Cyber security systems of private companies are becoming more frequent. As companies not only bleed profits but their customer’s sensitive data how they protect themselves against attack is of growing consequence to the public.
In September, Revolut, a major fintech company, announced that it has suffered a data breach that affected 50,000 of its users’ accounts, many of whom have experienced subsequent Phishing attacks.
Victims of data leaks can experience identity theft, their bank account details can be acquired, and their personal privacy and physical safety can become severely compromised.
Revolut is just the latest on a growing list of global companies who suffered cyber-attacks this year.
The number of cyber-attacks received by companies across all industries grew in 2021 with the industries of military, government, education, and healthcare experiencing rises according to Check Point Software Technologies data.
Cyber-criminals – known as bad-actors to cyber security agents – exploit vulnerabilities in security systems. They do so for many reasons, mostly financial though also for prestige, curiosity, revenge, or as a form of activism.
Only 0.05% of cyber criminals are detected and prosecuted in the U.S. according to the World Economic Forum, data from other countries was unavailable.
The sheer number of attacks is not the only reason for increasing data breaches, as Jim Browning says, a Security Operations developer for a prominent global tech company who appears here under a psudenoum for fear of legal action from his company.
“It is currently impossible to create an unbreakable system…name the company, name the product – it has critical vulnerabilities in it”.
There is a multi-million-dollar market online for trading information on unknown vulnerabilities in products, where hackers can become extremely wealthy by finding faults in security systems.
Unfortunately, recognising vulnerabilities does not solve them.
“Companies are aware of vulnerabilities but don’t fix them – either because they don’t know how, or don’t want to recall a compromised product – instead they just hope no one will find them in the maze of code – Security through Obscurity”, Browning reveals.
However, big companies also use powerful artificial intelligence systems that automatically detect, contain, and eject bad actors who attack systems.
Challenges to security are not restricted to software they are often “between the chair and the computer” as Luis A. Vilares da Silva, Senior security advisor to the European Public Prosecutor’s Office (EPPO), says.
Human error, where bad actors hack a user or an employee of a company to hack the broader company, is the most common way criminals conduct cyber-attacks.
There needs to be a greater understanding of cyber security among the public; people wouldn’t leave home without locking their front door, but they will leave their computer open, Luis explains.
We need to develop a “security culture” within companies and the public broadly to protect against cyber-crime.
Though the margin for error is thin, as Mr Browning describes, “a wrong comma could cost a company millions”.
The average cost of a successful cyber-attack on a large company in 2021 was $5.57m, according to an IBM report.