A cyberattack is any intentional effort to steal, expose, alter, disable, or destroy data, applications, or other assets through unauthorized access to a network, computer system or digital device.
.jpg)
What is a cyberattack? A cyberattack is any intentional effort to steal, expose, alter, disable, or destroy data, applications, or other assets through unauthorized access to a network, computer system or digital device. Threat actors start cyberattacks for all sorts of reasons, from petty theft to acts of war. They use various tactics, like malware attacks, social engineering scams, and password theft, to gain unauthorized access to their target systems. Cyberattacks can disrupt, damage and even destroy businesses. The average cost of a data breach is USD 4.35 million. This price tag includes the costs of discovering and responding to the violation, downtime and lost revenue, and the long-term reputational damage to a business and its brand. But some cyberattacks can be considerably more costly than others. Ransomware attacks have commanded ransom payments as high as USD 40 million (link resides outside ibm.com). Business email compromise (BEC) scams have stolen as much as USD 47 million from victims in a single attack (link resides outside ibm.com). Cyberattacks that compromise customers' personally identifiable information (PII) can lead to a loss of customer trust, regulatory fines, and even legal action. By one estimate, cybercrime will cost the world economy USD 10.5 trillion per year by 2025 (link resides outside ibm.com)
Why do cyberattacks happen?
What is a cyberattack? A cyberattack is any intentional effort to steal, expose, alter, disable, or destroy data, applications, or other assets through unauthorized access to a network, computer system or digital device. Threat actors start cyberattacks for all sorts of reasons, from petty theft to acts of war. They use various tactics, like malware attacks, social engineering scams, and password theft, to gain unauthorized access to their target systems. Cyberattacks can disrupt, damage and even destroy businesses. The average cost of a data breach is USD 4.35 million. This price tag includes the costs of discovering and responding to the violation, downtime and lost revenue, and the long-term reputational damage to a business and its brand. But some cyberattacks can be considerably more costly than others. Ransomware attacks have commanded ransom payments as high as USD 40 million (link resides outside ibm.com). Business email compromise (BEC) scams have stolen as much as USD 47 million from victims in a single attack (link resides outside ibm.com). Cyberattacks that compromise customers' personally identifiable information (PII) can lead to a loss of customer trust, regulatory fines, and even legal action. By one estimate, cybercrime will cost the world economy USD 10.5 trillion per year by 2025 (link resides outside ibm.com). Report Cost of a Data Breach Get insights to better manage the risk of a data breach with the latest Cost of a Data Breach report. Related content Register for the X-Force Threat Intelligence Index Why do cyberattacks happen? The motivations behind cyberattacks can vary, but there are three main categories: Criminal Political Personal Criminally motivated attackers seek financial gain through monetary theft, data theft, or business disruption. Cybercriminals may hack into a bank account to steal money directly or use social engineering scams to trick people into sending money to them. Hackers may steal data and use it to commit identity theft or sell it on the dark web or hold it for ransom. Extortion is another tactic that is used. Hackers may use ransomware, DDoS attacks, or other tactics to hold data or devices hostage until a company pays. According to the X-Force Threat Intelligence Index, 27 percent of cyberattacks aim to extort their victims. Personally motivated attackers, such as disgruntled current or former employees, primarily seek retribution for some perceived slight. They may take money, steal sensitive data, or disrupt a company's systems. Politically motivated attackers are often associated with cyberwarfare, cyberterrorism, or "hacktivism." In cyberwarfare, nation-state actors often target their enemies' government agencies or critical infrastructure. For example, since the start of the Russia-Ukraine War, both countries have experienced a rash of cyberattacks against vital institutions (link resides outside ibm.com). Activist hackers, called "hacktivists," may not cause extensive damage to their targets. Instead, they typically seek attention for their causes by making their attacks known to the public. Less common cyberattack motivations include corporate espionage, in which hackers steal intellectual property to gain an unfair advantage over competitors, and vigilante hackers who use a system’s vulnerabilities to warn others about them. Some hackers hack for sport, savoring the intellectual challenge. Who is behind cyberattacks? Criminal organizations, state actors, and private persons can all start cyberattacks. One way to classify threat actors is by categorizing them as outsider threats or insider threats. Outsider threats aren’t authorized to use a network or device but break in anyway. External cyberthreat actors include organized criminal groups, professional hackers, state-sponsored actors, amateur hackers, and hacktivists. Insider threats are users who have authorized and legitimate access to a company’s assets and misuse their privileges deliberately or accidentally. This category includes employees, business partners, clients, contractors, and suppliers with system access. While negligent users can put their companies at risk, it’s only a cyberattack if the user intentionally uses their privileges to carry out malicious activity. An employee who carelessly stores sensitive information in an unsecured drive isn’t committing a cyberattack — but a disgruntled employee who knowingly makes copies of confidential data for personal gain is.
