Search This Blog

Powered by Blogger.

Blog Archive

Labels

Showing posts with label Economy. Show all posts

Cyberattacks On Small Businesses: The US Economy’s ‘Achilles Heel’?


Small business firms play an important role when it comes to the economy, but they are more vulnerable to cyberattacks. 

At the time when Elena Graham, co-founder of Canada-based security service CYDEF, started selling cyber security software to smaller firms and businesses, business was relatively slow. However, now the demand is increasing, driven by a sharp rise in remote work that has exposed small businesses to cyberattacks. 

Since the start of the year, business at her security firm has tripled reaching an all-time high. "It was a total head-in-the-sand situation. 'It's not going to happen to me. I'm too small.' That was the overwhelming message that I was hearing five years ago. But yes, it is happening." says Elena. 

But with the booming security services, one can deduce that small businesses are comparatively at higher risk of being attacked by threat actors, than large businesses, as noted by Barracuda Networks.  

The risks were dramatically bolstered by the global pandemic. According to a report by RiskReconm, a Mastercard company that evaluated companies’ cyber-security risk, cyberattacks on small companies surged by more than 150% between 2020-21. 

"The pandemic created a whole new set of challenges and small businesses weren't prepared," says Mary Ellen Seale, chief executive of the National Cybersecurity Society, a non-profit that helps small businesses create cyber-security plans. 

In March 2020, at the peak of the pandemic, a survey of small businesses by broadcaster CNBC concluded that only 20% planned on investing in cyber-protection. 

Working remotely, during the pandemic, meant that more personal devices like smartphones, tablets, and laptops had access to sensitive corporate information.  

Lockdown, however, put a strain on budgets, curtailing the amount of money businesses could invest in security. Cybersecurity and costly in-house experts were frequently out of reach. Consequently, the weak cyber-security infrastructure was prone to cyber-attacks. 

With just one compromised supplier, cyber criminals could access networks of organizations further up the supply chain. According to Ms. Seale, "Large businesses depend on small businesses[…]They are the lifeblood of the United States, and we need a wake-up call." Small businesses account for more than 99% of companies in the US and employ nearly half of all Americans, playing a critical role in the global economy. In regard to this, Dr. Kim says they are like the economy's "Achilles heel". 

“They may be a small company but what they sell to large businesses could be very important. If they're hacked, [their product] won't be fed into supply chains and everything will be affected," Dr. Kim further adds. 

Reserve Bank Stress Tests Simulate Stagflation


As part of their latest Reserve Bank solvency stress test, New Zealand banks were asked to take into account a cyberattack for the first time. Despite a severe stagflation-like scenario, the Reserve Bank says most firms would have to raise capital, restrict dividends and cut expenses to be able to keep functioning, even though they will have to raise fresh capital, limit dividends, and cut expenses to do so. 

During the stagflation scenario considered in the model, high inflation, increasing interest rates, and a severe recession resulting in a surging unemployment rate are some of the features modeled. Since 2014, it has been the first time a reserve bank has conducted a stress test in which high-interest rates were present. 

Banks included in the annual stress test were ANZ NZ, ASB, BNZ, Westpac NZ, Kiwibank, Heartland Bank, TSB, ICBC, and Bank of China. They received instructions from the Reserve Bank in April. 

6% was the Consumer Price Index inflation rate for the NZ economy. According to Statistics NZ, this was below the 7.2% reported in the current year, as well as the 6.9% reported by Statistics NZ in May for March. 

As part of the arrangement, the Reserve Bank also had to increase the Official Cash Rate (OCR) from just 1% – the rate it had at that time – to 3% by the year 2022. Currently, the OCR stands at 3.5%. It is expected to increase to at least 4% on November 23, 2022. This is when it will be reviewed for the last time of the year. A significant part of this scenario includes the sale of the NZ dollar. This has been an element of inflation that has been imported, and which has been occurring this year as well. 

The Reserve Bank will incorporate a specific cyber risk event into the stress test that will be administered to participating banks in 2022 for the first time. Over time, this resulted in 1.3 billion dollars in aggregate costs. 

