“Ladies and Gentleman, First Lady Nude Photos” read the email that was to include a link to photos of France’s then first lady. What was not articulated was that the email was loaded with malicious code. Most of us would recognize the suspicious nature of such an email and simply delete it; however, this cannot be said for a handful of delegates that opted to open the email at the 2011 G20 Summit. The malicious code was capable of infiltrating the devices of a G20 delegate and gaining access to sensitive information.
The new reality is that we live in and depend on the online world. Cisco estimates that the number of internet connected devices will double from 25 billion today to 50 billion by 2020 (think smart phones, smart watches, household appliances etc.) – if this holds true then there will be 6.5x the number of connected devices to the global population. This is astonishing! This increased connectivity will no doubt result in increased work productivity, efficiency and a huge amount of new data. Access to this new data has been fueled by the cloud, which allows us to store all of our data in one place and can be accessed from anywhere with an internet connection.
Unfortunately, with all fairy tales comes the villain; in this case cyber attackers. These cyber attackers are breaching the connected devices to extract information that they can then use or sell to third parties. This information could be anything from your social security number to your Uber account. On the dark web – a heavily encrypted part of the internet known for hosting illegal activity – a SIN number may fetch $4 while an Uber account is typically sold for $1.15. These criminal acts come at a time when we are still in the very early stages of connectivity and fully appreciating both the potential opportunities and ramifications. As a result, many enterprises, governments and individuals have yet to build out adequate barriers to defend against such attacks. This poses a significant risk to not only the continued roll out of connectivity and smart devices but also to the economy.
So what is cybersecurity? Cybersecurity is the protection of information and electronic data against unauthorized users. Threats can take the form of email spam, viruses, worms and so forth. Viruses are software programs or code, loaded onto a computer without consent of the user and are designed to spread from one computer to another with the sole intention of interfering with a computer’s operations. Please refer to our glossary at the end of this blog post for a list of common internet threats.
Let’s take a look at some examples to illustrate the severity and extent of cybersecurity attacks and internet threats that exist today:
A major bank will receive a thousand fake emails for every one legitimate email.
One breach can cost a company millions of dollars, not to mention their reputation. Juniper research estimates that the annual global cost of cybercrime to businesses will be as much as $2.1 trillion by 2019…that’s trillion with a “t.”
Remember the largest retail hack in history where an installed malware in Target’s security and payments system resulted in 40 million credit card numbers being stolen?
3D printing technology is at risk with hackers manipulating files and providing incorrect information to the printers resulting in defects or alterations in the printed products.
97% of Fortune 500 companies acknowledge that they have been hacked. The other 3% probably just don’t know yet that they have been hacked.
Owners of the popular digital currency Bitcoin, recently learned that hackers were able to steal $68 million worth of bitcoin from the popular online exchange Bitfinex. As a result everyone who held Bitcoins online at this exchange will lose 36% of their holdings as part of a shared loss.
The preceding examples are all instances affecting enterprises; however, individuals too are very vulnerable. Just take a moment and reflect on the information that you have made available online without full comprehension of where this information is actually going or being stored. Did you update your Facebook status? Upload photos from your weekend to Instagram? Adjust the temperature of your smart thermostat? What is your heart rate according to your Fitbit? In almost all cases this data is stored, tracked and analyzed. This is a gold mine for companies in better understanding human emotions and decision making processes. What users are often naïve to is what if this personal information fell into the hands of a criminal? The criminal now has access to your whereabouts, heart rate and essentially your state of mind. Your emotions have essentially been hacked. Talk about a huge threat and cyber weapon – that is, the ability to steal someone’s emotional data and use it to manipulate them. Wouldn’t you be less inclined to visit the doctor due to fear that your health records may be made public?
Is it too naïve to still believe in a secure society? Let’s hope not, but the fact that one in six Americans feels that someone is constantly trying to harm them online is not an encouraging statistic. If there is a lack of trust online no one will divulge personal or financial information. Tasks such as online banking and online shopping will be a thing of the past as we revert back to historical, less efficient ways of conducting our lives. The internet brought with it a new level of productivity that the world had never seen before. There is still enormous potential for the internet to boost growth and we can’t let the negatives outweigh the tremendous positives.
We are living in a very exciting time with technological advancements exceeding our wildest dreams. However, as these advancements are still relatively new to us our ability to fully protect ourselves remains immature. Luckily, there are many companies involved and advancements are taking place to help mitigate the threats of cyber attacks. Surely, these developments will only continue to improve. More than 100 countries have established some type of cyber military unit to fight cyber attacks. However, individuals shouldn’t solely rely on governments to provide protection. Cybersecurity awareness should become common knowledge and not left to just the IT departments. After all, cyber attacks are usually a result of human error so it is crucial that individuals exercise a certain degree of caution and skepticism.
Maybe the only way to truly be secure now is to dust off the type writer…just kidding
The Summerhill Team
Glossary of popular cybersecurity threats:
Virus: infect computers by replicating themselves and interfering with operations or stopping it from working altogether. Viruses must attach themselves to a computer’s existing programs.
Worm: similar to a virus in that they replicate themselves to spread. Worms usually use a computer’s network in order to spread.
Spam: sending unwanted electronic messages to a large list of recipients. While spam is sometimes harmless it sometimes is used to carry malicious content like viruses.
Trojan Horse: a computer program that is designed to mislead users, it often appears to be legitimate but has malicious intent. It could exist in the form of an email attachment, URL etc.
Spyware: gathers information about a business/person without their knowledge and sends this data to third parties.
Malware: is a broad term to describe malicious software like viruses, worms, Trojan horses etc.