Photo from Unsplash
Originally Posted On: https://wmtek.com/reality-bytes-what-you-need-to-know-about-hackers-in-the-digital-realm
Although the Digital Age is a relatively recent phenomenon, it is hard to imagine a world in which everyday life didn’t somehow hinge on an ecosystem of interconnected, online systems used to transfer Internet data quickly and freely. This rapid expansion of the Internet, accelerated by the twenty-first-century advent of smartphones and other computing devices, continues to shape a modern-day culture dependent on easy—and instant—access to a boundless cyberspace of media, apps, and content.
Today, with utilitarian digital literacy all but assumed, consumers are hungry for the rollout of next-gen cloud-based solutions, A.I. assimilation, blockchain applications, and algorithmic decision-making, leaving major telecom firms like AT&T scrambling to build the 5G infrastructure needed to satisfy an insatiable demand for bandwidth.
We live in a time of unprecedented digital disruption; it’s as if our brains have been hacked to seek out a new set of operating standards and expectations, in a restless pursuit of tech-enabled ways of doing things cheaper, quicker and in an increasingly convenient fashion. From the way we drive—subservient to community-driven GPS navigation apps—to our appetite for no-fuss door-drop dinners, we are powerless to resist, captivated by the possibilities of increasing connectivity in the online realm.
The Growing Landscape of Web ThreatsSpoiler alert: not everything about the Internet is quite so conducive. Today, more than ever, the darker side to our digital dependency is in full view. The prevalence of smart devices and high-speed mobile networks has proven fertile ground for an always-connected vector of malware, fraud, and other shenanigans. In short, our day-to-day insistence for constant connection via the Internet of Things (IoT) has outpaced our acceptance—and even awareness—of adequate cyber security measures.
Consider this: In the last month, how many of your online purchases required you to volunteer sensitive information, including your payment details? Or maybe such info was already saved for autofill, streamlining the buying process to a one-click whim? Which of your utility bills were paid by direct debit? Did you open or download any apps, or log into any “Free WiFi” locations? The reality is that all these online interactions bank on your willingness to entrust—and sometimes unwittingly trade—your personal data.
Perhaps unsurprisingly, financial institutions—the architects and gatekeepers of the global economic system—have regularly found themselves in the crosshairs. As these commercial titans look to establish a worry-free approach to online banking and investment—activities underwritten by vast amounts of money and personal data—hackers have zeroed in on financial gain as a key motivator. And it’s not hard to understand why.
Ransomware, whereby a form of malicious software (malware) is designed to encrypt files on a device, rendering all data, files and systems that rely on them unusable, is one of the instruments of choice among ambitious hacker groups. The end goal for perpetrators is to force the shackled entity to pay a considerable sum for the essential decryption key.
According to some reports, ransomware payouts soared in 2021, with 46% of victim organizations buckling to their adversaries’ demands. The corporate implications in terms of risk analysis and contingency planning are staggering. And costly; early this year Bloomberg Law cited a report issued by Fitch Ratings that found that “cyber statutory direct written premiums rose by 74%” to nearly $5 billion.
Volatile market conditions like this only favor further foul play: as the cost of coverage skyrockets—with fewer insurers willing to offer comprehensive protection policies—so does the proportion of businesses and individuals exposed to online attackers.
Big Data, Big ChallengesWhile the common response is to denigrate hackers as callous opportunists, they are undeniably calculating and creative. They have long recognized that crippling the mechanics of a money-making machine—that is, directly handicapping the day-to-day operations of a business with malware—is only one way to leverage their digital deviousness. Taking customers’ data hostage and spreading widespread panic and fear among a trusting customer database is equally, if not more, effective.
For the cybercriminal, packets of customer data are synonymous with dollar stacks, so, assuming these bad actors have the motivation, means, and opportunity to strike, everyone is at risk, from Board members of the largest multinationals to the most cautious of Amazon.com debutants.
Naturally, greater concentrations of online activity result in more data; more data means more incentive to attack. But attempting to quantify the incentive—in other words, how much hackable data there is out there—is not a straightforward task.
Back in 2018 the International Data Corporation (IDC)—the premier global provider of market intelligence, advisory services, and events for the information technology, telecommunications, and consumer technology markets—forecast that the Global Datasphere—the amount of data created, captured, and replicated in any given year across the world—will grow from 33 Zettabytes (ZB) in 2018 to 175 ZB by 2025. Ringfencing growth of this magnitude and working out how to protect it 24/7 from “virtual villainy” is a hard act to fathom. What’s more, this forecast could never have accounted for the spike in data created and replicated in 2020 due to the dramatic uplift in the number of people working, learning, and entertaining themselves from home during the height of the COVID-19 pandemic.
Data BreachesSome of the more recent high-profile data breaches, such as those impacting First American Financial Corporation in 2019—which affected 885 million data records of names, account numbers, Social Security numbers—and Facebook in 2021—which compromised 533 million records containing details of phone numbers, full names, locations, email addresses, and biographical information—exemplify the vulnerability of even the most stable stalwarts of the online era. In just two incidents, over 1.4 billion data records, sufficient information to impersonate people and commit fraud, were exposed.