In addition to considering how a cyberattack would impact the banks' business, this year's solvency stress test also asked banks to consider how low the likelihood of such an attack was. This is in response to a one-in-25-year cyber risk event that may threaten the general banking system. 

To tackle this challenge, banks have come up with several strategies, such as modeling the impacts of different scenarios. These include distributed denial of service attacks, attacks that lock banks out of critical infrastructure, kill chain malware, ransomware, and other threats. These attacks are modeled to last for at least one to two months in the event of a significant attack.

It can be assumed, therefore, that the estimated losses resulting from each event will vary as expected. This is based on the benchmark and the operational risk of the bank at the time. There is an assortment of reasons why companies lose money, including reimbursements from customers, consultancy and legal fees, losses in business, technology upgrades, communications and media expenses, and technology upgrades, according to the Reserve Bank of Australia. 

Banks should be aware that multiple risks can crystallize and need to be managed during economic downturns, the Reserve Banks emphasize. The Reserve Bank also shared, "this is even though the aggregate cost of the cyber risk event was small compared with impairment expenses in this stress test. Our understanding of banks' handling and quantification of cyber-risk stress events was enhanced by the exercise." There is one thing in your life that you have no control over:

Last week, in an interview with interest.co.NZ, ANZ NZ CEO Antonia Watson told the website that attackers strive "all the time" to penetrate the bank's security system. 

According to Watson, "This is one of the things you cannot do anything about since there will always be someone who will find some way of finding a backdoor."

Cyberattacks can happen to organizations of all sizes, which is why it plays a crucial role in our risk management strategy as a business. Because of that, it is one of the key risks that we see as a business. This is why we invest so much money to help educate our customers regarding these types of attacks.

National Australia Bank's Ross McEwan, the CEO of the bank's parent company BNZ, revealed last week that NAB's digital channels receive approximately 50 million attacks every month. He further notes that this incident along with the recent cyber-attack on Optus in Australia is what keeps CEOs awake at night. 

The scenario

During the NZ economy's stress test scenario, the following scenarios will be experienced:

• In comparison to the peak in November 2021, house prices have fallen by 42% (47% from its peak in November 2021) 

• A 38% decline in equity prices has been recorded since December 2021 (42% in the past year). 

• At the same time, the unemployment rate rose from 3.3% to 9.3%. 

• During the period of the recession, the gross domestic product decreased by 5%. 

• A peak in the OCR has been recorded at 5.5%, as well as the peak in the 2-year mortgage rate of 8.4% (the average bank's 2-year rate at the moment is 5.8%, but the big five banks all have rates above 6%); 

• There is one more aspect of the economic scenario that banks must take into account and model as well, which is a cyber-risk event that occurs once every 25 years. 

A scenario like this has the potential to generate aggregate impairment expenses for banks of $20.8 billion over the next four years, which is higher than the $1.7 billion that has been incurred from the COVID-19 pandemic in the last four years, according to the Reserve Bank. During the second year of the four-year stress test, banks have been sinking into the red. 

During the stress test, the common equity Tier 1 ratio for the aggregate company fell by 3.3 percentage points to a minimum of 8.9% before mitigation. This is well above the regulatory minimum of 4.5% as shown in Figure 1 [below]. 

According to the Reserve Bank of Australia's report on its 2022 stress testing program, this annual solvency stress test was included in the Reserve Bank's stress testing program for the year 2022. Additionally, a liquidity stress test and a test to determine whether the residential mortgage portfolio is sensitive to flooding risks were also included in the study. As part of the Reserve Bank's Financial Stability Report released on Wednesday, the Reserve Bank will present a summary of the "high-level results" in these two areas. 

In its description of the stress test on solvency, the Reserve Bank thinks that it is predominantly a bottom-up exercise, where banks normally use their models, sometimes on a loan-by-loan basis, to estimate the impact of the Reserve Bank's specified scenario on capital ratios in the future. 

During the release of the instructions and templates for the solvency stress test, the company noted that it is the first time that these have been published publicly.

