The year 2021 was a record year in many fields of the technology sector, but it will also be remembered as one of the most remarkable years in the history of cyber attacks both on the global landscape and the Israeli one.
A year that began with the most sophisticated cyber attack the world has ever seen (“Sunburst,” which attacked multiple companies and government by exploiting one of their own vendors) quickly became the year with the biggest number of attacks on almost every sector.
In Israel, a hotbed for both politically and financially driven hacking activity, we saw a dramatic spike of attacks, which were both very public and very painful in the scope of targets and data exposed. From law firms to hospitals, insurance companies to universities, dating sites to start-ups– the Israeli public became more common with terms like ransomware and breaches than ever before.
This is not a coincidence.
The COVID Pandemic transformed our lives in many ways, and shattered previous norms of how we work, how we shop and how we communicate with each other. We were all pushed to adopt the digital way of living, and even when the infection rate decreased - we remained hybrid. 2022 may be the year in which the pandemic will become history, but its effect on our lifestyle is here to stay. The digital way of living is the new normal, and this rapid transformation directly inflicts on a wider cyber attack surface.
At the same time, despite the fact that successful cyber attacks dominated the news and we all saw how hospitals seized their operations and personal information was widely shared, some common response were – “so what?” or “Why should I care if my ID is now shared by groups of hackers?”
These questions represent an astonishing gap between the number of actual cyber victims and their understanding that this is what they are, victims of attacks. This is a real problem, because it is the exact notion that unintentionally harvests more attacks. It’s the same kind of passiveness that many enterprises expressed before the pandemic, and was later the reason for the unprecedented amount of attacks during the pandemic itself.
Here’s why you should all care – it is your problem and it will get worse in 2022.
In the digital era – one’s personal information (a company's and an individual's alike) is their actual identity. Any piece of information collected by hackers is summed up to a puzzle of the tools with which we carry out our businesses.
On a company level – with its IPs, user names and passwords it conducts its operations and generate its services. On a personal level – with our ID number, home address and credit cards - we practically live our lives.
When an attack succeeds to obtain a piece of information about us or our enterprise, this piece of information is the foundation of the next attack against us. A company whose list of vendors gets into the wrong hackers’ hands will later be targeted in a supply chain attack exploiting one of these vendors. A person’s phone number and full name getting into the wrong hackers’ hands will later be used for a phishing attack which will steal their bank credentials and their money.
This is how this world works and why we are all under attack.
It was no surprise that users of a popular, hacked, dating site were quickly the targets of social media hijacking which locked them out of their personal accounts. Several months after the entire Israeli voting registration file was breached, we saw hackers infiltrate our money transfer apps and reportedly stole huge amount of money from countless Israelis.
When your information is out – your’e not just the victim of the previous attack – you’re now the probable victim of the next one.
The internet is wonderful thing, of course, and this digital transformation makes our lives easier, faster and more efficient. It is truly something to celebrate.
But it also includes risks. The success of 2021 has already increased the appetite of the 2022 hackers. They will look for more ways to exploit this “new normal."
To put it simply – if it worked in 2021, you will see more of it in 2022: More attacks exploiting the supply chain, more attacks targeting our mobile phones through which we run our lives, more targeting of popular digital platforms which hold enormous amounts of information on all of us.
In the course of the COVID pandemic, 2021 was the year of prevention. The world accepted the challenge of a disease once regarded as “a flu with good PR” and invented the vaccines and the medicines that help prevent the spread of the virus.
Let’s apply what we learned on this cyber pandemic – acknowledge the challenge, step up our defenses to the level of the threats and prevent the next attack (not just detect it and become a victim). It took us some time to understand that the pandemic was everyone’s business, and cyber attacks are the same.
If we won’t care, we are doomed to become a victim. And f we remain vigilant, COVID will not be the only virus we can beat together.
Gil Messing is head of Global Corportate Communications for Check Point.