Governments and Companies are Losing the Fight Against Cybercrime

Ransomware: malicious software that encrypts user data and demands a payment to restore that data.

Ransomware was first used on individuals to obtain small amounts of money for the return of information. As hackers got smarter, they started using ransomware to steal millions of dollars from states, corporations, hospitals, and government agencies.

There have been hundreds of attacks this year, including an attack on Baltimore that crippled government computer systems and a coordinated attack on 12 Texas communities that cost the state $12 million.

This summer, several communities in Florida were hit with ransomware after city officials clicked on email attachments. One neighborhood of 3,000 residents paid $600,000 to get its information back.

In July, Capital One suffered a data breach that exposed the personal data of more than 100 million people. 

While most cybercriminals are never found, the Capital One hacker was tracked down and identified as a software engineer and former Amazon employee. She was indicted on wire fraud and data theft charges August 28th.

Cybercrime incidents have more than doubled this year.

According to a recent report by Juniper Research, American businesses will lose $5 trillion to cybercrime by 2024 (with a chunk of this money coming from fines for data breaches as regulations tighten).

The report also expects cybercriminals to start using AI to evade security systems.

“Cybersecurity if far from a simple issue,” explains Matthew Whittaker, former US Attorney for the Southern District of Iowa who served briefly as Acting AG following the resignation of Jeff Sessions.

“It will take a larger emphasis on user training, implementing best practice backups, increasing password hygiene, and more to win this war. The war we’re fighting is against an adversary that is well-funded, well-educated, and skilled at their craft. This will take action from public and private organizations of all sizes.”

For the average consumer, this means keeping operating systems up to date, maintaining offline backups of important data, and changing your password often.

For companies, this includes training, caution when using cloud infrastructure, and encryption.

“Encryption is something that is a proven science in trying to protect information,” continues Kennedy. “The fact that we have unencrypted data sitting in cloud infrastructures for long periods of time – that’s an alarming trend and that needs to change. Banks, everybody needs to do a better job at protecting that type of information.”