1.888.900.DRIZ (3749)
The Driz Group
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog
  • Managed Services
    • Web Application Security >
      • Schedule WAF Demo
    • Virtual CISO
    • Compliance >
      • SOC1 & SOC2
      • GDPR
    • Third-Party Risk Management
    • Vulnerability Assessment >
      • Free Vulnerability Assessment
  • About us
    • Testimonials
    • Meet The Team
    • Resources
    • In the news
    • Careers
    • Subsidiaries
  • Contact
    • Newsletter
  • How WAF Works
  • Blog

Cybersecurity Blog

Thought leadership. Threat analysis. Cybersecurity news and alerts.

7/20/2017

0 Comments

Global Cyber Attacks Could Be as Costly as Major Hurricanes, Lloyd's of London Estimates

 
Cyber attack - attacker

Global Cyber Attacks Could Be as Costly as Major Hurricanes

Hurricane Katrina and Sandy are two of the costliest hurricanes in the past three decades. The total damage from Katrina is estimated at $156 billion and $69 billion from Sandy. Lloyd's of London estimates that economic losses from global cyber attacks have the potential to be as big as those caused by major hurricanes.

2 Potential Cyber Attack Scenarios

Lloyd’s report called “Counting the cost: Cyber exposure decoded” showed two global cyber attack scenarios that could have the potential economic impact:

1. Cloud Service Provider Hack
According to Lloyd’s, the average losses in the cloud service disruption scenario could be $53.1 billion for an extreme event and could go as high as $121.4 billion.
 
2. Cyber Attacks on Mass Software
For the mass software vulnerability scenario, according to Lloyd’s, the losses could range from $9.7 billion for a large event to US$28.7 billion for an extreme event.
 
 “This report gives a real sense of the scale of damage a cyber-attack could cause the global economy,” said Inga Beale, CEO of Lloyd’s. “Just like some of the worst natural catastrophes, cyber events can cause a severe impact on businesses and economies ….”

Vulnerability of Cloud Service

​“The Cloud” is the process of accessing data, computer resources and software over the web. It’s used as a substitute for accessing data from a local computer. Although cloud, also known as network-based computing, dates back in the 1960s, it was only in the early 2000s that its popularity soared as small and medium-sized businesses adopted this new method of accessing data.
 
In the second quarter of 2016, Synergy Research Group found that Amazon cornered 31% of the cloud infrastructure services market, followed by Microsoft (11%), IBM (7%), Google (5%), Next 20 including Alibaba and Oracle (26%) and others (20%). More than 90% of the over 2,000 cyber security professionals surveyed in McAfee’s “Building Trust in a Cloudy Sky” report stated that they were using some type of cloud service in their organization.
 
In February this year, Amazon’s cloud services suffered a costly outage. According to Amazon a typo caused the outage.  Amazon said in a statement:
“The Amazon Simple Storage Service (S3) team was debugging an issue causing the S3 billing system to progress more slowly than expected. At 9:37AM PST, an authorized S3 team member using an established playbook executed a command which was intended to remove a small number of servers for one of the S3 subsystems that is used by the S3 billing process. Unfortunately, one of the inputs to the command was entered incorrectly and a larger set of servers was removed than intended.”
 
Amazons’ February 2017 outage cost companies in the S&P 500 index $150 million according to Cyence.
 
According to Lloyd’s, cloud infrastructure services like Amazon, Microsoft, IBM and Google rely upon a common cloud infrastructure. If a major security flaw were found in this common cloud infrastructure, cloud customers of these cloud services could suffer from a breach, Lloyd’s said.

Vulnerability of Mass Software

​In April 2017, the hacker group known as ShadowBrokers published on the internet a compilation of hacking tools that was believed to be used by the National Security Agency (NSA). These publicly released hacking tools could give anyone with technical knowledge the capability to exploit certain computers running Microsoft Windows.
 
In March 2017, a month before the alleged NSA hacking tools were released to the wild, Microsoft released a free patch or security update for Windows 10. Microsoft, however, didn’t release free security updates for Windows XP, Windows 8 and Windows Server 2003. The company only released free patches for these old Windows operating systems at the height of WannaCry – a ransomware that affected more than 300,000 computers in 150 countries in May this year.

6 Trends that Contribute to Cyber Vulnerability

Lloyd’s report identified these 6 trends that cause further cyber vulnerability:
 
1. Old Software
Old software refers to software that’s abandoned by its maker. It also refers to software that’s patched by its maker but the end users fail to update the software. Failing to install a security update leaves a computer user vulnerable to hacks. This happened to WannaCry. Users of Windows 10 succumbed to the ransomware attack for failing to install Microsoft’s March 2017 free patch. Users of Microsoft’s older operating systems (Windows XP, Windows 8, and Windows Server 2003) also fell victim to WannaCry as Microsoft only released the free patch for these older Windows operating system after WannaCry spread around the world last May 12th.
 
