3 Reasons Why Cyber Risk Is Increasing Globally
The exponential growth in devices connected to cyber space has led to not only a potential host of devices to be attacked but also be attacked from. By 2020 there will be an estimated 50 billion devices and over 4 billion people, or half the global population, online.
There are 3 key reasons cyber risk and attacks are increasing globally ....
Reason 1 - Low Barriers to Entry
Many of the tools used by cyber attackers can be obtained free of charge or at a very low cost. In many cases only basic technical knowledge is necessary to undertake a cyber attack from any connected device, in many cases the weaknesses in device being attacked are present even when patches to close them are available.
The UK National Crime Agency’s National Cyber Crime Unit has found that the average age of suspects in cyber crime to be 17 years old. (National Crime Agency)
For the overwhelming majority of attacks [99%] exploiting known vulnerabilities, the patch had been available for months prior to the breach [and 71% >1 year]. (Verizon Data Breech Investigations Report)
Reason 2 - High Impact \ Reward
If the attack is well designed, it may achieve its desired objectives. This can range from intellectual property theft from a company; identity theft of an individual, credit history or credit card fraud, ransom for example for restoration of downed services and in the worst-case loss of life in the event of an attack on a medical device or industrial control system.
There has been an increase in the number of both large and small organisations experiencing successful attacks in 2015. 90% of large organisations reported that they had suffered a security breach, up from 81% in 2014. 74% of small business reported a breach, up from 60% in 2014. The average cost to a large organisation is £1.46m - £3.14m, £75k - £311k is the average cost to a small business.(BIS Breech Survey Report )
Reason 3 - Low Risk of Prosecution
The anonymity and global nature of cyber space means that it is not easy to clearly attribute the attackers originating country let alone the actual real perpetrator or perpetrators. This coupled with a disparate or non-existent legal framework for cyber space makes it the modern equivalent of the “Wild West” or that of the “High Seas” and difficult to prosecute the attacker.
MyDoom is considered to be the most expensive virus in the world and in cyber security history, having caused an estimated financial damage of $38.5 billion. No one has been caught or prosecuted to date.
In 2002 Gary McKinnon was accused of perpetrating the "biggest military computer hack of all time” to which he stated he was merely looking for evidence of a cover-up of UFO activity. After a long and protracted legal battle between the UK and the USA in 2012, 10 years later, the extradition was dropped. In late 2012 the Director of Public Prosecutions announced that McKinnon would not be prosecuted in the United Kingdom, because of the difficulties involved in bringing a case against him when the evidence was in the United States.