Cyber Security: Are we secure enough yet?

October month is termed as the Cybersecurity Awareness Month globally, with this year's theme being "Secure Our World," reflecting the urgency of creating a cyber-safe environment.

How many of us are aware of this global initiative? Probably not as many as there should be. This realization motivated me to delve deeper into the challenges faced in cybersecurity, its economic impact, and the types of cyber attacks that threaten our digital spaces.

What is Cyber Security- The Definition?

As per one of the research papers by Shweta Ghate and Pragyesh Kumar Agrawal, "Cyber security comprises of technologies, processes and practices designed to protect computers, programs, networks and data from hacking, damage or unauthorized access."

The state of Cybersecurity in India, Why do we need to be aware of it?:

Let the numbers talk!

As seen in Graph 1, there has been a substantial increase in the population of internet penetration in India since 2014, and there is a need for everyone to be vigilant for cyber security protection.

India was ranked among the top five countries to be affected by cybercrime, according to a 22nd October report by online security firm ”Symantec Corp”- a lack of awareness about cyber threats among individuals and businesses, minimal resources available to properly address cybersecurity concerns contribute to the above-given statistics.

Do Cyber Attacks affect the economy?

According to the World Economic Forum, cybercrime can be described as the world's third-largest economy, after the U.S. and China and makes far more money than illegal drug trafficking, human trafficking, etc.; with this in mind, obviously, it sought to affect the economy as well. As per CSIS and McAfee, the economic impact is most severe in Europe (0.84% of regional GDP), and the economic impact of cybercrime in North America is (0.78% of regional GDP).

The following points describe how cybercrimes can make an economy vulnerable:

The findings from Kamiya et al. (2018) highlight several ways in which cyberattacks on larger firms can pose a significant threat to the economy:

1. Loss of Equity Value: Cyberattacks can have a severe impact on the financial health of large firms, leading to a significant decline in their equity value. This can have ripple effects on the broader economy, as investors may become more cautious and reduce their investments in other sectors.

2. Decline in Sales and Revenue: Cyberattacks can disrupt business operations, leading to a decline in sales and revenue. This can impact the firm's profitability and its ability to contribute to economic growth.

3. Decreased Return on Assets (ROA): A cyberattack can damage a firm's reputation and erode customer trust, leading to a decline in its efficiency and profitability. This can result in a lower ROA, negatively impacting the overall economy.

4. Reduced Cash Flow: The costs associated with recovering from a cyberattack, such as legal expenses, IT investments, and lost business, can significantly reduce a firm's cash flow. This can limit its ability to invest in growth and create jobs.

5. Systemic Risk: Cyberattacks on large, interconnected firms can pose a systemic risk to the economy. If a major financial institution or critical infrastructure provider is compromised, it can have cascading effects on other sectors and destabilize the entire system.

Types of Cyberattacks?

Some recent trends and predictions for cyber threats in 2024 as per reports from SEQRITE and DSCI:

1. Scam involving text message: A common type of phishing scam involves messages claiming that a parcel is being delivered but requires additional address information. These messages often include a malicious link that, if clicked, can lead to malware infection or identity theft.
2. Fake calls by banks: One of the most common cyberattacks targeting individuals is fake calls from banks or other financial institutions requesting personal information or OTPs. Scammers impersonate bank representatives to trick victims into revealing sensitive data, which can be used for fraudulent activities.
3. MFA Fatigue Attacks: Multi-factor authentication (MFA) is a security measure that requires multiple forms of verification. However, attackers can use MFA fatigue attacks to trick victims into approving multiple authentication requests, eventually bypassing MFA.
4. LoLBins: A nightmare for Threat Researchers: LoLBins are legitimate software tools that can be misused by attackers for malicious purposes. Threat researchers face challenges in identifying and analyzing these tools, as they often blend seamlessly with legitimate software.
5. AI-Powered Malware: Cybercriminals increasingly leverage artificial intelligence to create more sophisticated and evasive malware. AI can be used to automate attacks, adapt to defences, and target specific vulnerabilities.
6. Ransomware: Ransomware attacks continue to be a major threat, with attackers encrypting victims' data and demanding a ransom for its release.
7. Deep Fake for Deceptive Social Engineering: Deepfake technology can be used to create realistic but fake videos or audio recordings, which can be used to deceive individuals or organizations.
8. Exploiting Vulnerable Supply Chains: Cybercriminals can target vulnerable third-party suppliers to gain access to their customers' systems and data.
9. Hacktivism continues into 2024: Hacktivism, using computer networks to promote political or social agendas, is expected to remain a threat. Hacktivists may target governments, corporations, or other organizations to make a statement or cause disruption.
10. Auction of corporate access and sale of breach datasets: Cybercriminals may sell access to compromised corporate networks or databases on the dark web, allowing other attackers to exploit vulnerabilities.
11. Event-Based Attacks: Cybercriminals may target specific events, such as elections, Olympics, or other significant occurrences, to disrupt operations or spread misinformation.
12. Phishing/Vishing attacks & Dating App Scams: Phishing attacks continue to be a common threat, with attackers using deceptive emails or messages to trick victims into clicking on malicious links or providing sensitive information. Vishing attacks are similar to phishing but use voice calls or text messages. Dating app scams target individuals using dating apps to steal personal information or money.

The final take?

As we witness the growing impact of cyberattacks on economies, businesses, and individuals, it’s clear that cybersecurity should be a top priority for everyone. The threats are evolving, but so must our defences. To safeguard our digital future, we need a multi-faceted approach, combining awareness, education, and advanced technological solutions. Many people might not have understood half of what I mentioned above in the above points, hence governments and organizations should expand initiatives like educating people on the risks and protective measures by minimising the use of technical jargons and these campaigns should also reach rural areas and underserved communities to ensure that cyber hygiene becomes a widespread practice.