In The Global Risks Report 2021 of the World Economic Forum, cybersecurity failure ranked fourth among the clear and present worldwide dangers within the next two years. The study was from September 8 to October 23, 2020, among the Forum’s international multistakeholder communities, Institute of Risk Management members, and professional networks of its Advisory Board, covering thought leaders, civil society, governments, and businesses.
Cyberattacks in the U.S.
True enough, on May 7, 2021, a cyberattack on Colonial Pipeline, the top fuel pipeline operator in the United States, used ransomware, prompting the company to shut down operations in its entire network. Ransomware is a kind of malware that encrypts data, locking down systems, and demands payment from the targeted company to regain access.
The attack on Colonial Pipeline is among the most disruptive of its kind reported and highlighted the country’s energy infrastructure vulnerability to cyberhackers. The company supplies fuel to almost half of the U.S. East Coast, including some of the country’s largest airports. A prolonged shutdown can also cause gasoline prices to soar, with dire effects on the economy.
It is not the only attack on the U.S., though. The Center for Strategic & International Studies (CSIS) reports on various attacks worldwide from 2020 to 2021. Among them are various instances targeting the U.S. For instance, according to U.S. officials, there was a surge of cyberattacks against the U.S. Department of Health and Human Services, pharmaceutical manufacturers, and healthcare providers in April 2020.
In September 2020, five hackers faced indictment from the U.S. Department of Justice for attacking over 100 organizations in government, academe, social media, IT, and other sectors. Three hackers faced indictment for attacks against aerospace and satellite technology companies and international government organizations. A ransomware attack against Universal Health Systems, a U.S. firm, resulted in hospitals reverting to manual backups, rescheduling surgeries, and diversion of ambulances.
In October 2020, the FBI and Cybersecurity and Infrastructure Security Agency (CISA) stated that hackers breached and exfiltrated data from U.S. state and local government networks and aviation networks. In December 2020, many US government agencies were among more than 200 organizations worldwide breached by hackers by compromising SolarWinds software providers, monitoring internal operations, and exfiltrating data. In the same month, hackers attacked Facebook twice, compromising account data.
In February 2021, three hackers faced indictment by the US Department of Justice for stealing and extorting over $1.3 billion in cash and cryptocurrencies. In March 2021, hackers attacked Microsoft’s enterprise email software, stealing data from more than 30,000 organizations globally, including governments, policy think tanks, defense contractors, law firms, and infectious disease researchers. These are only some of many more cyberattacks against U.S. entities.
Impact of Cyberattacks on Businesses
Businesses fuel the economy. Bank of America CEO Brian Moynihan told The Hill that in the U.S., 95 percent of businesses employ fewer than 100 personnel, and 80 percent employ fewer than 10. These small to medium businesses comprise the majority. Unfortunately, they are also often targeted by hackers. If they fall, so will the economy.
According to Expert Insights, a business with less than 500 employees loses an average of $2.5 million in a cyberattack. If the company falls under certain regulations like the European Union’s (EU) General Data Protection Regulation (GDPR), which covers even companies outside the EU that collects personal data from its people, it can face penalties for endangering personal data. Fines are hefty and can reach up to €20 million, or four percent of the company’s global annual revenue from the previous financial year, whichever is higher.
The 2020 SMB IT Security Report by Untangle surveyed 500 small to medium businesses, and 32 percent stated that budget constraints represent their main hindrance to cybersecurity. Only eight percent of these companies allotted $5,000 to $10,000 of their annual budget for IT security, while 39 percent allotted less than $1,000. This is hardly enough to provide adequate cybersecurity measures.
Most companies rely on the security provided by Microsoft or Google. Yet, if hackers can attack Microsoft’s enterprise email software, then businesses using it are also vulnerable. Google is also not failsafe. In December 2020, Google had a widespread outage of about an hour, affecting Google services including Google Docs, Gmail, Google Assistant, and YouTube.
Companies must use Google and Microsoft 365 data protection for business continuity and disaster recovery. On top of this, companies must either employ their own IT security experts or hire professional cybersecurity services for protection.
You Need to be Cybersafe
Whether you are a government, a company, or an individual, cybersecurity protection is necessary and non-negotiable. As most people are still working from home, individuals connecting remotely for work represent the weakest link in security. Public and private organizations must install adequate safeguards to cover this gap in defenses.
The security of governments and companies hinges on the cybersecurity awareness and compliance of individuals who work there. It is, thus, the obligation of individuals to strictly adhere to digital security guidelines and regulations.