“In an age when so much of our lives are conducted online, cyber attacks must be treated as a serious threat by our leadership at the highest levels.”
This statement was given by Joe Biden, the President of the United States, at a press conference in Delaware conducted in December 2020.
In today’s increasingly interconnected environment, the cyber security landscape in the US is becoming more and more concerning every day. Cyber risks have long overtaken all the other kinds of threats to become one of the biggest threats to the economy of the US. For over a decade, vulnerability mitigation has been the primary cornerstone of the country’s approach to cyber security.
Fortifying the virtual perimeter and IT infrastructure can offer some protection against threat actors. However, many cybercriminals have no shortage of resources, time, and motivation for bypassing even the most extensive fortification.
As nation-state hackers as well as other cybercriminals pose a major threat to the economic and national security of the US, it is essential for the country’s cyber security policy to focus not only on vulnerability mitigation but also on threat deterrence.
What Do the Numbers Say?
With hundreds of big and small organizations in the country coming under attack on all fronts, the US has become one of the topmost affected countries by cybercrime. Here are some statistics showing just how much damage cyber threats are causing in the US:
Join our weekly newsletter and get the latest cybersecurity updates delivered directly to your inbox
- The Internet Crime Complaint Centre (IC3) received a total of 2,211,396 cybersecurity-related complaints from 2016 to 2020, giving an average of 440,000 complaints per year.
- The IC3 has reported total losses of around 13.3 million due to cyber attacks over the period of five years from 2016 to 2020.
- According to the Internet Crime Report 2020 by the FBI, while phishing is listed as the most frequently used attack vector in the US in 2020, BEC was the most costly cybercrime in the US in 2020, leading to losses of $1.8 billion.
- As per Statista, data breaches resulted in the compromise of 155.8 million records in 2020.
- An article in Forbes revealed that the US Federal Trade Commission received 1.4 million reports of identity theft in 2020, which is double the number reported in 2019.
- According to the 2020 Cost of a Data Breach Report released by IBM, the average cost of a data breach is the highest in the US at $8.64 million.
Recent Cyber Security Incidents in the US
- Recently, the FBI released a warning that threat actors have been witnessed impersonating Trust, one of the largest bank holding companies in the US, for launching a spear-phishing campaign to infect the victims with Remote Access Trojan (RAT) malware.
- On 7th May 2021, Colonial Pipeline, one of the largest oil pipelines in the US, was hit by a ransomware attack that forced it to shut down. This 5,500-mile-long pipeline, which carries more than 100 million gallons of fuel from Houston to New York Harbour every day, was forced to temporarily halt all operations as the attack impacted some of its IT systems.
- In April 2021, the Pennsylvania Department of Health announced a data breach that involved a third-party vendor engaged to provide COVID-19 contact tracing. As a result of this breach, the personal information of many Pennsylvania residents was potentially compromised.
- TriHealth medical system, based in Ohio, suffered a data breach, resulting in the compromise of patient and employee data. The compromised data consisted of personally identifiable and protected health information of certain TriHealth employees and patients.
- Ellsworth Water Plant in Kansas, USA suffered a cyber attack in April 2021. A hacker remotely accessed a Post Rock Water District computer system to shut down the cleaning and disinfecting processes at the water plant.
- The University of California, San Francisco paid a ransom of $1.14 million after the NetWalker ransomware locked down multiple servers of its School of Medicine in June 2020.
As clearly proven by the cyber security incidents and statistics mentioned above, cybercrime has become a serious threat to the US economy as well as public safety. The lack of security awareness and the increase in the frequency of cyber attacks are significantly contributing to the problem. It has become imperative for the US government to collaborate with the public and private organizations in the country to come up with an effective defense strategy against cyber threats.