One Vulnerability; Devastating Consequences by@craiglebrau

One Vulnerability; Devastating Consequences

image
Craig Lebrau HackerNoon profile picture

Craig Lebrau

I find myself watching crypto charts more than movies these days. Also a keen blockchain developer.

Companies are realizing that one single vulnerability in their system could lead to a devastating cyberattack, and loss of productivity.

A world without the Internet is unimaginable today. To prove this point, it was recorded at the beginning of 2021, that 59.5% of the global population or 4.66 billion people in the world have access to the Internet on mobile devices.

Nevertheless, every good thing has a flip side. And as former vice mayor of Beijing with experience in cybersecurity, Lu Wei, said, “(Even as) The Internet is a worldwide platform for sharing information … No country is immune to such global challenges as cybercrime, hacking and invasion of privacy.”

For instance, the largest ever cyberattack on America’s oil infrastructure took place on May 7, 2021, when the Colonial Pipeline was subjected to a ransomware attack where hackers attacked the company’s computerized management equipment, and froze the 5,500 mile pipeline distributing gasoline and jet fuel the US Southeast, from Texas to New Jersey. Drivers in the region responded to the attack by rushing to fill up their gas tanks, leading to a fuel shortage in the region. The Federal Bureau of Investigation (FBI) helped Colonial Pipeline to pay a ransom of $4.4 million to the hackers identified as Darkside, to restore the jammed operations.

Shortly afterwards, the U.S. meat processor JBS got hit by a cyberattack, forcing the company to halt operations at its facilities across the country.

Then, in June 2021, the largest ferry service in Massachusetts to the islands of Martha’s Vineyard and Nantucket, the Steamship Authority of Massachusetts, was targeted by a ransomware attack, hampering ferry services, and delaying travel between the islands.

Meanwhile, the FBI, in its most recent annual Internet Crime Report states that the U.S. endured over $4.2 billion losses in 2020 due to cybercrime, which was a 20% increase from the losses in 2019. Furthermore, the FBI found that the number of cybercrimes in 2020 was a 300,000  increase over 2019. This trend is partly attributed to the significant rise in Internet usage during the pandemic, with the FBI stating that they received “over 28,500 complaints related to COVID-19, with fraudsters targeting both businesses and individuals.” They also noted the top three cyber crimes as being “phishing scams, non-payment/non-delivery scams and extortion.” Moreover, the commonest cybercrime appeared to be phishing, with such activity accounting for 30.5% of all complaints made to the FBI Internet Crime Complaint Center. Phishing is so widespread because of its effectiveness. The perpetrator only has to convince victims that they are on real websites, and responding to real emails. Although many people are now becoming more aware of these crimes, and are, consequently, more cautious, many are still manipulated by cyber attackers.

Moreover, Microsoft reiterates this point through its comments that cyber criminals “adapt(ed) their tactics to match what was going on in the world” in 2020. Furthermore, according to Microsoft, the intensified pandemic-related cyber attacks were “really a repurposing from known attackers using existing infrastructure and malware with new lures.”

Adding to this view, the Cincinnati Business Courier, during the height of the pandemic in 2020, reported that cyber criminals were exploiting the new remote work concept by engaging in hacks, video hijacks, data breaches and fraud.

Thus, cybersecurity has become a major concern for organizations across the globe. In fact, according to the U.S. based cybersecurity firm, Cybersecurity Ventures,  global losses from cyberattacks  and ensuing loss in productivity are expected to double from an annual $3 trillion in 2015, to $6 trillion in 2021.

Even though companies fear that increasing cybersecurity in operations will impede productivity, these are merely myths and baseless fears. Besides, companies know only too well that productivity is the secret of success, and a loss in productivity inevitably leads to a dip in revenue. At the same time, a well-secured system that implements enhanced cybersecurity measures, will help boost productivity and employee confidence.

It is, in fact, self-evident that if companies have boost their cybersecurity, they will have more time to focus on improving customer outreach and on bolstering the confidence of customers that their personal details available with the companies are safe from hackers. Thus, by promoting strong cybersecurity measures, companies can halt loss of customers, and gain more customers who seek secure opportunities to conduct business.

According to international cybersecurity experts at Menlo Security Inc, one of the most critical issues facing companies on cyber security versus performance challenges, is the capability of a Virtual Private Network (VPN) to handle a company workforce that is completely remote. All this while, VPNs have been handling about 10-15% of the workforce including contractors. As CTO at Menlo Security, Kowsik Guruswamy, said, “One of the first things that happened was suddenly when everybody went home, those VPN infrastructures started choking. It just wasn't designed and scaled to meet that sort of demand.”

As the pandemic forced lockdowns and remote work, millions of employees in the U.S. were using any computer they could find, old ones, news ones or work computers brought home. In many of these instances, the computers did not have adequate virus protection and firewalls that met company policy requirements. Furthermore, many people accessed vital on-premises business systems, Software as a Service (SaaS) platforms, and cloud apps on unsecured devices from their home office space, or seated at the family dining table, or children’s rooms.

As it happened, with all employees working remotely, companies had to resort to split tunnelling to ease pressure on the VPN, but this also meant some sensitive information was not adequately secured.

While companies are using different approaches to give secure corporate access to remote workers, they need to rethink VPN and remote access strategy beyond the pandemic. Research indicates that 82% of IT professionals anticipate new compliance rules in the months and years ahead, as many people will choose to work remotely even after the pandemic is through.

As former U.S. President Barack Obama said,

“I’ve been saying for years, we’re gonna have to spend a lot more time on cyber security.”


Craig Lebrau HackerNoon profile picture
by Craig Lebrau @craiglebrau.I find myself watching crypto charts more than movies these days. Also a keen blockchain developer.
Read my stories

Tags