Disruption of the Year: Global cyberattacks
Most impacted OS:
Cybercrime cost U.S. companies $21.2 million in FY 2017.
A new malware specimen emerges every 4.2 seconds.
With scores of advanced cyberattack tools publicly available, it is likely the number of global malware attacks will increase in coming years.
The worst-case scenario for IT disruption is no longer a data center outage. Instead, global cyberattacks are disrupting corporate systems for weeks, with rippling impacts as companies work to recover.
In 2016, fervor around cyberattacks centered on targeted ransomware campaigns against hospitals and the uptick in DDoS attacks, spurred by the release of the Mirai botnet source code.
But in 2017, not only were cyberattacks more global in nature, the mode of the attack also changed, targeting more back office and supply chain-type systems.
Now, "malware is able to proliferate across environments in a manner that it wasn't able to do several years ago," said Doug Saylors, director of ISG, a global technology research and advisory firm. As a result, cyberattacks no longer are limited to specific types of systems and instead have broader impact across the enterprise computing footprint.
Cyberattacks have moved beyond targeting web-facing and revenue-generating systems. Corporate earnings for companies across sectors are taking a hit, which was the case following June's Nyetya — also referred to as NotPetya or ExPetr — malware attack.
The attack impacted the shipping giant "severely" in July and part of August, costing Maersk between $250 million and $300 million from volume and revenue loss and some additional costs, the company said.
Merck & Co. too had a heavy financial impact stemming from Nyetya, which cost the company $135 million in lost sales and $175 million in additional costs, the company reported during Q3 earnings. The pharmaceutical company anticipates a similar financial impact in Q4.
By the numbers
The operating income FedEx suffered from Nyetya, according to its Q1 2018 earnings report.
Mondelez cut revenue growth by 3% in Q2 after suffering disruption from Nyetya.
The estimated amount of lost revenue in July following Nyetya for A.P. Moller-Maersk.
FedEx also suffered about $300 million in operating income loss following Nyetya, according to its 2018 Q1 earnings reported in September.
The financial impact has certainly increased as the scope of cyberattacks has grown. But this is the first year cyberattacks have become this "widespread and global," said Avivah Litan, cybersecurity analyst for Gartner.
For example, shortly before Nyetya brought many global supply chain operations to a halt, the WannaCry ransomware virus hit more than 200,000 targets in at least 150 countries.
More attacks are also targeting critical infrastructure, including energy, transportation, utilities, food and construction. That correlates to an "uptick in nation state activities," which had well-coordinated and methodical attacks, according to Litan.
"These events map directly to the political climate. I'm not saying that every ransomware attack is a political actor," Litan said. "But the climate's gotten very contentious."
A few factors have worsened the cyberthreat landscape: Organizations are still struggling with a lack of talent and are using more distributed computing models.
Companies are "running Windows, Linux, legacy Unix [and] they've got cloud in the mix," said Saylors. "Coming up with strategies to protect all those different platforms and keep them current on patches has become a really significant challenge."
There's also another underlying issue: Last year, when NSA exploits were revealed in the Shadow Brokers release, attack toolkits became readily available.
In 2017, the attacks have gotten worse because attackers have better tools.
"It's like the analogy of arming a bunch of prisoners that only had knives before and now they have machine guns," Litan said. "The weapons that they use are much more dangerous and they didn't have them before these NSA leaks."
The tenuous geopolitical climate doesn't help either, as nation state actors have become more aggressive.
The shift from attackers targeting web portals and other front-end apps to hitting applications deep inside the enterprise is also increasing the severity, according to Saylors. "I think that's really what's causing it to show up in earnings reports."
But there's a bright side to these global attacks: "The criminals are pretty lazy. They'll use the same techniques over and over again, as long as they can get away with it," said Litan. "Really good threat intelligence and defenses that are tied to the threat intelligence can really go a long ways."
With a glaring cybersecurity skills gap and aging technology infrastructure in companies across sectors, cyberattacks will only grow in impact, both in the geographic footprint and financial cost. The only way to ensure companies can recover quickly is to have redundancy measures and remediation efforts in place. Keeping up-to-date on critical patches couldn't hurt either.
Follow Naomi Eide on Twitter