OFFICIAL PUBLICATION OF THE LOUISIANA AUTOMOBILE DEALERS ASSOCIATION

Pub. 1 2024 Issue 3

Cost, Loss and the Way Forward

Cost, Loss and the Way Forward

In today’s interconnected digital world, with our ever-growing reliance on the software and technology that drive our everyday tasks, the specter of cyber threats looms larger than ever before. From stealthy, sophisticated and sometimes state-sponsored hackers seeking to exploit vulnerabilities in our systems to the average untrained employee clicking a link, the landscape of cybersecurity is fraught with complexity and constant evolution. As businesses and governments alike navigate this treacherous terrain, the need for vigilance, preparedness, innovation and a willingness to learn continues to be urgent. Without them, the consequences can often be unfortunately costly.

In 2023 we saw an estimated $1.1 billion dollars being paid in ransomware payments through cryptocurrency. This represents a rise of nearly 100% from 2022, according to Chainalysis and their tracking of the cryptocurrency used in these transactions. Of note, this is the highest number documented since tracking of these transactions began. While the ransom portion of these attacks can be costly, it does not represent the total financial losses that can be felt in the aftermath of a cyberattack.

With each breach, we must account for the days, weeks and even months that a business or organization may be unable to function. The average cost of a data breach globally in 2023 was $4.45 million. Leading the tally are businesses within the United States, having paid an estimated $9.48 million per breach. According to the FBI’s annual IC3 (Internet Core Competency Certification), some 880,418 complaints were filed with the FBI, costing Americans over $12.5 billion in 2023.

As our daily routines become more reliant on technology, we face the growing possibility of more attacks on our services over our direct networks and systems. Most recently, nearly 15,000 car dealerships were prevented from executing their most basic function of selling cars after a direct denial of service attack on the dealer management software CDK. The responsible Eastern European crime group demanded $25 million — a sum that it is expected CDK paid, with multiple sources close to the matter telling CNN’s Sean Lyngaas. This is a fraction of the cost North American auto dealers are expected to see in losses that are estimated by Anderson Economic Group to exceed $1 billion.

Auto dealers are not the only industry having suffered from these attacks. United Heath Group was documented as having paid $22 million to a cybercriminal group during an attack in February of 2023. MGM suffered $100 million in losses during mitigations after deciding not to pay the ransom, while the city of Dallas, Texas, approved an $8.5 million in emergency budget for recovery and mitigation efforts. Whether it’s large or small corporate or small businesses, these attacks are varied and non-discriminatory.

Having surely caused everyone’s financial stomachs to turn at these numbers, let me assure you that there are teams of professionals, companies and government agencies who stand ready to defend against these very threats.

At any given moment, cyber squads supporting the FBI’s 56 field offices are working tirelessly with other government agencies to investigate and remediate cybercrimes while aiding in the development of modern mitigation methods and the prosecution of known bad actors.

As mentioned when we started, these modern threats require vigilance, preparedness, innovation and a willingness to learn. The investment of time and financial resources into protecting our organizational processes, systems and networks is vital. IBM reports that the average savings for organizations using security is $1.76 million.

As most people only feel so confident in cybersecurity, it is recommended to have knowledgeable and confident personnel supporting your team daily. An internal IT team with cybersecurity experts can be an asset but often takes a significant amount of time to build and hire. Alternatively, managed service providers and cybersecurity-specific companies exist to support your internal teams or act as your team daily.

Protecting businesses and organizations can too often be an afterthought for those in control. With the attack frequency and cost of each attack growing annually, it is not a matter of if but when a cyber threat will affect your business. Often these attacks are preventable with the proper training, equipment and supporting individuals.

Are you ready?

Get Social and Share!

Sign Up to Receive this Publication in your inbox