What do cyberattacks target?
Threat actors typically break into computer networks because they’re after something specific. Common targets include:
- Money
- Businesses' financial data
- Client lists
- Customer data, including personally identifiable information (PII) or other sensitive personal data
- Email addresses and login credentials
- Intellectual property, like trade secrets or product designs
In some cases, cyberattackers don’t want to steal anything at all. Rather, they merely want to disrupt information systems or IT infrastructure to damage a business, government agency, or other target.
What effects do cyberattacks have on businesses?
What is a cyberattack? A cyberattack is any intentional effort to steal, expose, alter, disable, or destroy data, applications, or other assets through unauthorized access to a network, computer system or digital device. Threat actors start cyberattacks for all sorts of reasons, from petty theft to acts of war. They use various tactics, like malware attacks, social engineering scams, and password theft, to gain unauthorized access to their target systems. Cyberattacks can disrupt, damage and even destroy businesses. The average cost of a data breach is USD 4.35 million. This price tag includes the costs of discovering and responding to the violation, downtime and lost revenue, and the long-term reputational damage to a business and its brand. But some cyberattacks can be considerably more costly than others. Ransomware attacks have commanded ransom payments as high as USD 40 million (link resides outside ibm.com). Business email compromise (BEC) scams have stolen as much as USD 47 million from victims in a single attack (link resides outside ibm.com). Cyberattacks that compromise customers' personally identifiable information (PII) can lead to a loss of customer trust, regulatory fines, and even legal action. By one estimate, cybercrime will cost the world economy USD 10.5 trillion per year by 2025 (link resides outside ibm.com). Report Cost of a Data Breach Get insights to better manage the risk of a data breach with the latest Cost of a Data Breach report. Related content Register for the X-Force Threat Intelligence Index Why do cyberattacks happen? The motivations behind cyberattacks can vary, but there are three main categories: Criminal Political Personal Criminally motivated attackers seek financial gain through monetary theft, data theft, or business disruption. Cybercriminals may hack into a bank account to steal money directly or use social engineering scams to trick people into sending money to them. Hackers may steal data and use it to commit identity theft or sell it on the dark web or hold it for ransom. Extortion is another tactic that is used. Hackers may use ransomware, DDoS attacks, or other tactics to hold data or devices hostage until a company pays. According to the X-Force Threat Intelligence Index, 27 percent of cyberattacks aim to extort their victims. Personally motivated attackers, such as disgruntled current or former employees, primarily seek retribution for some perceived slight. They may take money, steal sensitive data, or disrupt a company's systems. Politically motivated attackers are often associated with cyberwarfare, cyberterrorism, or "hacktivism." In cyberwarfare, nation-state actors often target their enemies' government agencies or critical infrastructure. For example, since the start of the Russia-Ukraine War, both countries have experienced a rash of cyberattacks against vital institutions (link resides outside ibm.com). Activist hackers, called "hacktivists," may not cause extensive damage to their targets. Instead, they typically seek attention for their causes by making their attacks known to the public. Less common cyberattack motivations include corporate espionage, in which hackers steal intellectual property to gain an unfair advantage over competitors, and vigilante hackers who use a system’s vulnerabilities to warn others about them. Some hackers hack for sport, savoring the intellectual challenge. Who is behind cyberattacks? Criminal organizations, state actors, and private persons can all start cyberattacks. One way to classify threat actors is by categorizing them as outsider threats or insider threats. Outsider threats aren’t authorized to use a network or device but break in anyway. External cyberthreat actors include organized criminal groups, professional hackers, state-sponsored actors, amateur hackers, and hacktivists. Insider threats are users who have authorized and legitimate access to a