45 Billion Dollar Industry: Guess what it is?

On Friday, May 7, 2021, Colonial Pipeline shut down the 5,500 miles of the pipeline they run, producing 45 percent of the fuel on the east coast (Sanger et al., 2021). Why would an organization that big shut down all its production and distribution? Hackers had infiltrated the Colonial network, stolen data, blocked access, and required a ransom to let Colonial begin operations again. Colonial had been the victim of a ransomware attack. Ransomware attacks are not new; in fact, ransomware attacks have been on the rise (Sanger et al.). Sheng (2020) states that large-scale data breaches increased over 270 percent when comparing the first quarter of 2019 to 2020.

With the increase in cybercrime, it underscores that organizations need to increase cyber security.

What is Cyber Security?

This begs the question what is cyber security? Wikipedia states that “Computer security, cybersecurity or information technology security (IT security) is the protection of computer systems and networks from information disclosure, theft of or damage to their hardware, software, or electronic data, as well as from the disruption or misdirection of the services they provide” (Wikipedia, 2021, para.1).

Essentially, the purpose of Cybersecurity is to protect your data from all threats (Ohri, 2020). In an interview with a data security expert, I asked what organizations could do to help protect against cyber-attacks. His response was shocking to me. I was expecting him to have some powerful program that needs to be installed on your server. However, it was much tricker than that. His point was that attackers need access, so the best thing you can do is make sure employees have protocols around internet use, antivirus, and email filtering to sniff out malware (T. Smith, personal communication, May 21, 2021). When looking at the FBI’s (FBI, n.d.) website, they make many of the same recommendations: keep a firewall turned on, have an antivirus and antispyware software, keep your computer operating system up to date, be careful what you download, and turn your computer off.

This should be scary for organizations, as every employee now becomes a security risk!

What are the different types of Cyber Attacks?  

Education around different types of attacks is an essential next step. Here are five types of attacks with a description for each one.

1. Phishing Attacks – Phishing is typically done with emails that look like they are from a trusted source. They include the company logo, the footer appears to be in order, and it may even seem relevant. However, clicking on that email takes you to a site that looks identical to the company, yet it is not. (FBI, n.d.; Jefferson, 2021; Ohri, 2020).
2. Malware Attacks – Malware is short for malicious software. It refers to any invasive software developed by cybercriminals to steal, damage, or destroy computers, computer systems, or data. (Cisco, n.d.; Jefferson, 2021; Ohri, 2020).
3. Distributed Denial-of-Service - A denial-of-service attack occurs when genuine users cannot access websites, devices, systems, or other network resources due to a cybercriminal flooding the target with traffic. (CISA, n.d.; Jefferson, 2021; Ohri, 2020).
4. Business Email Compromise - A BEC scam is when criminals send an email that looks to come from a recognized source making a legitimate request; however, it comes from the criminal. The attacker may be posing as a vendor, employee, or customer (FBI, n.d.; Jefferson, 2021).
5. Password attack - A password attack is when an attacker tries to guess, obtain, or decrypt a user’s password illegally (Jefferson, 2021; Ohri, 2020).

Here are some other types of cyber-attacks with links to more information:

• Drive-by attack 
• SQL injection 
• Cross-site Scripting 
• Eavesdropping attacks 
• Man-in-the-middle attacks 
• Artificial intelligence (AI) Attacks 
• Zero-day exploit 
• DNS Tunnelling 
• Cryptojacking 

These attacks cause privacy issues for individuals and organizations. Cybercrime has become a $45 billion industry (Cisomag, 2019). With cybercrime increasing, organizations will need to become more educated about cyber-attacks, help employees learn how they can help protect the organization, and put measures in place to protect against attacks (FBI, n.d.; Henricks, 2019).

References

Computer security. (2021, September 21). In Wikipedia. https://en.wikipedia.org/w/index.php?title=Computer_security&oldid=1045574792

CISA. (n.d.). Understanding Denial-of-Service Attacks. CISA. https://us-cert.cisa.gov/ncas/tips/ST04-015

Cisco. (n.d.). What Is Malware? Cisco. https://www.cisco.com/c/en/us/products/security/advanced-malware-protection/what-is-malware.html

Cisomag. (2019, July 24). Cybercrime a $45 billion industry: Report. Cisomag. https://cisomag.eccouncil.org/cybercrime-a-45-billion-industry-report

FBI. (n.d). The Cyber Threat. FBI. https://www.fbi.gov/investigate/cyber

Henricks, M. (2019). 5 ways your employees can help prevent cyberattacks. Spectrum Business. https://www.spectrum.com/business/insights/management/5-ways-your-employees-can-help-prevent-cyberattacks/

Jefferson, B. (2021, August 6). The 15 most common types of Cyber Attacks. Lepide. https://www.lepide.com/blog/the-15-most-common-types-of-cyber-attacks/

Ohri, A. (2020, November 18). What is Cyber Security: Everything to know in 6 easy points. Jigsaw Academy. https://www.jigsawacademy.com/blogs/cyber-security/what-is-cyber-security/

Sanger, D. E., Krauss C., & Perlroth, N. (2021, May 8). Cyberattack Forces a Shutdown of a Top U.S. Pipeline. The New York Times. https://www.nytimes.com/2021/05/08/us/politics/cyberattack-colonial-pipeline.html

Sheng, E. (2020, July 29). Cybercrime ramps up amid coronavirus chaos, costing companies billions. CNBC. https://www.cnbc.com/2020/07/29/cybercrime-ramps-up-amid-coronavirus-chaos-costing-companies-billions.html