The Rising Cost of Cybercrime: Why Every Business Needs a Cyber Resilience Strategy

The Growing Threat of Cybercrime

Cyber attacks can be varied and unpredictable, posing as ransomware, phishing, DDoS attacks, amongst others. In order to manage the complexity and diversity of attacks, a well-rounded response plan of mitigation and continuity must be implemented. 

In a survey of over 500 global businesses that were hit by cyber crimes in 2023, it was reported that 51% of organizations intend to augment security investments as a result of a breach, including incident response planning and testing, employee training, and threat detection and response tools. 

Prominent Global Cyber Attacks 

2020: Marriott Data Breach

The staggering Marriot International cyberattack of 2020, the latest in a series of attacks on the hotel chain, further exposed system vulnerabilities, affecting 5.2 million guests’ personal data. The information that may have been compromised included identity markers, credit card information and passport numbers. 

The hotel claims social engineering was used by an attacker to trick an associate at a single Marriott hotel into providing access to their computer. 

2021: Colonial Pipeline Ransomware Attack

In 2021, a critical pipeline that provided oil to much of the east coast of the United States was paralyzed by the DarkSide group. Major supplies of fuel were disrupted for nearly one week, causing notable disruptions to the economy and to individuals. 

The amount of ransom demanded (and paid) to the attacker was 75 bitcoins, which amounts to roughly USD 4.4 million. 

U.S. Government was forced to take notice, harnessing the Cybersecurity Infrastructure and Security Agency and the Federal Bureau of Investigation to augment resilience across critical national industries, such as energy. Eventually, part of the ransom paid was recovered, but not before alerting Americans to the vulnerabilities of their key resources. 

2022: Nvidia Data Breach

World leading chip manufacturer Nvidia was a target of a cyber attack in 2022.  The LAPSUS$ hacking group claimed responsibility, leading 20 GB of data (out of the 1 terrabyte it claimed to have stolen) before demanding ransom.

Nvidia admitted that the actor exfiltrated employee credentials and proprietary information and began leaking it online. The data leak also exposed information about upcoming processors, SDKs, and GPU source code.

Nvidia responded by enhancing their network security, engaging cybersecurity incident response experts, and notifying law enforcement authorities. Additionally, all Nvidia employees were required to change their network passwords.  

2023: Latitude Financial Data Breach

The major Australian financial services company Latitude Financial was subject to an attack that compromised personal information of 14 million of its customers across Australia and New Zealand. 

The cyber criminals demanded ransom, which Latitude refused to pay. 

Instead, Latitude immediately contained the attack and engaged with external cyber-security experts, the Australian Cyber Security Centre, the Australian Federal Police and relevant government agencies. They also partnered with IDCARE, Australia’s national identity and cyber support service. 

Key Elements of Success in Cyber Resilience:

The breadth and intensity of current cyber attacks across diverse industries requires extra vigilance from companies. In order to create an environment of cyber resilience, some important steps to follow are: 

1. Backup and Recovery: Regular backups and a robust recovery plan allow companies to restore their systems and data quickly.
2. Cyber Insurance: Cyber insurance policies can help cover some of the costs associated with the breach, reducing financial impact. Insurance will only be granted once the insurer is satisfied with the Company’s checks and compliance and security measures. 
3. Advanced Security Measures: A layered security approach that includes a remediation and recovery plan and security controls that can include encryption and multi-factor authentication, can help prevent future attacks.
4. Collaboration with Cybersecurity Experts: Partnering with cybersecurity experts helps to analyze attacks and fortify defenses further.

Achieving cyber resilience is in today's landscape of frequent and diverse cyber attacks is essential. With the rising costs and increasing frequency of cyber crimes, it is essential for businesses to develop a multi-layered approach to cybersecurity. This involves anticipating breaches and employing all available tools to protect their operations, reputation, and services. This doesn’t have to be done alone. The right partner can help fortify organizations with customized solutions and round-the-clock monitoring. 

To learn about how Rewterz can create cyber resilience for your organization, contact an expert.