Cybersecurity and its role

Information security in its evolution has resulted in cybersecurity. Cybersecurity is responsible for ensuring the protection of the personal data of individuals, the Internet of Things, and information that circulates within corporate networks. Loss or disclosure of information as a result of theft or leakage will inevitably result in losses, and, worst of all, in reputational risks.

There are external and internal threats to valuable information. Internal threats are caused by the employees of the company themselves. External threats are an intrusion into the company's information perimeter, protected from outsiders.

Here are some examples of data breaches that have occurred over the past 10 years:

1. The WannaCry ransomware cyber attack took place in 2017. It attacked various devices around the world, in more than 150 countries, by encrypting data and demanding ransom for its decryption. In Russia, the cryptoworm attacked the systems of such companies as Megafon, VimpelCom, the Ministry of Internal Affairs, and others. Economic losses from the cyber attack amounted to more than US$1 billion.
   
2. In June 2017, another ransomware called Petya attacked systems owned by Bashneft, Rosneft and other Russian companies.
3. The Bad Rabbit ransomware, which appeared in October 2017, targeted the media of Russia, Turkey, Ukraine and Germany. Among domestic companies, Novaya Gazeta, Interfax and Fontanka were affected.
   
4. The 2019 data breach led to the leakage of the username/password pairs of 773 million users of email services into open access. Due to the hacking of the Rosobrnadzor website, information about more than 14 million students was leaked.
5. May 2019 was marked by the loss of data confidentiality for 900 thousand customers of Home Credit Bank, Alfa-Bank, OTP Bank.

Every year we observe global data leaks, which open up access to confidential information of millions of people and companies. Thus, in February 2021, it became known to the whole world that the login data of 3.2 billion users of Gmail, Hotmail and other mail services had leaked to the network. This caused a public outcry.

The security systems of companies like GitHub, YouTube, Skype, BitTorrent, WhatsApp and many others are constantly being hacked. Data leaks occur not only in financial institutions, government agencies and private companies, but also in the seemingly more protected military services. Thus, hackers periodically break into the systems of the FBI, CIA and defence ministries of various countries. The European Parliament, the International Olympic Committee, and the People's Bank of China are also listed among the victims.

Illegal data acquisition methods extend beyond online sources. Insiders and hackers also capture video and audio messages, communication channels, text messages, paper and electronic media, photographs and other sources of information. Even the trash cans of companies can be used by criminals as a source of valuable information. Theft and loss of gadgets - laptops, smartphones, tablets, etc. - has become a common problem.

An online survey of top managers of companies, conducted from July 6 to August 24, 2021, showed that cyber threats are a real problem for most companies. Of the 600 CEOs who are the top management of companies with revenues of more than $ 500 billion, 69% said that cyber attacks increased significantly over the past year (from the second half of 2020 to May 2021). 72% of respondents told about the committed cyber attacks, and last year alone, there were from 1 to 10 such cases. 19% of such cyber incidents resulted in a drop in stock prices on the stock exchange. In 22% of cases, theft of intellectual property took place or almost occurred.

What is the most valuable data?

It is known that on the Darknet anyone can purchase any amount of personal and confidential data, including:

• actual logins and passwords of administrators of all kinds of resources;
• information allowing access to finance and bank accounts;
• information about the personal life of users, corporate secrets and more.

Most valued is the account data of the owners of domains, sites, and other network resources. Many Internet entrepreneurs face the problem of losing access to their own Internet resource and then have to pay scammers for the opportunity to regain administrator rights on their website, or for returning a product or a customer database.

Even for the thieves themselves, such data may cost a round sum of money. Some of the data "useful" for them may be gone to the highest bidder for 100 and even 500 thousand US dollars.

User data for accessing file sharing sites costs about $ 1-2 per pair (login and password). Such data is sold by the dozen. Selling access to social media is also popular. Using such data, a cybercriminal can take out loans or register fictitious businesses.