Venezuelan blackout due to cyber-attack, says president


Over the last two months, Venezuela has been going through a political and economic crisis with two claimants to the President’s chair and the US imposing sanctions to pressure the incumbent regime. Matters reached a head last week when opposition leader Juan Guaidó, who has declared himself acting President and has the support of the West, returned home after a self-imposed exile to cheering crowds in Caracas. He is trying to force out left-wing dictator Nicolas Maduro, President since 2013, who has declared himself the winner of a controversial election.

Guaidó, 35, was born in the beach town of Vargas, which was severely hit by flash floods in 1999. The family moved to Caracas, where Guaidó studied engineering. It was in 2006 that Guaidó emerged in politics, as one of the principal leaders campaigning for freedom of the press amid a crackdown by then President Hogo Chávez. Guaidó formed his party, Voluntad Popular, which is today leading the fight against Maduro. This year, Guaidó’s party declared him President of the National Assembly, the country’s Parliament.

Ever since the global crude oil downturn, Venezuela has slipped into an economic crisis. Its crime rate has doubled and inflation multiplied. The West-imposed sanctions have now led to a prolonged electricity blackout.

Seventeen people have died in Venezuela's massive power outage, "murdered" by the government of President Nicolas Maduro, opposition leader Juan Guaido alleged Sunday.

The blackout heightened tensions between the opposition and government loyalists, who accuse each other of being responsible for the collapse of the power grid.

Venezuelan president says complete blackout caused by 'an international cyber-attack' with support from within.
Venezuela's President Nicolas Maduro says the country's complete electrical failure has been caused by "an international cyber-attack" but that his administration has "defeated their coup".

Guaido, Venezuela's self-declared interim president, said Sunday that 16 states continued to be completely without power, while six had partial power. He said the private sector had lost at least $400 million from power outages.

Electricity was cut to 70% of the South American nation late last week, and officials warned that hospitals were at risk.’

"Venezuela has truly collapsed already," Guaido told CNN Sunday in an interview in a sweltering hotel room in the Venezuelan capital -- another byproduct of the blackouts.

The United States failed to establish deterrence in the aftermath of Russia’s interference

The United States of America has yet again neglected to build up deterrence in the consequence of Russia's interference in the 2016 election. And there is no surprise as to why it failed to do so. Which it did in light of the fact that Russia proceeded to forcefully employ the most noteworthy part of its 2016 toolbox: the utilization of social media as a platform to disseminate propaganda intended to debilitate or in simpler words weaken their country.

Former CIA Director Michael Morell and former Chairman of the House Intelligence Committee Rep. Mike Rogers, R-Michigan, said that Russia has continued its cyber-attacks against the United States. Both of them serve on the advisory council for the Alliance for Securing Democracy, say that the U.S. has neglected to prevent Russia from utilizing social networking to "disseminate propaganda designed to weaken their nation”.

"There is a perception among the media and the general public that Russia ended its social-media operations following last year's election and that we need worry only about future elections. But that perception is wrong. Russia's information operations in the United States continued after the election and they continue to this day," they wrote on Tuesday for The Washington Post.
As reported by them, the Russian government is as yet sending viable and effective tactics that focus on particular gatherings and politicians, much as they did earlier by controlling social media in the race to the 2016 election.

As per Rogers and Morell, Russian-influenced Twitter accounts were leading members in November's #BoycottKuerig movement via social media. The boycott started to dissent the coffee-maker organization pulling its advertisements for Sean Hannity's Fox News show.

"This was a Russian attack on a U.S. company and on our economy," Morell and Rogers said.

Morell and Rogers warn that Russia's utilization of web-based social networking as a "political weapon" that will continue pushing ahead in the future, with more nations expected that would stick to this same pattern, unless and until the U.S. intervenes.

"The sanctions that the Obama administration and Congress put in place in the aftermath of the 2016 election are steps in the right direction, but they were not significant enough to check Russian President Vladimir Putin," Morell and Rogers suggest.


Additionally included saying that true deterrence requires arrangements or such policies that keep adversaries from accomplishing their targets all the while imposing noteworthy expenses on their regimes, out of which they have done neither.