The threat actors
Cybersecurity is a major global concern, with attacks becoming increasingly ubiquitous, growing in both frequency and size (WEF, 2020). There are a diversity of threat actors whose numbers are steadily rising as well. These include hacktivists, who are closely linked with political or social movements and could involve anyone from hackers taking action to defend free speech to those closely aligned with terrorist organisations. Insiders are another important cyber threat and, indeed, the biggest source of incidents (Cardenas et al., 2009). However, they may be the easiest to handle through a sound cybersecurity program. Cybercriminals are increasing in capability. Many cybercriminal groups have become mature professional organisations, some of them employing dozens of hackers and possessing large financial resources (Cardenas et al., 2008). Well-functioning markets on the âdark webâ provide skilled individuals with incentives to steal data or develop new automated attack tools (Herley and FlorĂȘncio, 2010). The ability to purchase such tools has also made it easier for those without advanced technical skills to engage in cybercrime. Perhaps the most formidable threats at present are nation states. Although partially constrained by the possible military, economic, and political repercussions of launching cyber attacks, state actors are increasingly developing offensive programs and stockpiling cyberweapons, which could be released either accidentally or intentionally. This is a particular concern given the increased tensions between global powers at present.
A rise in the number and impact of attacks
As companies, governments, and individuals become ever more connected to the internet, the attack surface is growing and along with it the number and impact of attacks as well. High profile corporate data breaches in recent years include the 2017 breach of Equifax, in which the data of over 140 million customersâincluding social security and credit card numbersâwas stolen. The Yahoo data breach, first reported in 2016 but dating back to 2013, saw the theft of passwords as well as personal data associated with all 3 billion of its user accounts. The 2015 breach of Anthem resulted in the theft of 78.8 million client records containing Personally Identifiable Information (PII). In the 2013 Target data breach, hackers were able to access the Target network through an attack on one of its third party suppliers, an air conditioning company; they made off with the credit card information of 70 million customers and also caused Target major reputational damage (Manworren et al., 2016).
Among a spate of major ransomware attacks, the 2017 WannaCry attack took down the UK National Health Service, Telefonica, and FedEx, as well as others, causing significant disruption and entailing losses estimated to have reached $4 billion (Berr, 2016). Its use of a leaked US National Security Agency exploit made it particularly damaging. Governments have also been hard hit, with a 2018 ransomware attack on the City of Atlanta impacting city services, from utilities to parking, that took months to recover from. Similarly, a 2016 ransomware attack on San Francisco public transit disrupted payment services for the cityâs light rail system.
The 2017 NotPetya attack affected thousands of companies including Maersk, DHL, and Saint-Gobain and caused an estimated $10 billion in damages (Greenberg, 2018). Although purporting to be ransomware, many experts believe that NotPetya was in fact a cyberweapon created by Russia and targeted at Ukraine that inadvertently hit a number of unrelated targets. Other high profile attacks attributed to state actors include the 2015 attack on the Ukrainian power grid that left some 230,000 people without power for up to six hours, an attack that Russia is also thought to have instigated. The first known successful attack on a power grid, it illustrates the rise of attacks on cyber-physical systems with real world consequences. An early example was the 2010 Stuxnet attack on an Iranian nuclear facility that damaged one fifth of its nuclear centrifuges, this one widely believed to have been carried out by the US and Israel (Brenner, 2013).
Additionally, distributed denial-of-service (DDoS) attacks are growing more destructive, in large part due to the exponential growth of the Internet of Things (IoT); many IoT devices are rolled out quickly, cheaply, with little thought as to cybersecurity, and therefore can be readily co-opted into botnets. The 2016 Mirai botnet, composed of a host of internet-connected devices from cameras to baby monitors, took down major internet sites including Twitter, Netflix, CNN, and The New York Times by launching an attack on Dyn, which controls much of the internet domain name system.
Finally, new types of attacks are regularly emerging. For example, the rise in value of cryptocurrencies has brought about a growth in cryptojacking attacks that take over computers to secretly mine bitcoin. And as progress is made in AI, cybercriminals are increasingly employing AI-enabled attacks as well.
