The frequency of successful cybercrime attacks is increasing every year and now seemingly, every month. In March of 2021, a ransomware attack against CNA Financial resulted in a $40 million ransom payment. In May, Colonial Pipeline discovered it was victimized in a ransomware attack that disrupted fuel supplies to much of the East Coast for nearly a week. The company paid a $4.4 million ransom. In the early summer of 2021, a media investigation into a massive data leak suggested abuse of NSO Group's hacking software, which was intended for use against criminals. The investigation also revealed vulnerabilities of Apple's iPhone software, thought to be one of the best defenses for individuals against cyberattacks.
The quickening pace of attacks demonstrates our poor state of cybersecurity readiness. Every minute, $2,900,000 is lost to cybercrime. The average cost of a data breach was $3.86 million in 2020, and worse, it took an average of 280 days to identify and contain a breach.
Even a 15% annual growth rate in spending to fight cybercrime does not appear to be keeping pace with, let alone outpacing, the growing digital security threat. Nearly 80% of senior IT employees and security leaders believe their companies need more robust protection against cyberattacks, despite recent, increased IT security investments in 2020.
With cyberattacks now impacting nations, corporations, small businesses, world leaders, journalists, pipelines and electrical grids, cybercrime represents one of the greatest threats to humanity in the 21st century. To cybercriminals, every organization and individual is fair game.
Graduates of advanced education programs can gain crucial skills for the fight against cybercrime. For example, Texas A&M International University's Master of Business Administration (MBA) in Criminal Justice online program can help students prepare for careers in the field. The following are some of the sophisticated types of cyberattacks that are becoming increasingly prevalent and advanced:
- Ransomware attacks: An astounding 51% of organizations were hit by ransomware attacks in 2020, and 26% of victims paid the ransom, including 1% who did not get their data back. This type of attack typically comes through infected emails or digital communications. Once the file is opened, malware prevents the organization from accessing networks, systems and files until a ransom is paid. Polymorphic ransomware is the latest threat, which continually changes code to evade detection.
- Business email compromise (BEC) scams: This type of attack targets businesses and individuals. Criminals send an email that spoofs a known account or website, making a legitimate request like one for an updated mailing address. Once the recipient reveals confidential information, the criminal can use it to access data they need to carry out illegal schemes, such as intercepting money exchanges and redirecting to their accounts. There was a 200% increase in BEC attacks in the first half of 2020.
- Data breaches: In this type of attack, cyber criminals infiltrate organizational data systems and hijack the data, often with denial of service (DOS) attacks that shut down businesses. Small businesses are especially at risk, as 28% of all data breaches involve these organizations. Individuals who do business with affected organizations often are at risk for identity theft and other financial risks.
- Supply chain attacks: In these attacks, criminals exploit weaknesses in an organization's supply chain, often through vulnerable third-party systems and connected IoT devices. The Solar Winds attack in 2020 made major headlines because the infiltration affected all organizations using Orion NMS, including the U.S. Department of Defense and 425 names in the U.S. Fortune 500.
- Cryptojacking: With the rise of cryptocurrency comes a rise in cryptojacking, where malware infects systems used to mine for cryptocurrency. This is a serious threat, as there are billions of potential targets and the steps for payout once a system is successfully hijacked are minimal. Bitcoin is already the preferred currency of dark-web criminals, and its popularity is driving this type of cybercrime.
- Distributed denial-of-service (DDoS) attacks: This type of attack exceeds the capacity limits of the infrastructure of a website and overloads it with requests. The overload prevents the systems from functioning and gives the attacker the opportunity to request payment for stopping the attack. There has been a 2,851% increase in these attacks from 2017 to 2020.
Many of these attacks are likely coordinated by sophisticated, rogue, government-sanctioned organizations — all equally as advanced as the highly trained personnel who fight them. History may yet show that modern society is indeed at war with cybercriminals, and future historians might recall this fight for security as a cyberwar.
Learn more about TAMIU's online MBA in Criminal Justice program.
Have a question or concern about this article? Please contact us.