Are cyber threats genuinely a menace to the average American business or individual? We delved into the data to uncover the truth, and it’s shockingly concerning. [Insert Infographic]A pivotal aspect of this infographic is the assertion by Keith B. Alexander, the former head of NSA, CSS, and USCC, who describes cyberattacks as “the greatest transfer of wealth in history.” His extensive experience underscores the severity of cyber threats to U.S. businesses. Who better to understand hackers than a U.S. general who led three federal cyberwarfare departments? Considering his perspective, let’s examine the facts that shaped his viewpoint.[Insert Infographic]Firstly, launching a distributed denial of service (DDoS) attack costs as little as $38 per hour. Therefore, if someone aims to bring down your website for a full workday — or even peak hours — they can do so for less than $400. While this may seem like a substantial amount to some, it’s likely within the reach of most for a one-time expense. The real concern lies in the potential damage they can cause.Every hour your business is offline due to a cyberattack costs you $40,000 in damages. For hackers paying just $38 per hour, this translates to a staggering $1052.63 in damages for every dollar they invest. This results in an incredible return on investment (ROI) in the most detrimental sense, achievable with little more than an irate individual and the right connections.Given this, it’s no surprise that cyberattacks cost companies globally $7.7 million annually. With half of the world’s cybercriminals targeting U.S. entities, the annual cost to U.S. companies amounts to $15.4 million. Consequently, the U.S. loses 500,000 jobs annually due to cybercriminal activities.Annually, the country incurs a loss of $100 billion (or 0.64% of our GDP) solely due to cybercrime.[Insert Infographic]Two industries are disproportionately affected by cyberattacks:
Financial services
Energy companies
Financial services are frequently targeted due to their inherent wealth. From stolen bank information to hacked ATMs, the direct financial benefit to hackers is undeniable. Energy companies, on the other hand, may not directly profit from disrupting a power distributor’s grid or an oil conglomerate’s infrastructure, yet they remain prime targets. In 2014, the U.S. energy industry experienced 79 hacking incidents (of which we are aware), a decrease from 145 in 2013. However, this also indicates that hackers may be becoming more sophisticated in their methods.Should a hacker develop an innovative new way to infiltrate your system, existing prevention software may not suffice. Unfortunately, hackers are often one step ahead. Trend Micro’s chief cybersecurity officer noted in June 2015 that “the energy sector is woefully unprepared for protecting itself against cyberattacks.” This, coupled with the constant evolution of cyber threats, makes the energy industry an easy target for both new and experienced hackers.Irrespective of their motivations or skill levels, the fact remains that energy companies are attractive targets for cybercriminals.On the internet, resources are abundant and accessible. Information is readily available, and communication is just a click away through email, instant messaging, message boards, and various media platforms. This ease and affordability of cyberattacks are a significant contributing factor.DDoS Attacks[Insert Infographic]Distributed denial of service (DDoS) attacks are among the most prevalent forms of cyberattacks globally. In 2013, they impacted 60% of all companies, with 87% of those companies experiencing multiple attacks.DDoS attacks are favored due to their simplicity. All a hacker needs to do is create a script for bots (or gather a group of like-minded individuals) to flood the target’s servers. Once the servers are overwhelmed, the business is unable to operate until they are restored.However, bandwidth is finite. If there is a constant influx of visitors attempting to access your site, your servers may not recover until the flood subsides.Ransomware[Insert Infographic]Ransomware is a sophisticated cyber threat capable of causing significant harm to both individuals and companies. It involves infecting a computer with malware that encrypts valuable files, demanding payment for decryption. These files could range from personal photographs to customers’ credit card information.Whether it’s personal or business-related, the situation is dire. Without expert knowledge in cryptography, your options are limited. What’s most concerning about ransomware is its increasing prevalence.In 2013, there were 8,274 recorded attacks, rising to 373,342 in 2014 — a 45-fold increase. A single ransomware attack could potentially deplete your bank account.Preventing ransomware requires good online habits, though this isn’t always effective. As hackers become more sophisticated daily, their tactics grow more deceptive.Spear Phishing[Insert Infographic]Phishing involves sending emails with attachments or links that infect your computer and steal personal information. Spear phishing is an intensified version of phishing that targets specific individuals by analyzing their email patterns, copying addresses, and sending messages from those addresses. For instance, if your marketing team frequently communicates with your company’s president, a spear phisher would identify this and send a message from that address.Once the recipient clicks on a link or attachment, their computer (and potentially the company network) becomes infected with malware. This malware could provide a hacker with access to sensitive information, disrupt internal communications, or initiate other forms of attacks. While this hacking style might sound like a scene from a movie, it’s a very real threat.In 2014, 83% of all large companies worldwide were targeted by spear phishing, with mining companies being particularly vulnerable, accounting for 44% of all targets. That means nearly one in every 2.7 mining companies was targeted by spear phishing.In the financial industry, the risk is higher due to the sheer number of institutions, but the mining industry faces a greater risk due to the scarcity of companies within it.