Dr. Majid Rafizadeh
Cyberattacks are one of the biggest threats facing governmental organizations, corporations, private companies and individuals. They can even have both direct and indirect implications for global security and vital national interests.
A cyberattack – which is a malicious and intentional attempt to steal data or expose, disrupt, destroy or obtain unauthorized access to the information system of an institution or an individual – can be carried out for many reasons, including extortion and financial gain. For example, in April 2021, a $5 million Bitcoin payment was made to hackers who were capable of tapping into the American Colonial Pipeline by accessing a virtual private network that did not have multifactor authentication. Cybercrimes have significantly increased in recent years, particularly since the COVID-19 pandemic. Since COVID-19, the FBI has reported a 300 percent increase in cybercrimes, as online activities have risen and the world has become more digitally connected. According to Cybersecurity Ventures, “if it were measured as a country, then cybercrime – which is predicted to inflict damages totaling $8 trillion globally in 2023 – would be the world’s third-largest economy after the US and China.”
Cybersecurity Ventures expects global cybercrime costs to reach $10.5 trillion annually by 2025, up from $3 trillion in 2015. This represents “the greatest transfer of economic wealth in history, risks the incentives for innovation and investment, is exponentially larger than the damage inflicted from natural disasters in a year, and will be more profitable than the global trade of all major illegal drugs combined.” Attackers use various tactics, such as malware attacks and social engineering scams. Social engineering scams are one of the most widespread methods used by cybercriminals. Instead of manipulating technology, this tactic relies on exploiting human error, as well as psychologically manipulating or tricking someone into directly or indirectly giving away sensitive personal information. This can include scareware, which can, for example, scare an individual into acting fast in order to get rid of a computer virus, phishing attempt or domain name system spoof, where server data is tampered with in order to redirect the user to fake websites. Attackers also disguise themselves as a friend, relative or business in an attempt to have the individual click on an infected link or share personal information.
People should be aware of the exposure they may have to third party contractors. Cybercriminals can get access to information through third parties that might have less protection for their security systems. For instance, in 2021, the personal records of millions of users on Facebook, Instagram and LinkedIn were breached due to a misconfigured database run by a third party contractor, the Chinese social media management company SocialArks. As a result, it is important to regularly practice “cyber hygiene” in order to keep oneself safe. Always be aware of the latest tactics used by cybercriminals and hackers in order to stay ahead of the threats, protect one’s private information online and on all devices, and stay up to date when it comes to the latest software, operating systems and security protections. Other cyber hygiene steps individuals can take include using multifactor authentication and a VPN, thinking twice before clicking on a link, using stronger passwords, avoiding unprotected Wi-Fi networks and being careful about fake websites and links.
On a wider scale, we should not underestimate the damage that cyberattacks can cause to a whole nation or government. For example, cyberwarfare could have consequences at least as severe as military actions. Cyberattacks can take control of or disrupt an entire nation’s infrastructure, including public services, hospitals, transportation, the internet, municipal or governmental institutions, and the energy sector. They can steal people’s private information, take control of another country’s missiles and drones, and even its military’s intelligence, command, control and communications. Cyberattacks can be sponsored by a rival government, which may view a virtual war as an attractive alternative to a physical war because it provides the benefit of anonymity, making it extremely difficult to hold the responsible party accountable. Cyberattacks are also considered to be less costly. The cyber capabilities of some nonstate actors are advancing at a pace that needs to be addressed by regional and global powers because it is a matter of national security.
The increasing dangers of this modern-day threat have been highlighted by several high-level officials. NATO Secretary-General Jens Stoltenberg last year warned that cyberattacks “can be as damaging and as dangerous” as an armed attack and are “as serious as any other attack on a NATO ally.” And Daniel Coats, who served as the US director of national intelligence, previously stressed at a hearing of the Senate Select Committee on Intelligence: “We face a complex, volatile and challenging threat environment … Our adversaries, as well as the other malign actors, are using cyber and other instruments of power to shape societies and markets, international rules and institutions, and international hotspots to their advantage.” One of the most effective ways to counter the rising cyberwarfare threat is for governments to send a strong message to those who are responsible. If they remain silent, the perpetrators will be emboldened and empowered to target more governments with their cyberattacks. Organizations and individuals who are behind cyberattacks or their financing must be targeted and sanctioned as well.
In a nutshell, cyberattacks have escalated to a record level as the world becomes more digitally connected. It is important for governmental organizations, private companies and individuals to be proactive, practice cyber hygiene regularly and be aware of the tactics used by cybercriminals in order to stay ahead of the threat.