The WannaCry Ransomware exemple
The impact of a cyberattack can be devastating if you are one of the organsiations affected. The recent (May 2017) WannaCry ransomware attack saw organisations as diverse as the National Health Service (NHS) in the UK and international shipping firm FedEx breached, as well as computers in 150 countries across the globe.
WannaCry worked by infecting a system and encrypting files on that machine, before forcing the owner to pay the attacker a ransom in Bitcoins to receive the decryption key. Although the panic it caused was widespread, the actual damage caused was relatively low on this occasion, and CNBC revealed that the hackers behind WannaCry have only made $50,000 worth of bitcoin.
The other saving grace was that the data held by organisations was not stolen, arguably a much greater threat than ransomware. Not only is data theft easier to do, with more different approaches to try, but the consequences are greater. Once data has been stolen, the organisation it was stolen from can never recover complete control of that data again.
Statistics on the serious repercussion for the global economy
But cyberattack doesn’t just impact the organisations that get hacked, there are serious repercussions for the global economy too, and can cause billions of dollars in damage. The threat is even greater for heavily regulated industries such as financial services (FS) & for regulated industries such as health care and financial services. Here are some stats that reveal the scale of the problem:
A major cyberattack may cost the global economy $53billionThis Lloyd’s of London prediction is based on the rise in the sheer volume and complexity of cyberattacks, and the report it comes from states that a serious cyberattack could cost the global economy as much as a devastating natural disaster.
Unique malware is on the riseIn 2016 Symantec identified 100 new malware families released into the wild, more than triple the amount seen previously. There was also 36% increase in ransomware attacks worldwide, while instances of stolen identities increased 23%. However, SonicWall CEO Bill Conner believes those figures are actually even higher, stating in an interview recently that in 2016 there were 638 million attacks, compared with 3.8 million in 2015.
Risk from inside the companyWhile instances of malicious intent from employees remain relatively small, occurrences of unauthorised use of third-party software without the knowledge of a firm’s IT department is becoming a major source of malware, and is on the rise. A recent IBM study showed that in FS, 5% of attacks come from malicious insiders, 53% from inadvertent actors (as outlined above) and 42% from outsiders.
IT risk is now a business risk
So the impact of cyberattack has undoubted global implications, as well as for the individual organisation targeted. While one business cannot legislate for what every other business does (or does not do) to protect itself against attack, there is an element of collective responsibility. If everyone took the threat of cyberattack seriously, then its impact would be significantly reduced.
Part of the problem is that organisations still see cyberattack as an IT risk. Emphatically, it is not. The figures shown above highlight the fact that cyberattack is a business risk and should be treated as such. That’s why we recently launched our new OXIAL IT GRC solution, which integrates IT risks and threats with overall risk and compliance structures.
Any organisation using IT GRC will benefit from a real-time and integrated view of all cyber security threats, guaranteeing a better level of security and performance. It also makes good on an organisation’s collective responsibility to protect the global economy. It’s an approach that makes perfect sense and one that many organisations are looking into.
If you’d like to hear more details about IT GRC then do get in touch with us here.