The severity of cyber attacks has increased at a rapid pace over the past several years. No longer is it just large companies that need to secure themselves from malicious actors; individual users now must consider how they can protect themselves too.
First Published 27th July 2018
The more we become digital, the more we have to lose.
4 min read | Reflare Research Team
Over the past few years, we have seen a sharp uptick in both the severity of cyber attacks and the public’s awareness of them. This trend is likely to continue for the foreseeable future. In this briefing, we will take a look at why attacks are getting more severe and what organizations can do to protect themselves.
Why are attacks getting more severe? There are multiple factors flowing into this development. Let’s look at them one by one.
Cost-Effectivity
As we have noted in previous briefings, cyber-attacks are surprisingly cost-effective. Basic teams can be assembled for virtually no cost. From a state actor's prospective, even very complex attacks, dedicated staff, long-term research and buying vulnerability information on the black market will cost less than a single intercontinental missile. The economics play out similarly for non-state actors. Cyber attacks allow those interested in doing so to inflict significant damage for a relatively low cost.
Deniability
Unlike most other kinds of attacks, cyber attacks provide excellent deniability. The current US debate around if and how deeply Russia was involved in the 2016 attacks against the DNC is an example of this. Deniability reduces the cost to be paid as a consequence of an attack and thus makes the attack more attractive.
More digital assets
As more and more value is stored in digital assets, the payoff attackers can hope to gain from cyber attacks increases. This is true both for those seeking to deal maximum damage and for those seeking to extract maximum value through theft or misappropriation.
Experience
While cyber-attacks were largely a tool of small criminal or ideological groups a decade ago, the past 5 years have seen major state actors push into the digital field. As state actors gain experience with the new weapon in their arsenal, they become more and more likely to use it.
The evolution for each of these factors above is poised to trend in favour of attackers over the coming years. Easy availability of information and the decentralization of the internet will lead to increased cost-effectivity and deniability while digitalization will continue to increase the number of assets held in a digital form. State actors are building on their current experience for new attacks that will in turn lead to more experience.
Therefore, we predict that the severity and frequency of cyber attacks will increase for the coming decade.
How organizations can protect themselves
Most organizations - from small private companies to large governments - will feel the effects of the increase in cyber attacks. Those most at risk fall into three distinct categories.
Monetary value such as banks, payment processors and companies dealing in cryptocurrencies.
Political value such as political parties or organizations linked to political power as well as organizations dealing with public infrastructure and utilities.
Moral value such as organizations with a long history, or links to issues with a moral dimension such as social movements or religion.
While these organizations are most at risk, any organization may be targeted either directly or in order to gain access to a larger target.
While incident response capabilities are important, preparedness plays an equally large part in corporate cyber security. While the steps to increase security and compliance can be expensive, the cost of inaction is significantly higher when seen over an extended time span.
Summary
While no actions can make an organization absolutely secure, strong policy, regular auditing and well-trained and motivated staff can drastically increase the cost of attack and subsequently keep attackers at bay for longer.
We predict that the severity and frequency of cyber attacks will continue to increase for the foreseeable future due to a number of interlinked factors. Some organizations will face a higher risk than others, but all organizations are advised to increase their security through policy, auditing and staff development.