With October being the month of Cybersecurity Awareness, here is a brief on the latest, most damaging, and most common cyber attacks of the century, along with a few tips to help you stay safe and secure while online.
The Number 1 Cause of Cyber Attacks: Negligence
Negligence is the foremost cause of cyber attacks. According to Willis Towers Watson, a global risk management insurance and advisory company, 66% of security breaches are the result of employee negligence. [1] In another study by IBM’s X-Force Intelligence Index, more than 75% of compromised records are from inadvertent insiders – employees who leave entry points for the intruders. [2] External attackers exploit internal users in the form of social engineering and comprise the sensitive data of your organization.
Negligence is also commonly called a ‘human error’. There are three types of human-based errors that can compromise sensitive data:
- Knowledge-based behavior – The employee deals the situation without any predefined rules, based on their knowledge.
- Skill-based behavior – The employee reacts to the situation instantaneously and performs based on their acquired skills.
- Rule-based behavior – The employee is guided to perform familiar actions as it is a known situation.
The Largest Cyber Attacks of the Century
Bloomberg News analyzed the data of over 200 corporate, government, and non-profit organizations and found that:
The largest cyber attacks of the century are –
<td”>2014500 million
| Name of the Organization | Year | Records Compromised (approx.) |
| Yahoo! | 2014 | 500 million |
| Marriott International | 2014 | 383 million |
| Yahoo! | Aug-13 | 3.0 billion |
| Target | Nov-13 | 110 million |
| Friend Finder Networks | Oct-16 | 412 million |
| Equifax | May-17 | 148 million |
| My Fitness Pal | Feb-18 | 144 million |
| Quora | Nov-18 | 100 million |
| Dubsmash | Dec-18 | 161 million |
Do You Know What the Most Common Type of Cyber Attack of 2019 Is?
Phishing. It is a form of social engineering where a cybercriminal influences the user to click on malicious links or downloads an infected attachment or share confidential information.
According to Verizon’s Data Breach Investigation Report 2019, phishing contributes 32% of all data breaches. [5] The Proofpoint’s report on Phishing analyzed that 83% of respondents experienced a phishing attack. [6]
Common types of phishing attacks –
- Vishing: A type of cyber attack conducted over the phone.
- Smishing: The attacker sends a malicious link through SMSs to gain access to the data on the phone.
- Spear phishing: The attacker targets a specific victim in a systematic manner for financial gain.
These Industries are the Most Susceptible to Cyber Attacks
Industries that are working closely with the personal information of individuals are more susceptible to cyber attacks. Industries most vulnerable to cyber attacks –
Healthcare
Healthcare industry is rapidly shifting online by introducing services like online consultations, expert advice, doctors’ details, etc. In the last few years, healthcare has been marked as the go-to industry for cybercriminals. FortiGuard Labs reported that the healthcare industry has experienced an average of 32k intrusion attacks per day. [8]
Financial Institutions and Banks
After migrating their data to the cloud server, financial institutions have become more vulnerable to cyber attacks. The industry is an obvious target since as it has the data of many users stored with them. The NCC Group on global cybersecurity and risk mitigation has observed that there is almost a 400% rise in the number of security vulnerabilities in the finance industry! [7] The introduction of various channels of banking like internet banking, app banking, phone banking, etc. have created multiple entry points for cyber attackers.
The Invisible Cyber Threats from Social Media
Social media is a major trap for cybercriminals. Any post that comes online can be viewed by millions across the globe. Initially, you may not see the security of your social accounts to be as important as that of your bank account but, remember, your personal data, including your family details are at stake. Your personal details like date of birth, native place, working place, phone number, and other security question hints can easily be exploited. Your purchasing history on social media or financial transactions may also be breached.
Know What You are Sharing
When you open an account on a social media website, you are often asked to share details of your school, college, qualification, job, experience, etc. Giving your personal data while signing up social media account is not the end of your privacy. The website goes beyond the details provided and tracks your IP address too!
Are You a Victim of a Cyber Attack?
If your reply is ‘yes,’ then it is not that surprising. With so much dependence on digital processing, any data online is susceptible to being breached. ,
The truth about cyber attacks –
- 92% of malware delivery takes place by email.
- The average cost of each record lost in a data breach is $148.
- By 2021, the ransomware attacks are expected to target businesses in every 11 seconds. Currently, in 2019 it is 14 seconds. [4]
- The U.S. will witness an estimated 33 billion of stealing records by 2023.
To avoid being a victim of a cyber attack, practice the following tips:
- Monitor your credit card statement.
- Never share your password or one-time-password to outsiders.
- Avoid using easy passwords. Use long phrases that are unique and hard to guess, as passwords.
- Regularly change your password.
- Multiple verification is another way to secure access to your accounts.
| Stay tuned for more updates on the latest in the cybersecurity industry, as EC-Council University celebrates the National Month of Cybersecurity Awareness! |
EC-Council University is dedicated to creating superior educational programs in the discipline of cybersecurity. The programs will equip graduates with the knowledge to assess the latest IT security risks and expert skills to handle them successfully. The university offers Bachelor and Master programs at the degree level. The Bachelor of Science in Cybersecurity (BSCS) gives required exposure, builds cybersecurity skills, and develops leadership abilities that help any candidate to grow as a cybersecurity professional. Master of Science in Cybersecurity (MSCS) makes you an expert in desired skills and helps you in gaining domain knowledge to stand ahead in the competition.
ECCU is accredited by the Distance Education Accrediting Commission (DEAC) which is a recognized accrediting agency by the U.S. Department of Education and is also an acknowledged member of the Council for Higher Education Accreditation (CHEA).
ECCU has industry practitioners as faculty members who also serve as mentors for the students when they aspire to get into cybersecurity. The iLabs facility from the university helps in gaining hands-on practice to the students.
Source:
- https://www.insurancejournal.com/news/national/2017/03/01/443270.htm
- https://www.cygnussystems.com/three-ways-your-employees-will-invite-hackers-into-your-network/
- https://www.bloomberg.com/graphics/corporate-hacks-cyber-attacks/
- https://www.techadvisory.org/2019/09/no-ransom-a-place-for-free-decryption-2/
- https://enterprise.verizon.com/resources/reports/dbir/
- https://www.wombatsecurity.com/state-of-the-phish
- https://www.nccgroup.trust/uk/about-us/newsroom-and-events/press-releases/2017/september/security-vulnerabilities-in-the-finance-sector-increase-by-over-400-since-2013/
- https://www.csoonline.com/article/3260191/security/healthcare-experiences-twice-the-number-of-cyber-attacks-as-other-industries.html
