Planet Earth can now be correctly described as a constellation of interacting and interdependent big cities. Hence, anything that harms the economic underpinnings of one of these cities disrupts the economy of the entire planet. The University of Cambridge has recently assessed what the greatest economic threats to Planet Earth are for 2019. Rising quickly up this list from previous years is the economic threat that comes from cyber attacks. Cyber attacks are now seen as the 6th most likely risk to the economic security of the planet. They have now surpassed earthquakes, civil unrest, and terrorism. As the report points out, “the capacity for cyber attacks to cause severe economic damage continues to rise. This is a threat to be closely monitored as the increasing number and severity of attacks is countered by capabilities to protect against them.” Here are the greatest risks to our economic security according to the University of Cambridge.
Keep in mind that these are risks. There is a strong likelihood that none of these will actually occur. However, the graph shows that some of these risks are more probable than others. In terms of cyber attacks, this possibility has already been realized many times. In 2018 alone, 51% of all organizations experienced some sort of cloud-based attack. Among these companies were FedEx, Intel, and Honda. Ransomware attacks are considered the most dangerous as they have already wreaked havoc with the American cities of Atlanta, Newark, and West Haven CT.
Some ransomware attacks intentionally or unintentionally bring down critical infrastructure. The San Francisco Municipal Transportation Agency was taken down by a ransomware attack last year which forced the city to give free subway rides to its customers. The UK’s Bristol Airport was attacked with an exploratory ransomware attack in September. It disrupted operations for a couple of days but seems to have not asked for a ransom. This, in its own way, is even more disturbing as it may be a preparation for a more serious attack on a larger airport.
The disturbing truth is that many of these successful attacks have been performed by small hacking groups. Atlanta was brought down by a few hackers in Iran. Imagine what could happen if the full weight of a hostile government was put behind these attacks. Ukraine knows the results of such an attack because Russian government hackers took down one of its power grids. All major hacking nations can take down the infrastructure of another nation and, in fact, already have the software in place to do so. The reason they don’t do it is the fear of retribution. They could end up losing more than they gain. It is no surprise, therefore, that many experts claim that the next 9/11-type attack will be in the form of a cyber attack.
Data breaches make up one of the most dangerous types of cyber attacks as the stolen data can be used in numerous ways to compromise companies and government institutions. 2018 had some of the largest data breaches in history. Here is a list from Avast, the top 4 of which are among the biggest data breaches of all time.
The biggest DDoS (Distributed Denial of Service) attack occurred in February of this year when GitHub was knocked offline. For those who don’t already know, a DDoS attack overwhelms servers with requests to the point where they cannot answer them and all services coming through the server stop. These attacks are especially damaging to ecommerce sites. Such was the case this year when DDoS attacks on ecommerce sites increased rapidly on Black Friday and Cyber Monday. The fact that more ‘things’ are connected to the internet (IoT) make for more devices that can inadvertently become part of a botnet that can be employed in these attacks. The BBC is investing around $650,000 in security to mitigate against such an attack, fearing that their entire internet presence could be undermined. Infrastructure such as, airports, transportation systems, banking, industries, and, yes, power grids are all susceptible to DDoS attacks.
According to Industry Week, in 2018, ransomware attacks increased by 350%, business email compromise attacks, including CEO scam attacks, increased by 250%, and spear phishing attacks increased by 70%. Will these attacks continue to rise in 2019? Will the sun rise tomorrow morning?
Trend Micro lists 2019’s greatest threats as follows.
- Phishing and Spear Phishing, including various extortion scams
- Endpoint (BYOD) attacks as more employees work remotely
- Fake news by manipulating social media
- 1-day attacks; exploiting the time lag between a security update and its implementation
- Cloud-based attacks through new vulnerabilities
- IoT attacks
Flashpoint found that most serious attacks come from nation-states with China leading the list. Not only can you expect these perpetrators to continue their attacks in 2019, but, due to increasing international tensions, to increase them even more.
We know that devastating cyber attacks will occur in 2019, but we cannot estimate where they will occur. China hacks for information so universities, industrial research facilities, and certain government agencies will be targeted. Russia hacks for political advantage or manipulation, so social media and government sites are their primary targets. North Korea has been targeting banking and other financial institutions, but will use ransomware to get money any way they can. The Five Eyes countries hack to gain political advantage. Sprinkled throughout 2019 will be a plethora of hacks by individuals and hacking groups who will target anyone who will pay them money. They will target data but only to monetize it on deep web sites.
In short, cyber attacks are in place for moving up the economic threat risk list in 2019. The bigger the company or institution, the more likely they are to be attacked. The malware for these attacks is likely already in place as most attackers view the end-of-year holiday season as the best time to begin an attack. This is because most IT personnel are not at work. If the past is any indication of the future, these attacks will be discovered and reported on in February or March. They will, then, give us a clearer indication of what lies in wait for us in the year ahead.