The costs of cyber attacks are huge and very difficult to estimate because it is not only about extorting money or inability to provide services, but also e.g. image costs besides, companies often do not know about attacks or do not talk about them - indicates Igor Protasowicki from WSB.
According to Igor Protasowicki, who is a security expert from WSB University, the scale of cybercrime in the economy is "horrendous".
"In countries such as China, North Korea, or Russia, there are specialized hacking groups that carry out attacks and extort extortions, because they are so-called easy money. They are like hydras: in place of one liquidated group, several more appear. Unfortunately, the threat is growing rapidly, especially since the last two years and the related lockdown have increased the dependence of companies on the network, "he said.
The expert pointed out that although there has been a lot of publicity about attacks such as extortion of ransoms on the US Colonial Pipeline network, cybercrime, and infected software have been costing the economy as long as the internet works.
"The first big problem, the cost of which was tried, can be traced back to the late 1980s, when one of the users of ARPANET, the ancestors of our internet, wrote a malicious program designed to protect intellectual property. He was a scientist who wanted the program to be activated. However, the code activated and replicated in an uncontrolled manner and rapidly + clogged + the resources of the computers of that time. This program overnight took 6,000 computers connected to ARPANET, or 10 percent of all resources of the world network "- described Protasowicki. As he added, the cost estimates of this incident are very different: from 10 to 100 million dollars, or - as he assessed - "cosmic money by the standards of the time".
He pointed out that an early example of an attack generating huge costs for the economy was the US cyber attack on the natural resources distribution system in the USSR. "Malware has shaken this system, and the resulting losses were estimated at $ 10 billion, but what it actually was is unknown," he said.
According to the expert, today, especially after the pandemic, when companies operate in the "always online" model, i.e. they are constantly connected to the global network and exchange data with many other entities, threats are constantly present, and their impact on companies is growing every year. year.
At the same time, according to the expert, the estimates of the real costs of cybercrime that sometimes appear, both at the level of companies, industries or entire economies, are not very reliable.
“First, we are only able to base this research on data provided by companies. Meanwhile, many attacks go unnoticed, which does not mean that they did not generate costs. Secondly, companies prefer not to broadcast such incidents because it is a loss of image for them, ”he said.
He pointed out that in addition to the problem of underestimating the number and scope of cyber attacks, a serious difficulty in estimating the bill borne by companies is also a wide range of possible costs.
"These attacks have a different spectrum and relate to different areas of the company's operation. Depending on which space they relate to, such costs will generate. If, for example, we deal with a simple, but at the same time common DDoS (Distributed Denial of Service), which consists in cutting off access to a system, then we are dealing with disabling the service of access to a given server for some time, for example a system or website "- he described.
As he pointed out, we are dealing here with two types of costs. Firstly, these are the costs associated with the failure of a given service, and on the other hand, image-related costs for the entity that fell victim to it. Of course, the profile of the institution's operation is also important, because the cost for an online store, auction site or financial institution will be different.
"The same applies to data theft. It can be customer data, and it can be intellectual property items such as new car designs or drug research results. The company that loses its data has the greatest cost of losing market priority. to leak such data, it loses its comparative advantage over its competitors, it cannot be the first to launch the product on the market, because someone using its research will quickly and cheaply create its project. potential recipients "- he noted.
The expert also pointed out that very often, especially in the case of "tailor-made" attacks, companies do not know at all that they have fallen victim to it. "Criminals simply steal data and do not boast about it. This is a completely different situation than ransomeware, i.e. blocking systems or threatening to reveal stolen data until a ransom is obtained from the attacked company" - he explained.
In his opinion, the only certain data concerns leaks and theft of personal data, because under the provisions of the GDPR, companies operating in Europe must report them and investigate the matter - otherwise they face high penalties. (PAP)
author: Małgorzata Werner-Woś