The value indicator is unstable and changes quite often. Moreover, the first sales of data are more expensive; when resold, its price can drop significantly. Some short-sighted users may give secret information to hackers who call under the guise of a bank employee or a survey taker. Another important mistake is using the same login information for social networks, mail, messengers, etc.

Healthcare data security

Healthcare data of patients is becoming increasingly popular. According to a study by Kaspersky Lab, in 2019 and 2020, people's medical information has become more valuable than financial and banking information.

Data obtained from databases of hospitals, clinics, testing centers, etc., can be used to blackmail relatives and the patients themselves. The actions of criminals can lead to distortions in medical records, misdiagnoses, and, accordingly, incorrect treatment.

The Abbot Company, which manufactures and sells hundreds of thousands of medical devices around the world, was forced to improve and update the software on 465 thousand cardiostimulants in 2017. Having gained access to them, the hacker was able to change the heart rate of the patients. MRI, X-ray machines, mechanical ventilation, medical research systems and other equipment are also at risk.

Cyberthreats statistics by Kaspersky Lab

According to statistics, 91% of cyber threats come from corrupted employees, another 8% are committed by intermediaries, and only 1% by hackers. Moreover, hacking a username and password usually takes not minutes, as shown in the films, but several hours. Typically, when creating a login and password, users use personal data such as dates and names.

In September 2021, Kaspersky Lab published a list of the most frequently used methods of corporate cyber attacks. The first place was occupied by password guessing (brute force method), which was used in 32% of cases. For comparison, in 2020 this figure was 13%.

The second popular technique is exploiting company vulnerabilities. It accounts for 31,5% of cyber attacks committed in 2020. Cybercriminals take advantage of known, but unresolved, gaps in corporate information security. According to Kaspersky team, these include CVE-2017-0144, CVE-2019-11510, and CVE-2018-8453.

More than 50% of incidents were discovered by IT security specialists in the early days (55%). In the first hours, 18% of attacks were detected. Some of the attacks lasted longer than 90 days.

The largest number of affected companies were registered and operated in the territory of the CIS countries. Globally, theft of money here accounted for 67% of cases, and the loss of important data - 57% of cases. In 22% of cases, password-guessing programs were used.

Kaspersky Lab on how to solve this problem:

• increasing the degree of password strength (multifactor authentication, identification and access control system);
• regular updates from official software providers;
• scanning the network to identify vulnerabilities and timely fix the detected problems;
• regular training of employees on the basics of cybersecurity.

Statistics from CISA and other companies

In July 2021, the CISA (Cybersecurity and Infrastructure Security Agency), responsible for cybersecurity and the infrastructure security of the US, published a report on its research. It included the most common risks and vulnerabilities identified at the end of 2020.

According to the report, the most frequently used method was obtaining phishing links (49% of incidents). Attacks on vulnerabilities in applications accounted for 11,8%. Fake attachments took the third place, accounting for 9,8% of cyber attacks.

According to the Positive Technologies, in 2020, there was a record number of attacks on industrial enterprises. Compared to 2019, the number of incidents increased by 91%. The company’s press center also reported that malware was used 54% more often than in the previous year. Medical institutions were the most attacked by the codebreakers.

According to the Trendo Micro data from February 2021, in 2020, on average, 119 thousand cyber threats were identified every minute by its products. Remote employees and network infrastructure were the most attacked. In total, the number of cybersecurity threats increased by 20% and exceeded 62.6 billion cases.

Home networks have also experienced a large number of cyber attacks. Using them, crackers tried to gain access to corporate resources. They also hacked IoT devices to create a botnet.

As cybercriminals are on the rise, business owners need to prioritize and focus more on cybersecurity in order to mitigate risks. The increased threat and the synthesis of technological knowledge have led to the increasingly larger role of employees responsible for information security. The events of 2020 resulted in the fact that in the US, the number of information security directors at the beginning of 2021 increased by 10%. Technology is advancing rapidly, so it can be concluded that the importance of cybersecurity will strengthen accordingly.