company’s assets and misuse their privileges deliberately or accidentally. This category includes employees, business partners, clients, contractors, and suppliers with system access. While negligent users can put their companies at risk, it’s only a cyberattack if the user intentionally uses their privileges to carry out malicious activity. An employee who carelessly stores sensitive information in an unsecured drive isn’t committing a cyberattack — but a disgruntled employee who knowingly makes copies of confidential data for personal gain is. What do cyberattacks target? Threat actors typically break into computer networks because they’re after something specific. Common targets include: Money Businesses' financial data Client lists Customer data, including personally identifiable information (PII) or other sensitive personal data Email addresses and login credentials Intellectual property, like trade secrets or product designs In some cases, cyberattackers don’t want to steal anything at all. Rather, they merely want to disrupt information systems or IT infrastructure to damage a business, government agency, or other target. What effects do cyberattacks have on businesses? If successful, cyberattacks can damage enterprises. They can cause downtime, data loss, and money loss. For example: Hackers can use malware or denial-of-service attacks to cause system or server crashes. This downtime can lead to major service interruptions and financial losses. According to the Cost of a Data Breach report, the average breach results in USD 1.42 million in lost business. SQL injection attacks allow hackers to alter, delete, or steal data from a system. Phishing attacks allow hackers to trick people into sending money or sensitive information to them. Ransomware attacks can disable a system until the company pays the attacker a ransom. According to one report (link resides outside ibm.com), the average ransom payment is USD 812,360. In addition to directly harming the target, cyberattacks can have a host of secondary costs and consequences. For example, the Cost of a Data Breach report found that businesses spend an average of USD 2.62 million on detecting, responding to, and remediating breaches. Cyberattacks can also have repercussions for victims beyond the immediate target. In 2021, the DarkSide ransomware gang attacked the Colonial Pipeline, the largest refined oil pipeline system in the US. The attackers entered the company’s network by using a compromised password (link resides outside ibm.com). They shut down the pipeline that carries 45% of the gas, diesel, and jet fuel supplied to the US East Coast, leading to widespread fuel shortages. The cybercriminals demanded a ransom of almost USD 5 million in bitcoin cryptocurrency, which Colonial Pipeline paid (link resides outside ibm.com). However, with help from the US government, the company eventually recovered USD 2.3 million of the ransom. What are the common types of cyberattacks? Cybercriminals use many sophisticated tools and techniques to start cyberattacks against enterprise IT systems, personal computers, and other targets. Some of the most common types of cyberattacks include: Malware Malware is malicious software that can render infected systems inoperable. Malware can destroy data, steal information, or even wipe files critical to the operating system’s ability to run. Malware comes in many forms, including: Trojan horses disguise themselves as useful programs or hide within legitimate software to trick users into installing them. A remote access Trojan (RAT) creates a secret back door on the victim’s device, while a dropper Trojan installs additional malware once it has a foothold. Ransomware is sophisticated malware that uses strong encryption to hold data or systems hostage. Cybercriminals then demand payment in exchange for releasing the system and restoring functionality. According to IBM’s X-Force Threat Intelligence Index, ransomware is the second most common type of cyberattack, accounting for 17% of attacks. Scareware uses fake messages to frighten victims into downloading malware or passing sensitive information to a fraudster. Spyware is a type of malware that secretly gathers sensitive information, like usernames, passwords, and credit card numbers. It then sends this information back to the hacker. Rootkits are malware packages that allow hackers to gain administrator-level access to a computer’s operating system or other assets. Worms are self-replicating malicious code that can automatically spread between apps and devices.