The New York Times reports that this past week, a ransomware attack targeted California-based healthcare system Prospect Medical Holdings, forcing some locations to close and others to rely solely on paper-based records. Just a few months ago, several U.S. federal government agencies were hit by a cyberattack from Clop, a Russian ransomware group. Several hundred companies and organizations were likely impacted by the attack, CNN explains.
Over the years, the United States has been subjected to increasing cyber-attacks. Between 2020 and 2021, attacks increased by 300%, according to Check Point’s ThreatCloud database. What has become frighteningly common is the level of cyber warfare targeted toward critical U.S. infrastructure, leaving hospitals, companies, oil pipelines and more paralyzed from attacks. A well-known attack on U.S. infrastructure was the Colonial Pipeline ransomware attack, which impacted almost half the fuel on the East Coast.
The United States’ public approach towards cyber attacks is one on the defensive, addressing attacks as they come and fixing gaps in cyber security as they become apparent. But is that all organizations can do? Is that all they should do? The lack of education on simple cybersecurity makes it easy for hackers and ransomware groups to find weaknesses in company cybersecurity. Groups aren’t just targeting federal agencies, but anything that can either cause harm if compromised or pay large ransoms if attacked. If we continue to act as we always have, we may just end up in a serious crisis that cripples the United States. This means potential problems with our electricity, transportation, emergency services, manufacturing and building management systems.
On average, according to IBM, a data breach can cost upwards of $4.45 million. Not only is a cyber attack debilitating in impacting the performance of an organization, but it can be costly in the long-term, destabilizing reputation and overall survival. Those who use security AI and automation save around $1.76 million compared to those who don’t. Our priority should be increasing cybersecurity for our nation.
Check Point explains that cybercriminals target Operational Technology (OT) networks and Industrial Control Systems (ICS) that manage critical infrastructure. Critical infrastructure is dependent on digital systems and electronic data, and each element related to a utility serves as a potential entry point for cybercriminals. A recent IBM Cyber Security Intelligence Index Report states that in 95% of breaches, human error was a contributing cause. Whether through unintentional actions or a lack of action, individuals can accidentally contribute to a major attack by simply downloading a malware-infected attachment or using a weak password.
In order to prevent cyber attacks from disabling an organization, education through cybersecurity training is the best option. Cybersecurity training is used within organizations to keep employees aware of the varying threat landscape of using technology, and how employees can protect themselves as well as the organization.
Unfortunately, as technology is a constantly changing environment, training programs can quickly become outdated and pointless. That’s why it’s important to be diligent and proactive when addressing cybersecurity. Educating individuals proactively can prevent hackers from gaining access easily to a system or database. Some organizations utilize phishing testing in order to determine if an employee can recognize scam emails or potential cybersecurity threats. These exercises ensure that individuals maintain their own cybersecurity and prevent threats to the best of their ability.
When we look at the sheer amount of cyber attacks over the past few years alone, it’s easy to see just how severe of a threat cyber-attacks are to the United States. It’s only a matter of time before we see stronger and more damaging attacks on U.S. critical infrastructure unless we take a more aggressive approach to addressing the weaknesses within organizational cybersecurity.
We must remain diligent in educating individuals about how to protect themselves on the internet and updating that information as often as needed. Perhaps if our cybersecurity was stronger across the board, we’d become less of a target for attacks and strengthen our position as a whole in the cyber environment. Only time will tell.
The opinions expressed in this article are those of the individual author.
Sources
Carballo, Rebecca. “Ransomware Attack Disrupts Health Care Services in at Least Three States.” The New York Times, 5 August 2023, https://www.nytimes.com/2023/08/05/us/cyberattack-hospitals-california.html. Accessed 15 August 2023.
Cobb, Michael. “13 Common Types of Cyber Attacks and How to Prevent Them.” TechTarget, https://www.techtarget.com/searchsecurity/tip/6-common-types-of-cyber-attacks-and-how-to-prevent-them?Offer=abt_pubpro_AI-Insider. Accessed 15 August 2023.
“Cost of a data breach 2023.” IBM, https://www.ibm.com/reports/data-breach. Accessed 15 August 2023.