PAYDAY FOR HACKERS

THE COST OF CYBERCRIME

The cost of cybercrime is no joke and 2021 was evidence of this fact. In the UK alone, IT Governance discovered 1,243 security incidents in 2021, which accounted for 5,126,930,507 breached records. This reflected an 11% increase in security incidents compared to 2020. But what about the cost of cybercrime in money terms? Here are some alarming statistics relating to only 10 cyber incidents in 2021:

  • More than $600 million in cash was stolen or taken in ransom
  • The IT of 40,000 businesses was put at risk
  • 10s of millions of people had their personal records stolen
  • 1 billion airline passenger details were compromised

And this is an eye-opener – most of these incidents involved large companies that prioritize cybersecurity and claim to have robust security policies and strategies. Nevertheless, hackers were able to infiltrate these sophisticated defence systems and cause IT chaos. Even more of a wake-up call is that some of the most damaging attacks were experienced by the likes of Microsoft, Kaseya and SITA, organizations whose products and services feed directly into the systems of third parties. Isaac Guasch, a cybersecurity specialist at the international insurance group Tokio Marine HCC, said:

“Even if you are confident that your cyber security measures are up to date, those of your partners may not be, so you may need to constantly redefine your perimeter.”

THE BIG BOYS

These are  5 of the 10 companies that witnessed the true cost of cybercrime in 2021 and that had to cope with the aftermath of the attack:

  • In March, global IT provider, Microsoft Exchange observed active exploitation of vulnerabilities in its Microsoft Exchange Server products.
  • Also in March, SITA, who provides IT and telecoms services to around 2500+ customers, 1000+ airports and claims to serve around 90% of all international destinations, was the victim of a cyberattack, leading to a data security incident involving passenger data that was stored on SITA Passenger Service System (US) Inc. servers. About 1 billion passengers use SITA boarding services every year.
  • On 7th May 2021, America’s largest refined oil products pipeline, Colonial Pipeline, went offline after a hacking group called Darkside infiltrated it with ransomware. The pipeline operator said it paid the hackers $4.4 million in cryptocurrency. : In the days following the attack, the average price of a gallon of petrol in the US increased to more than $3 for the first time in seven years as drivers flocked to the pumps.
  • Kaseya is a Managed Service Provider (MSP) that provides IT solutions to more than 40,000 companies worldwide. They use and provide VSA software, a unified remote monitoring and patch management tool for handling networks and endpoints. In July, the company’s response team reported a potential security incident involving this software which would potentially affect Kaseya’s MSP customers and by extension the customers served by those MSPs. 1,500 organizations were paralyzed by the attack with the Russia-based ransomware group, REvil, demanding $70 million in ransom in exchange for a decryption key.
  • On 10 August 2021, Poly Network, a decentralized finance (DeFi)  crypto platform that facilitates peer-to-peer transactions, suffered an anonymous attack in which over $610 million in cryptocurrencies was stolen. This single incident highlights the enormity of the cost of cybercrime.

THE OTHER FIVE

Here are the other 5 companies that were subjected to the wrath and cost of cybercrime.

  • Pichincha, Ecuador’s largest private bank suffered a cyberattack that disrupted operations and took its ATM and online banking portal offline for a week.
  • RENAPER is Argentina’s National Registry of Persons and in October 2021, the records of 45 million Argentinian citizens were potentially stolen – that’s the entire population.
  • Log4j is present in millions of in-house and market software solutions and widely used in countless app components. In December 2021, a zero-day vulnerability known as Log4Shell was released. The extent and cost of this example of cybercrime remain unknown.
  • In November 2021, the hacking group Belarusian Cyber-Partisans claimed to access the full database of those crossing the country’s borders. The police database was also infiltrated.
  • In March 2021, Volkswagen USA suffered a data breach that impacted more than 3.3 million customers from the United States and Canada, including information gathered for sales and marketing purposes from 2014 to 2019.

Hackers don’t seem to care which industry sector they target. Xavier Marguinaud, Head of Cyber at Tokio Marine HCC, said:

“It’s clear that organizations of all shapes and sizes need to understand that wherever they are and whatever they are engaged in, their business is at risk.”

NEVER PAY UP AND NEVER GIVE UP

The cost of cybercrime can be insurmountable, especially for smaller businesses. Besides causing complete IT chaos and costing you a lot of time and money, a cyberattack can also inflict so much reputational damage that you might bounce back. But you don’t need to pay the price or be a victim of cybercrime. I love IT and I love what IT can do for people. Data thieves and hackers need to be stopped in their tracks and I can do that for you. As a provider of professional business IT, I have more than 20 years in the field, specializing in cybersecurity and risk mitigation. Contact me today and let’s wage a war on cybercrime. Together we will win.

Leave a comment