In the wake of the WannaCry ransomware attack that crippled computer networks operated by public health and transportation systems in several countries, information security experts are coming up with new estimates that illustrate the cost of attacks perpetrated by malicious hackers.

A 2016 report by Infosecurity Magazine determined that losses from cybercrime incidents suffered by companies in the United Kingdom alone amounted to more than $30 billion. Another estimate published by respected insurance underwriter Lloyd’s of London put the cost of cybercrime at about $400 billion per year.

The most recent estimates on the cost of international hacking were calculated by the World Economic Forum during its 2017 summit with the assistance of Italian information security firm DF Labs. By 2020, the annual cost of losses related to data breaches, denial of service, identity theft, stolen documents, and bank fraud related to hacking will reach $2 trillion.

In the United States alone, the costs of cybercrime are estimated to be more than $200 billion on an annual basis. At the current rate of cybercrime incidence around the world, the most developed countries can expect to double their losses every couple of years.

The Real Cost of Cybercrime

A report published by networking giant Cisco suggests that nearly 30 percent of companies affected by a hacking attack suffered significant losses that go beyond losing a few days of operation. Furthermore, 23 percent of companies surveyed in Cisco’s Annual Cybersecurity Report were impacted by lost business opportunities caused by cyber attacks.

The Cisco report has some good news: attack methods used by malicious hackers tend to become less effective as time goes by. The problem is that cybercrime rings continue to research new exploits, attack vectors and potential situations for social engineering.

The Internet of Things is a Landscape Ripe for Hacking

One of the most pressing concerns for information security researchers is the growing number of smart devices that make up the Internet of Things, abbreviated as IoT. These devices are of great interest to hackers since they can be exploited as gateways to home and office networks.

Researchers from the Yale Law School’s Information Society Project believe that there is a pressing need to come up with international legal standards for IoT manufacturers to follow, particularly with regard to default passwords and initial security measures shipped with IoT devices.

Until recently, wireless routers were an easy attack vector for hackers because default passwords were leaked on internet forums. Let’s say a small business in North Dakota uses a wireless router connected to a satellite internet modem; if the router is an older model that has not been updated in the last few years, there is a chance that hackers will find flaws in the firmware that would allow them to penetrate the network.

Sophisticated Hacking Tools

Another problem being faced by the information security community is that the level of sophistication being acquired by hackers has grown exponentially, and this is related to the development of cyber warfare.

The intrusion into the email servers of Sony Pictures a few years ago was perpetrated by hackers associated with the North Korean regime in retaliation for the release of a comedy film that painted dictator Kim Jong Un as the target of an assasination. Another example of government sponsored hacking was the cyber attack perpetrated against the Democratic National Committee in the United States during the candidacy of former Secretary of State Hillary Clinton; this attack is believed to have been carried out by the Kremlin.

The problem with state-sponsored cyber warfare is that it is often conducted by hackers who also deal in cybercrime, which means that they can share powerful hacking tools with the underworld. In the case of the aforementioned WannaCry ransomware attack, the exploit was stolen from the National Security Agency and posted on public forums.

In the end, the threat environment for data networks is becoming riskier and more dangerous, which explains why the cost of cyber attacks is bound to increase over the next few years.


by: Lee Flynn