[Insert Infographic]In 2008, a hacker targeted Citibank’s ATM servers, stealing approximately $2 million from the financial institution. While this is a significant amount, it pales in comparison to other historical cyberattacks. For example, in 2009, RBS WorldPay lost 1.5 million payroll account details, resulting in approximately $8.4 million in losses for the company.One of the most infamous cyberattacks occurred in 2014, when Sony’s movie database was hacked, costing the company about $15 million in damages. Additionally, in 2012, Saudi Aramco was hacked during Ramadan, effectively sending the company back to the 1970s in terms of technology. For weeks following the attack, the world’s most valuable company had to conduct business via faxes, typewriters, and manual methods.This resulted in an estimated $1 billion in damages, though this figure has not been confirmed or denied by Saudi Aramco. As a privately-owned company by the Al Saud royal family, they are not required to disclose such details.[Insert Infographic]However, not all victims of cyberattacks are large, multinational corporations. Many are small businesses, or companies with fewer than 500 employees. In fact, 71% of cyberattacks target businesses with fewer than 100 employees. Additionally, 95% of all Visa credit card breaches are related to small businesses, and 44% of all small businesses suffered a cyberattack in 2014. Hackers may target small businesses for various reasons, but their size and limited budgets often make them prime targets. These businesses possess working finances and customers’ personal information, whether it’s individual credit card numbers or sensitive business details. Moreover, small businesses typically lack the advanced security measures of large corporations.Given their size and income, small businesses have less to lose. While the average cost of a cyberattack on a small business is around $8,700, this is still a substantial amount for a small staff. Depending on the business’s financial health, this could be enough to permanently close the doors.As hackers continuously innovate and test new attacks, there are certain standard practices you can adopt to protect yourself and your business from cyber threats.Preparation Before an Attack[Insert Infographic]Regularly review your finances. This includes bank accounts, credit cards, 401k, and any other financial transactions. Never open attachments from unknown senders. Even seemingly harmless messages can contain harmful attachments.Manually enter URLs instead of clicking links. Similar to attachments, links can appear safe while installing malware on your computer. Avoid clicking links sent via email; instead, hover over the link to view the full address and enter it manually if comfortable.Do not save passwords on your phone or computer. If necessary, write them down by hand and store them in a secure, locked drawer. Change passwords regularly; a good password’s lifespan is approximately six months. Set calendar reminders to update passwords at least twice a year.Do not text or IM personal information. Even with encrypted messaging services, there’s always a risk of interception or decryption. Only use websites with HTTPS security for transactions and information submission. HTTPS indicates that a company or individual has taken essential steps to secure their website, though it doesn’t guarantee complete protection.Use SSL or HTTPS for your business website. Since you’ll only submit information to HTTPS-protected websites, it’s logical to use HTTPS for your business as well. This demonstrates your commitment to protecting visitors’ valuable information.Regularly scan your site and computers for malware. While some hackers try to stay ahead, many use methods that have been around for years. Regular scanning can help detect and prevent the majority of cyber threats and malicious software before they cause damage.Regularly assess your site for vulnerabilities. In addition to malware, check your site’s code, security protocols, and other preventive measures regularly. Set up an anti-virus or anti-malware program to automatically scan your system throughout the week. Store digital keys and certificates in a secure, tamper-proof cryptographic data storage container. If you’re concerned about encryption, you can store sensitive information in an offline container; just ensure you create and track backups.During and After an Attack[Insert Infographic]In the event of a cyberattack, it’s crucial to respond swiftly and intelligently. These steps can help eliminate any malware, worms, or viruses that have infiltrated your systems beyond repair.
Disconnect your device(s) from the internet.
Perform a full system restore.
Reinstall all protection software.
Update all protection software.
Contact all necessary entities to ensure your information is secure.
Once these steps are completed, you can focus on understanding how the attack occurred and take measures to prevent future incidents.Cyberattacks pose a real threat to anyone, regardless of their online behavior or profession. One of the best ways to safeguard yourself and your business is to share this information with others.Share your thoughts with us on Twitter using our social buttons!