In today's age of the digital revolution, companies are like powerful citadels, constantly battling an invisible, yet omnipresent enemy - cyber attacks. At first glance, it may seem that our business environments are strong and well-protected, but in reality, they are vulnerable and exposed to a multitude of threats lurking from the virtual shadows.
Wake-up Call
A significant event in the world occurred in the last few years as a product of company system vulnerabilities was the cyberattack operation named "SolarWinds". This operation, discovered at the end of 2020, serves as an excellent example of how vulnerabilities in company systems, regardless of the size and development of the company, can have global consequences.
The "SolarWinds" attack was one of the most sophisticated and dangerous data theft operations in history, resulting in the compromise of nine U.S. federal agencies and hundreds of private companies. The operation began in March 2020, when hackers inserted malicious software into Orion software, a popular tool for managing IT infrastructure, developed by SolarWinds Corporation. The malicious software was then installed on the computers of SolarWinds customers, allowing the hackers to gain access to their networks and data and control over the compromised systems.
The "SolarWinds" operation was discovered in December 2020 and is estimated to have lasted nine months. During that time, hackers accessed a vast amount of data, including emails, documents, and intellectual property. It was also directed at key infrastructure systems, which heightened concerns over potential national security implications.
This incident highlighted the importance of system vulnerabilities in companies and how they can have global consequences. As a serious wake-up call to companies of all sizes, it underscored the importance of taking all necessary measures to advance and protect companies from increasingly sophisticated cyber attacks.
Global cybercrime statistics, cited in the basic guide of one of the IT support providers, AAG IT Services, based on reports from world organizations extensively dealing with these issues, give us insight into the following data:
- In 2022, the United Kingdom had the highest number of cybercrime victims per million internet users, which was 4,783, a 40% increase from 2020.
- The next country with the highest number of victims per million internet users in 2022 was the United States, with 1,494 victims, a decrease of 13% compared to 2020.
- One in two internet users in North America experienced an illegal intrusion into their computer in 2021.
- The United Kingdom and the United States have more cybercrime victims per million internet users compared to other countries – in 2021, the United States had 759% more victims compared to the next country by number, Canada.
- The Netherlands recorded the highest increase in the number of victims – 50% more than in 2020, while Greece recorded the highest percentage decrease in the number of victims – 75% compared to 2020.
In 2021, there were on average 97 victims of illegal access and data theft per hour worldwide, causing an average of $787,671 to be lost per hour that year.
Greece took first place on the list of the National Cyber Security Index (NCSI) countries in January 2023 with a score of 96.10. The countries with the top 5 highest scores on the NCSI are:
- Greece (96.1)
- Lithuania (93.51)
- Belgium (93.51)
- Estonia (93.51)
- Czech Republic (92.21).
Our country is ranked 21st on the National Cyber Security Index (NCSI), with an average score of 80.52.
Vulnerability and System Vulnerability Assessment
System vulnerabilities vary and often evolve and are discovered over time. Vulnerability assessment is a comprehensive approach that includes: identifying potential vulnerabilities, assessing their severity, developing strategies to mitigate or eliminate them, and the process of continuous monitoring.
The importance of vulnerability assessment:
Prevention of unauthorized access and illegal use of data: proactive identification and mitigation of vulnerabilities reduces the likelihood of successful cyber attacks.
Legal compliance: many industries and regulatory bodies require organizations to regularly conduct vulnerability assessments as part of their compliance obligations. Non-compliance can result in high fines and legal consequences.
Cost reduction: identifying vulnerabilities at an early stage is usually less expensive than dealing with the consequences of cyber attacks. The costs of data breaches, including legal fees, fines, and damage to reputation, can be significant.
Business continuity: cyber attacks can disrupt a company’s operational functioning, leading to downtime and lost revenue. Vulnerability assessment helps ensure business continuity by minimizing the impact of potential attacks.
After the vulnerability assessment is completed, it is important to take steps to address the identified vulnerabilities. Â
By identifying and resolving vulnerabilities, companies can significantly reduce the risk of attacks, protect their sensitive data, and align their operations with regulations.