There are several companies and associations that make it their business to track and quantify the enormity of the challenge. Regardless of which you subscribe to, the headlines make for disheartening reading. Verizon’s 2019 Data breach Investigations Report cites that 71 percent of breaches are financially motivated. No shock there, but the same report also suggested that 34 percent of data breaches in 2018 involved internal actors. Vigilance is key—keep an eye out for any nefarious activity among colleagues and friends! Not that this will prove much help in the face of IBM’s finding, published in their Cost of a Data Breach Report, that data breaches in 2020 took, on average, 287 days to identify and 80 days to contain.
Experion’s Data Breach Industry Forecast does little to dissipate any onset of anxiety either, with authors forwarning that cyber attackers are now concentrating on biometric hacking and working to expose some of the technical weaknesses of touch ID sensors, facial recognition, and passcodes.
While almost impossible to reliably estimate just how economically catastrophic all these developments could be in the coming years, Cybersecurity Ventures warned, back in 2020, that the pinch could be as much as $10.5 trillion globally by 2025. IBM’s more recent study, How much does a data breach cost in 2022? lends credence to this rather prophetic outlook by stipulating that the average cost of a data breach in 2022 was 4.35 million, up 2.6% from 2021.
Gulp.
It’s little wonder that cybersecurity and the need to make governments, businesses, and individuals increasingly “resilient” to attack is now top billing on any domestic and foreign policy agenda.
A Rise in HacktivismWhile corporate hacking in it is multiple forms—espionage, source code theft, data ransoms and the sale of data on the dark web, to name but a few—are all quick routes to market for hackers, there are other motivations that have public officials increasingly spooked: Hacktivism. Derived from “hack” and “activism,” hacktivism refers to the act of hacking a computer system for politically or socially charged reasons. The individual who carries out such an attack is known as a hacktivist.
It’s not so much that Hacktivism is a new enterprise, but rather that in today’s turbulent times, the chief protagonists have so much more oxygen. The clash of geopolitical uncertainty, civil unrest, and a disgruntled globalized population losing a grip on economic security makes for a perfect storm in which hacktivists can thrive.
For as long as social division conquers hearts and minds—a distinct hallmark of 2022 thus far—hackers have ample cause with which to attribute their impropriety.
This was perfectly illustrated in the US recently when militant pro-choice activists doxxed the six Supreme Court justices prior to the Court’s overturning of the infamous Roe v. Wade ruling on abortion, publishing their partial addresses online as part of a planned protest.
There are commentators that debate whether hacktivists should be painted with the same brush as cybercriminals. This is a gray area, and really depends on the lens through which you consider hacktivism to be more steeped in the act of hacking or activism. It may be true that the principal motivation for the hacking is to provoke social change, but the act itself is designed to trigger a series of detrimental and often harmful consequences. Out of all the known Hacktivist groups, Anonymous is one of the most recognized. The group shot to notoriety in 2008 after launching Distributed Denial of Service (DDOS) attacks—attempts to send a barrage of artificial traffic to a targeted site until it crashes—on the Church of Scientology.
Targeting Non-ProfitsIncreasingly, non-profit organizations and faith-based groups are in the firing line. The Institute of Critical Infrastructure Technology (ICIT)—a cybersecurity think tank—in 2017 suggested that about 50% of charities had already fallen victim to a serious cybercrime incident. How callous, you might think, but to the motivated hacker such groups are often easy and—paradoxically—profitable targets. Most non-profits and faith-based groups are significantly data rich, storing donor details in their digital archives, which, more often than not, are only protected by the most elementary software. Unlike profit-orientated corporations, which typically invest in sophisticated firewalls and employ teams of skilled IT professionals to evade cyber threats, non-profits, charities, and faith-based groups tend to lack such resources.
In 2020, Blackbaud, a non-profit software provider, reported a major data breach at one of its clients, Vermont Foodbank, at a time when more Americans than ever were living on food handouts due to the socioeconomic impacts of the COVID-19 pandemic.
In January 2022, there was a sophisticated cyber security attack against computer servers hosting information held by the International Committee of the Red Cross (ICRC). This breach compromised the personal data and confidential information of more than 515,000 highly vulnerable individuals, including people separated from their families due to conflict, migration and disaster, missing persons and their families, and people in detention.
Preventative ActionSimply put, no target is off limits. Data is the newest form of loot, and regardless of motivation, they want yours.
According to published Forbes technology author, Dan Pennell, the CEO of WMTEK, a Florida-based outfit that offers web design, front and back-end development, as well as “online giving” and “donor management services, “the threat to non-profit, and especially Christian Evangelical organizations is greater than it’s ever been.”
“With so many corporations, government entities, media outlets and non-profit organizations getting hacked it is more critical than ever before for your organization to put proper business continuity plans and cybersecurity protocols into place.”
This would seem sound advice in the Digital Age; today, trying to outrun or hide from the threat of cyberattacks is futile. We cannot unspin the World Wide Web, so to speak.
Resilience is the key, and increased collaboration between vested parties will surely render the most attractive long-term outcomes in terms of cyber-attack preparedness. But in the short-term, awareness of the threats and how best to mitigate them is paramount.
