With 9.32 billion recorded malware attacks in 2017, an 18.4% year-on-year increase since 2016, cyberattacks are quickly becoming the greatest threat to doing business.
Deloitte’s research into the business impacts of cyberattacks reveals that 95% of the costs associated with a cyberattack lie beneath the surface. Things like the increased cost of raising debt and insurance premiums are largely not even considered when you hear about cyberattacks in the news.
So not knowing the true costs of an attack can make it easy for cybersecurity to slide down the list of priorities until it’s too late.
Businesses often fail to see cybersecurity as an investment. Therefore it’s no surprise that in a research study conducted by the Kaspersky Lab only 36% of US adults would choose to be a customer of their employer knowing their ability to keep customer's valuable information secure.
Even small businesses hold valuable information that if it were to get into the wrong hands could be extremely costly.
So it's important to think about the possible motivations of a cyberattack and get into the mindset of a hacker. And to take an audit of the digital assets of the business to prioritise their protection.
According to the Australian Cyber Security Centre (ACSC), the majority of cyberattacks are financially motivated and fall into the categories of identity theft, cyberespionage or cyber vandalism.
So here’s a breakdown of the categories of cyberattacks and what they are after in your business.
Identity theft includes the fraudulent use of another’s name and personal information in order to obtain credit, loans or make purchases.
The most recent and notable example of a cyberattack with the goal of obtaining personal information is the 2017 data breach of the credit monitoring agency, Equifax.
Due to a flaw in a tool to build web applications, over 143 million Americans’ social security numbers, along with names, addresses and drivers’ license numbers were taken.
Whilst this is an extreme example, even small businesses are susceptible to similar cybersecurity risks.
One particular hoax targeted small businesses using phishing emails through malicious PDF files to create new email rules. This allowed the criminals to divert emails with keywords, such as “invoice”, to a separate email address.
They then created a new invoice with the hacked business’s branding and changed the banking details to divert the funds.
Other examples included hacking the email addresses of senior executives and requesting account departments to send transactions to overseas bank accounts owned by the hacker.
Cyberespionage is the kind of hacking done in the movies - illicitly obtaining access to confidential information through the use of computer networks.
The ACSC classifies cyberespionage as “posing the most advanced threat” to businesses, particularly for businesses that are involved in defence contracts or those that are in research and development firms.
The types of material that hackers are after in these instances is IP theft, proposed negotiation positions, client information, and other commercially sensitive information.
Cyber vandalism is much like traditional vandalism - it seeks to do damage just for the sake of it.
In a study of the motivations of hackers who defaced web pages, the second largest category of vandalised websites, only behind moral causes, were “prankster statements.” These were instances where hackers left a sign, such as “hacked by xst” or a note demeaning the system administrator.
Whilst cyber vandalism is less of a threat than traditional cyberattacks it is still an inconvenience better to be avoided.
If you would like to know more about how to secure your business from cyberattacks, download our free eBook - ‘The Ultimate Security Brief For Executives.’