The New Battlefront: Cyber Attacks on Institutions
Cyber Warfare

The New Battlefront: Cyber Attacks on Institutions

Cyber Attacks on Institutions

The shift to work from home dramatically increased the places hackers could attack companies, with home networks and personal computers being used for daily tasks.  This resulted in a dramatic growth in cyber attacks on institutions and cybercrime has increased by 600% since the start of the pandemic. While cyber attacks, in general, have been growing, the ability of cybercriminals to access less secure personal access points and, from there, gather information on institutions has exploded. When a cyber attack targets an institution, it is when it happens, not if it happens, because every organization will be affected by a cyber attack at some point in its lifecycle. On average, a malware attack costs a company over $2.5 million (including the time needed to resolve the attack[1]). Large businesses experience, on average, 130 security breaches per year per organization, so the likelihood of an attack happening is almost guaranteed[2].

In many organizations, the responsibility of cybersecurity lies with the technical staff, including the chief information officer (CIO) and chief information security officer (CISO). These people are responsible for fortifying the company’s defenses and responding to cyber attacks. When responding to a cyber attack, the IT team must determine how large a breach was and what areas were affected. Chief Engineer, Nyla Khali, supported a client in investigating a potential breach that unfortunately lasted weeks because there was a lack of forensic information. She states, “it is paramount that systems employ a defense-in-depth strategy along with fine-tuned detection and monitoring.” This means having logs of what happened, hopefully down to the user and/or computer level. The CIO and CISO must clearly define what information ins needed for reporting and regulatory compliance. While implementing these strategies, organizations must reconcile the privacy and legal implications of collected data. Per a US-CERT publication on Computer Forensics, in the U.S., there are two primary areas of legal governance affecting cyber security actions related to the collection of network data: (1) authority to monitor and collect the data and (2) the admissibility of the collection methods[3]. In a cyber attack, good strategies will allow the IT team to thwart and investigate an attack quickly. Following this vital information, the IT team in collaboration with executives or board members publicly report on the breach and confidently handle disclosure and legal requirements.

Beyond the direct impact that cyber attacks have on an organization, they also threaten the reputation and value of the organization. Suppose that organization has private or confidential information they need to keep protected and is the target of a cyber attack. In that case, their customers may be less likely to trust the company and stop using their products or services. Additionally, the company’s valuation could be directly impacted if that company or organization is currently undergoing an IPO, merger, or acquisition. A study by Comparitech examined the share prices of 34 companies listed on the New York Stock Exchange that had experienced major data breaches and found that companies that have experienced a breach underperform the market by more than 15% three years later. Immediately following the breach, share prices for the 34 companies fell by -3.5% on average and underperformed the NASDAQ by -3.5%[4].

Some simple ways to protect your organization are to train your employees, use antivirus software, secure your networks, use strong passwords, and especially use multifactor authentication[5]. During a Cyber Defense roundtable discussion sponsored by CSIS/DOJ, a panel of experts recommended that “against particularly sophisticated or advanced threat actors, however, they suggested using cyber intelligence gathering as an additional component of a defensive program.” Moving forward and beyond the basics – companies need to start implementing new architectures that eliminate the cyber threats of today and make many of these basic threats disappear. Since employees and emails are the leading cause of data breaches, especially in small businesses, because they are a direct path into the company’s systems, if we can eliminate the threat of malicious attachments without having to change the behavior of users, companies can drastically reduce their chances of major or impactful breaches.

 

___________________________________________________________________________________

Grey Market Labs® is a Certified B-Corp founded with the mission to protect life online. Our Replica™ platform orchestrates, automates, and secures Environments-as-a-Service, making organizations more protected with our patented privacy and Zero Trust architecture and more productive by increasing access to critical data, tools, and workflows simply, on-demand, anywhere. Replica™ support of dozens of use cases that span industries: from disrupting fraud on the dark web, to supporting military operations, combatting human trafficking, and enabling trusted data sharing in healthcare. 

Grey Market Labs® is the first cybersecurity product company recognized as a Certified B-Corp organization.

Contact us to see how we can work together.