Cyberattacks: What They Are and What to Do About Them
Jason Coyne, SR&ED Technical Writer specializing in technology, science, and safety.
To mark this October’s Cybersecurity Month, we are providing a short guide to cybersecurity and cyberattacks. But, of course, every month is cybersecurity month. It is important to remain vigilant about protecting your systems and information.
What is a “cyberattack”, anyway?
The US government’s Computer Security Resource Center (CSRC) defines a cyberattack as “[a]ny kind of malicious activity that attempts to collect, disrupt, deny, degrade, or destroy information system resources or the information itself”. There are countless varieties of cyberattacks, but two types stand out for their prevalence and impact on business: ransomware attacks and data breaches.
A ransomware attack occurs when a digital intruder prevents access to an organization’s computer systems, typically by encrypting them; the intruder then demands a ransom from the organization before restoring access. Organizations targeted by high-profile ransomware attacks include the UK’s National Health Service, an American fuel pipeline, and the Toronto Transit Commission.
A data breach is more self-explanatory: an intruder breaks into an organization’s network and steals a large quantity of sensitive data, usually with the intent of selling it to identity thieves or threatening to release it publicly (unless, of course, the victim pays a large sum to the perpetrator).
It’s important to note that these two types of attacks aren’t mutually exclusive; indeed, nearly half of all ransomware attacks now include an element of data theft. Similarly, these aren’t the only risks posed by cybercriminal activity – incidents involving the theft of proprietary data and even industrial sabotage have occurred.
A recent study by the Canadian law firm Blakes highlights the issues. In a disturbing trend, they found that the volume of cyberattacks significantly increased in 2021; ransom amounts also rose, with a quarter of victimized organizations reporting ransom payouts of over US$1 million. These costs can be further compounded by the disruption of normal business and by any collateral damage to IT infrastructure caused by the intruder.
Unfortunately, the immediate consequences of a cyberattack aren’t the only headaches for targeted organizations.
Liability and Insurance
An underappreciated aspect of cybercrime is the indirect costs due to legal liability, regulatory compliance, and cyberattack insurance. Legal liability often arises when sensitive data, such as customer details or financial information, is comprised by a cybercriminal. Cognizant of the harm these breaches can cause to ordinary citizens, governments have begun to institute laws and regulations requiring that organizations report any breach of private information. Failure to comply with these reporting requirements can result in significant penalties.
In order to attenuate the financial risks of cybercrime, companies can obtain cyberattack insurance. These policies can cover a wide array of associated costs, such as legal claims, business interruptions, or infrastructure repair. However, general payroll is not usually covered, so labour must be done by an outside party or as overtime to qualify. Additionally, coverage for infrastructure repair typically doesn’t permit system upgrades, though, depending on the circumstances, some improvements may be covered.
Cyberattack insurance premiums can be expensive. A recent study of insurance costs in the US found that the average premium for a business with US$1 million in revenue was US$1,589/year in 2021 and that the average rate increased by about 25% in 2022.
As the danger of cyberattacks has increased and insurance premiums have skyrocketed, many companies are now wondering what they can do to mitigate their risks.
What makes a good cybersecurity strategy
The keystone of any effective cybersecurity strategy is awareness. This is a multifaceted, and admittedly vague, concept. At its core, awareness entails maintaining an understanding of the contours of the cyber threat landscape. It’s important for any company to recognize the weak points in its IT infrastructure. This can mean performing internal system audits or hiring outside cybersecurity consultants and services. Awareness also requires understanding any domain-specific considerations. For example, companies in the financial services sector face unique threats and must design their cybersecurity strategies accordingly.
Of course, awareness is meaningless without turning that knowledge into preparation. This comprises all the proactive steps taken to maintain and improve cybersecurity. The details will vary, depending on individual circumstances, but here are a few generally applicable suggestions:
- Use strong passwords, and never store passwords as raw text! They should be obfuscated with a cryptographically secure hash function.
- Similarly, institute policies requiring that passwords expire and cannot be re-used.
- Make sure security updates are promptly installed.
- Use spam filters for company email accounts – most phishing attempts begin with spam.
- Enable multi-factor authentication (MFA) for user logins.
- Limit account access levels to only what’s necessary – a compromised account with administrator privileges is a hacker’s dream.
- Train employees to spot and avoid phishing attempts or other means of credential theft.
Finally, it’s never possible to be completely “cyber-proof” – some attacks will inevitably succeed. That’s why remediation is a critical component of cybersecurity strategy. Any remediation effort must begin by assessing the damage. This step will inform further efforts, so it’s crucial to have a plan for thoroughly investigating the impact: whether any data was stolen, and, if so, the nature of that data; any ongoing impairments to operational capacity; and, most importantly, whether any traces of malware remain. With an assessment plan in place, a company can begin formulating a strategy for more concrete steps. This can include having a plan for restoring data from backups or creating media for quick reprovisioning of software packages. Any backups should be kept isolated from the main infrastructure to ensure that they aren’t compromised as well.