of a crypto virus. The result: thousands of encrypted data. The ransom demand amounts to 180,000 euros, which the local authority (fortunately) does not wish to pay. The total cost is estimated at 150,000 euros. Cyber-attacks specifically targeting local authorities are exploding, so it is the State that is directly targeted. The examples follow one another and are repeated. For organizations, the cost of cybercrime is gigantic. If solutions are to be found, it is important to understand what these cyber attacks look like.
What are the main types of cyber attacks?
I will now present the top 5 of the most common cyber attacks. Each of these attacks uses very different techniques and can serve very different interests: economic or political.
Distributed Denial of Service (DDoS) attacks
A DDoS attack consists of overloading a computer server or network. It is an attack as old as the (computer) world because it has become extremely simple to set up. The cyber hacker takes control of thousands of machines across a local to organizational or global network. This can be private PCs, connected objects such as IP cameras that are poorly protected. They are called zombies. Then the hacker uses his army of zombies to make them send continuous requests to the targeted server. This one, completely overwhelmed, will stop working. The result is simply the non-functioning of one or more IT services. For example, the inaccessibility of a website, a storage space or a mail server. DDoS attacks are clearly on the rise compared to 2018, which saw several DDoS services shut down. Although common, DDoS attacks are not the most critical: they do not destroy data, they simply cause an interruption of service such as a website or a TV channel.
Ransomware has become a very widespread type of attack because within it are hidden some stars: TeslaCrypt (2016), WannaCry (2017) or Bad Rabbit (2017). You know at least one of them. Ransomware can spread in many ways, but its goal is to make computer data inaccessible by encrypting it. Then, a ransom is demanded from the owner in exchange for the decryption key. Today, it is much more interesting to kidnap computer data than people. Above all, it is much less risky and better paid. Those who pay (usually in bitcoins, therefore untraceable), hoping to recover their data are often disappointed because no decryption key is given to them. This is the double penalty. Ransomwares are all about money. Important gains that can sometimes be used to finance certain ideological or political causes.
Phishing & Spear Phishing
Phishing is an attack that we all suffer every day. This attack is known as phishing in French. The purpose of this cyber attack is to collect sensitive data: a password, a credit card number, social security number, etc.. Here, the data is provided directly by the victim of the attack. How is this done? Often, via the reception of an apparently legitimate email: taxes, Paypal, Netflix, Microsoft, SFR, etc. In companies, the email can come from the employee’s N+2 or even from the manager directly. Some will say “it’s crazy that in 2019 it still works”. Indeed, some attacks are crude (spelling mistakes for example), nevertheless, some are dreadfully well executed and depending on the context, they are more likely to work. Typically, the deadline for income tax payment, a well-constructed (fake) email from the treasury can make you act with haste. Even worse is Spear Phishing, which is a variant of Phishing. Unlike phishing, spear phishing targets a specific audience or person. The victim then receives a highly personalized email. The hacker collects information about the victim on the internet (LinkedIn, Facebook, etc.). By receiving an email containing a large amount of information about us, it is likely that we do not suspect an attempted attack. Phishing can be used as part of the preparation of a larger cyber attack, data resale or modern industrial espionage.
The defacement, defacing or disfigurement, is the modification by a cyber attacker of the display of a website. The hacker diverts the site from its true use and thus from its real objective. The defacement can have two objectives:
- The hacker may wish to convey a message, most often political or ideological.
- The hacker can use this modification to seek a certain fame. This is why different groups of hackers compete to find out which one is the most gifted.
Many websites are not updated, and therefore have easily exploitable security holes, this is typically the case with CMS such as WordPress. The defacement does not result in data loss but can harm the image of the organization. Indeed, it will not reassure your customers if they see a skull and crossbones with the name of a hacker team on the home page of your site.
How to protect yourself from cyber attacks?
Fortunately, solutions exist and IT departments today have many solutions to protect their organization from cyber attacks. Of course, no system is 100% perfect, however, it is possible to reduce the risks to the maximum. First of all, the choice of antivirus is important, its configuration and regular updates are crucial. The services offered by most vendors include automated backups, a data loss prevention solution, anti-virus and firewall. Second, staff training. It is well known that the number one vulnerability exploited by cyber attackers is employees. Intel Security’s Threat Report study indicates that 92% of French employees are unable to identify 1 in 7 phishing emails. Once an employee’s workstation is compromised, the entire local network is in danger. Awareness-raising actions must be organized on a regular basis. Thirdly, ensure that the IT department is able to be reactive in the event of a cyber attack and is able to ensure that the park remains up to date. It is here that the ceBox® solution proves to be the first ally of the CIOs against cyber attacks. The ceBox® solution offers centrally manageable workstations (multi-site). It is then possible to update the software and the OS of the entire fleet in a few clicks, without even having to go on site. Even better, in the event of a detected cyber attack, the Read-Only mode of the ceBox® solution allows to get rid of the virus by simply restarting the workstations. The workstations will return to their initial configuration, safe from any malicious software. Even when teleworking, employees using a ceBox® work in a secure environment via the encryption of exchanges between their workstation and the head office. Discover below the presentation of the ceBox® solution by Bastien Collas, Project Leader at Wisper. Benefit from a remote demonstration or in our Lab in the Paris region directly from this page. https://www.youtube.com/watch?v=uPWoQXTB9qc