For those in the cyber resilience realm, it’s no surprise that there’s a continued uptick in cyberattacks. Hackers are hacking, thieves are thieving and ransomers are — you guessed it — ransoming. In other words, cybercrime is absolutely a growth industry.
As we cross into the second half of this year, let’s look at some of the most significant attacks so far:
- Blockchain schmockchain. Cryptocurrency exchange Crypto.com’s two-factor-identification (2FA) system was compromised as thieves made off with approximately $30 million.
- Still the one they run to. Microsoft’s ubiquity makes it a constant target. Earlier this year, the hacking collective Lapsus$ compromised Cortana and Bing, among other Microsoft products, posting source code online.
- Not necessarily the news. News Corp. journalist emails and documents were accessed at properties including the Wall Street Journal, Dow Jones and the New York Post in a hack tied to China.
- Uncharitable ways. The Red Cross was the target of an attack earlier this year, with more than half a million “highly vulnerable” records of Red Cross assistance recipients compromised.
- Victim of success. North Korea’s Lazarus Group made off with $600 million in cryptocurrencies after blockchain gaming platform Ronin relaxed some of its security protocols so its servers could better handle its growing popularity.
- We can hear you now. State-sponsored hackers in China have breached global telecom powerhouses worldwide this year, according to the U.S. Cybersecurity & Infrastructure Security Agency.
- Politics, the art of the possible. Christian crowdfunding site GiveSendGo was breached twice this year as hacktivists exposed the records of donors to Canada’s Freedom Convoy.
- Disgruntled revenge. Businesspeople everywhere were reminded of the risks associated with departing personnel when fintech powerhouse Block announced that a former employee accessed sensitive customer information, impacting eight million customers.
- Unhealthy habits. Two million sensitive customer records were exposed when hackers breached Shields Health Care’s network.
- They even stole the rewards points. General Motors revealed that hackers used a credentials stuffing attack to access personal information on an undisclosed number of car owners. They even stole gift-card-redeemable customer reward points.
The Tip of the Iceberg
For every breach or attack that generates headlines, millions of others that we never hear about put businesses at risk regularly. The Anti-Phishing Working Group just released data for the first quarter of this year, and the trend isn’t good. Recorded phishing attacks are at an all-time high (more than a million in just the first quarter) and were accelerating as the quarter closed, with March 2022 setting a new record for single-month attacks.
The takeaway here is to help your clients connect two vital dots:
1. The world’s biggest, most secure and best-funded organizations cannot keep the bad guys at bay. A layered cyber resilience strategy that aims to keep the crooks out while also preparing to recover if they get in anyway is the only reliable method of defending a company in today’s threat landscape.
2. Most attacks are on SMBs that never make headlines but are costly in terms of money, reputation, customers and, sometimes, their continued existence. Inaction is not an option if you want to keep your business going and growing over the years to come.