The cyberattack on Sony Entertainment Pictures remains the worst on record and shows the catastrophic damage a cyberattack can have on a business. Like most attacks of that scale, it likely could have been avoided or at least lessened in severity. While information about the hack came out in late 2014, experts believe hackers had access to the company’s networks for up to a year before being noticed.
The truth is, cyberattacks are not smash-and-grab jobs. Yes, 60 percent of stolen data is taken within the first few hours of an attack, but a large percentage of attacks go unnoticed, allowing hackers to steal data and other sensitive information for months, even years, as long as they remain undetected.
Threat Levels within Businesses
Businesses face threats from many different areas:
Sophisticated attackers: These are hackers at the top of their craft, looking to steal personal information or intellectual property that can be sold on the black market.
Complex geopolitics: North Korea is believed to be behind the attack on Sony, making it a perfect example of the larger role cyberattacks can play. The military has deemed cyberspace as the fourth domain of war after land, sea and air, while the United States government last year released a rule of engagement for when to use offensive cyber capabilities.
Complicit users: Hackers will always go after the path of least resistance. For many, that means exploiting employee behavior. No matter how much training or how many warnings some employees get, they will continue to implement bad cyber practices, such as visiting unsecured websites, opening suspicious email attachments or downloading company information to an unsecured device. For an organization to be truly secure, all employees must do their part.
Boardroom engagement: While the IT staff at a business may know the right precautions to take, that knowledge is useless without support from the top of the organization. For companies to be properly prepared, business leaders need to equip employees with the right tools and information. Even with high-profile attacks on companies like Target and Home Depot, business owners may not understand the importance of this commitment.
Misaligned policies: Many organizations face tough decisions about protecting their networks. Even companies that invest heavily in cybersecurity may not get a return on their investment if they spend it on outdated technologies or services. Antivirus protection usually falls into that category, blocking only the 50 percent of attacks that are due to known viruses.
So what does a cyber breach really look like? While all are different, the worst ones tend to follow the same timeline.
The Beginning of the Attack
All of the factors above can lead to an attack, but the start of a cyber breach is rarely seen. The reality is, most of the time the breached party is unaware of the invasion. The intruder quietly gains access and then tries to navigate the network without getting caught.
Because intruders don’t know how much time they have before getting caught, they do most of their damage early. Cisco reports that 60 percent of the data stolen during a cyber breach happens during the first few hours. That makes sense, as hackers want to quickly act before they are discovered. In most cases, though, they never are: 54 percent of breaches aren’t uncovered for months, if ever.
Stolen data is taken for a reason. If it’s personal information, it will be sold on the black market for other hackers to exploit. Experts estimate that the personal information of more than 750 million individuals--roughly 10 percent of all people on Earth--has been posted to the black market over the last three years.
For organizations, the challenge is first to find out why the breach happened. That involves auditing network traffic or privileged use to see how the hacker gained access and what they did. Usually organizations hire an outside consultant to come in and perform these duties, as well as provide recommendations to remedy the issues that led to the attack. These consultants can be incredibly expensive, and their work is both time-consuming and likely to slow down business productivity, but they have become the standard when an organization faces a major breach.
Cyber breaches can be very expensive. The average cost of a breach to an organization is $4.5 million, and experts estimate that it grows $900,000 from year to year. For Sony, the cost was $15 million, not including lost revenue from customers who no longer trust the company.
The 2014 breach at Home Depot reportedly cost the company $28 million to remediate, while the Target breach that same year cost the company a reported $161 million. For massive organizations like the companies mentioned above, these are actually small figures when compared to overall revenue, but they are still significant losses.
A few months after the attack on Sony, 60 Minutes did a profile on the company in the wake of the attack. The results were startling: the entire organization was knocked back to the technological stone age, forced to disconnect from the Internet and rely on interoffice mail and fax machines for communication until the problem was resolved.
This is a worst-case scenario, but it shows the impact a breach can have. While the company operated this way, it fell behind competitors, lost talented employees and suffered public embarrassment due to media coverage. The effect of these breaches lasts far beyond the initial attack and can linger for months, if not years in some cases.
What to Do?
When thinking about cybersecurity, ask yourself one question: Would you approach security differently if you knew you were going to be compromised?
That’s a key thought, because almost every organization has been attacked at some point and likely penetrated. It’s not a question of if an organization will be breached, but when.
Cisco’s Advanced Malware Protection (AMP) solution provides organizations with increased visibility into their systems, which provides more protection and better after-the-fact analytics. AMP offers greater control across the full attack continuum with specific solutions aimed at network endpoints, mobile devices, virtual machines, cloud computing, and email and web products.
That extra visibility is especially important after an attack. Cisco AMP helps businesses comply with the Payment Card Industry Data Security Standard to show exactly where a breach occurred, what happened next and how the company addressed it.
Securing your business’ networks is a huge challenge. Cyberthreats are always out there, but you cannot fight what you cannot see. With increased protection, your business can avoid a costly and expensive breach and continue to serve your customers to the best of its ability.