2. The Number of Software Developers
The number of people developing software has grown substantially over the past 30 years. Each software programmer could potentially add vulnerability to the system whether unintentionally through human error or intentionally. Proprietary software, for instance, is developed by different teams and outsourced contractors who are spread across the globe. Linux Kernel – an open source software project which started in August 1991 – has over 13,500 developers as of August 2016.
 
3. Volume of Software
More programmers mean more codes are being developed each day. “More code means the potential for more errors and therefore greater vulnerability,” Lloyd’s said. A typical new car, for instance, has about 100 million lines of code.
 
4. Open Source Software
While the open source movement has resulted in unprecedented digital innovations, it has opened new digital vulnerabilities. Lloyd’s said, “Any errors in the primary code could then be copied unwittingly into subsequent iterations.” Most open source software don’t go through the same level of security scrutiny as custom-developed software.
 
5. Multi-layered Software
In multi-layered software, a new code is written over an existing code. Most programmers today work on maintaining existing codes, rather than creating new codes. Multi-layered software, Lloyd’s said, “makes software testing and correction very difficult and resource intensive.”
 
6. “Generated” Software
In generated software, the code is written by a computer program, instead of being written by human programmers. Lloyd’s said, “Code can be produced through automated processes that can be modified for malicious intent.”
 
Not understanding your technology vulnerabilities is no longer an option. Assess it today to gain a valuable insight, and take an immediate action to addresses the gaps. Connect with us today and speak with our vulnerability assessment and management experts.
0 Comments

Your comment will be posted after it is approved.


Leave a Reply.

    Author

    Steve E. Driz, I.S.P., ITCP

    Picture
    View my profile on LinkedIn

    Archives

    March 2023
    February 2023
    January 2023
    December 2022
    June 2022
    May 2022
    February 2022
    December 2021
    November 2021
    October 2021
    September 2021
    August 2021
    July 2021
    June 2021
    May 2021
    April 2021
    March 2021
    February 2021
    January 2021
    December 2020
    November 2020
    October 2020
    September 2020
    August 2020
    July 2020
    June 2020
    May 2020
    April 2020
    March 2020
    February 2020
    January 2020
    December 2019
    November 2019
    October 2019
    September 2019
    August 2019
    July 2019
    June 2019
    May 2019
    April 2019
    March 2019
    February 2019
    January 2019
    December 2018
    November 2018
    October 2018
    September 2018
    August 2018
    July 2018
    June 2018
    May 2018
    April 2018
    March 2018
    February 2018
    January 2018
    December 2017
    November 2017
    October 2017
    September 2017
    August 2017
    July 2017
    June 2017
    May 2017
    April 2017
    March 2017
    February 2017
    January 2017
    December 2016
    October 2016
    August 2016
    May 2016
    March 2016
    January 2016
    November 2015
    October 2015
    August 2015
    June 2015

    Categories

    All
    0-Day
    2FA
    Access Control
    Advanced Persistent Threat
    AI
    Artificial Intelligence
    ATP
    Awareness Training
    Botnet
    Bots
    Brute Force Attack
    CASL
    Cloud Security
    Compliance
    COVID 19
    COVID-19
    Cryptocurrency
    Cyber Attack
    Cyberattack Surface
    Cyber Awareness
    Cyber Espionage
    Cybersecurity
    Cyber Security
    Cyber Security Consulting
    Cyber Security Insurance
    Cyber Security Risk
    Cyber Security Threats
    Cybersecurity Tips
    Data Breach
    Data Governance
    Data Leak
    Data Leak Prevention
    DDoS
    Email Security
    Fraud
    GDPR
    Hacking
    Impersonation Scams
    IoT
    Malware
    MFA
    Microsoft Office
    Mobile Security
    Network Security Threats
    Phishing Attack
    Privacy
    Ransomware
    Remote Access
    SaaS Security
    Social Engineering
    Supply Chain Attack
    Supply-Chain Attack
    Third-Party Risk
    Virtual CISO
    Vulnerability
    Vulnerability Assessment
    Web Applcation Security
    Web-applcation-security
    Web Application Firewall
    Web Application Protection
    Web Application Security
    Web Protection
    Windows Security
    Zero Trust

    RSS Feed

Picture

1.888.900.DRIZ (3749)

Managed Services

Picture
Web Application Security
​Virtual CISO
Compliance
​Vulnerability Assessment
Free Vulnerability Assessment
Privacy Policy | CASL

About us

Picture
Testimonials
​Meet the Team
​Subsidiaries
​Contact us
​Blog
​
Jobs

Resources & Tools

Picture
​Incident Management Playbook
Sophos authorized partner logo
Picture
© 2023 Driz Group Inc. All rights reserved.
Photo used under Creative Commons from GotCredit