How do cyberattacks really affect us?

How do cyberattacks really affect us?
Computer code is seen on a screen above a Chinese flag in this July 12, 2017 illustration photo. REUTERS/Thomas White/Illustration
While most people might not necessarily still be running Windows Vista on their home computer, this kind of hack is a real threat to large companies or government departments because they don’t swap their computers out as often.

What exactly are cyberattacks?

  • If you think about a cyberattack, you might come up with the image of a hacker in a dark room, typing furiously on a computer as green code runs across the screen faster than we can read. Well, it’s not quite that sexy.
  • Cyberattacks can take all sorts of different forms, but the basic definition is any deliberate hacking of computer systems to collect data, alter the system, exploit people, the system works or expose pieces of the system.
  • The most common type of cyberattack is called ransomware, which is a kind of hack that holds a system or the data in it hostage unless certain criteria are met (usually a cryptocurrency payment).
  • Ransomware is only one kind of hack though; some hackers collect classified information, others simply overload a system, making it completely unusable.
  • Some attacks are even just done to test or stop a system, and make it easier to complete a future hack.
  • Ransomware doesn’t just attack individuals; there are cases where the computer networks for entire towns are held hostage, stopping government payroll, preventing people from paying their bills and locking workers out of their files.

Can’t you just download antivirus software?

  • Well, it isn’t quite that simple.
  • Antivirus software is almost always a good thing, but saying it solves every cybersecurity problem is kind of like saying installing bulletproof windows in your home will protect you from getting struck by lightning.
  • See, lots of hacks take advantage of vulnerabilities in the technology itself and not necessarily through brute force.
  • Sometimes hackers get in through bugs in updates, and other times they get in because new-age hacking is more advanced than the security of older devices.
  • For example, one type of attack, called a teardrop attack, focuses on the Windows Vista or Windows 7 operating systems, because of the somewhat outdated way the systems transfer data.
  • While most people might not necessarily still be running Windows Vista on their home computer, this kind of hack is a real threat to large companies or government departments because they don’t swap their computers out as often.

What can happen if a business is attacked?

  • It depends on what that business does, but it’s becoming clear that cyberattacks can disrupt production and distribution networks, causing some pretty big problems.
  • One major instance of this happening occurred earlier this year, when the Brazil-based JBS, was hit with a ransomware attack that forced it to shut down several plants in the United States and Australia, shaking beef markets globally.
  • JBS quickly paid US$11 million in ransom to the hackers to get the systems back online, resulting in under a day’s loss of production.
  • If the problem had persisted and gotten passed down the supply chain though, because four companies, JBS being one of them, handle most of the US’ cattle for beef, your wallet may have felt it at McDonalds while buying a burger.
  • Another cyberattack from this year, which targeted a software provider, affected hundreds of different businesses around the world, including one of Sweden’s largest grocery chains, temporarily shutting down 800 stores across the country.

So, just stick to non-perishables?

  • You’re welcome to keep all the beans you want in your cabinet, but grocery stores and meatpacking plants aren’t the only ones at risk for cyberattacks.
  • Another example of a cyberattack affecting important supply chains when, in May, when the Colonial Pipeline Company was hit an attack that disabled a major supply of fuel in the southeastern part of the US for several days.
  • As a result, people went into a panic-buying frenzy, causing gas shortages and price spikes in some places. According to travel app GasBuddy, about 1,800 stations across the US were left without fuel.
  • “It’s more likely that fuel shortages will be a result of panic buying from consumers watching the headlines unfold, as opposed to shortages directly caused by the attack,” the former industrial control systems director for the Cybersecurity and Infrastructure Security Agency (CISA) said Marty Edwards to Reccode, .
  • “This is something we saw with Covid and grocery stores selling out of household items,” he said. “Regardless, it shows the impact cybersecurity has on our everyday lives.”
  • But these cyberattacks involve another factor that needs to be considered; the group involved in the hack is believed to be based in Russia, and it attacks primarily Russian rival countries.

Does that make this some sort of geopolitical act of war?

  • It isn’t being treated quite as dramatically as that, but there is still some question as to how cyberattacks should be treated.
  • These groups aren’t necessarily sponsored by the Russian government, but the Russian authorities typically turns a blind eye to them if they attack Russian rival countries.
  • But some, such as Joshua Rovner, who was scholar-in-residence at the National Security Agency and US Cyber Command until 2019, says that cyberattacks more closely resemble the types of “intelligence contests” that were seen during the Cold War.
  • These intelligence contests, he writes in War on the Rocks, should be treated as being indefinitely long and numerous, like spycraft and espionage were at the time, and are really meant to collect and use information to change positions on the global scale.
  • Rovner doesn’t argue that the things at stake in these contests aren’t important, but just that they’re fundamentally different from direct contests (such as military battles), because they provide ambiguous results with no clear victory or loss.

So, what’s next?

  • Well, Biden is working to protect critical American infrastructure from cyberattacks, even signing an executive order that set up “cybersecurity performance goals” for companies to voluntarily meet.
  • But as a global challenge, cyberattacks are here to stay.
  • Generally speaking, the cyberattacks scale remarkably well in terms of how effective they work and can target anyone from individuals, to companies, to governments.
  • It looks like some of the problem solving will have to happen on the cybersecurity front, while some will have to happen diplomatically.
  • Ultimately, though, we will all probably see the effects of cyberattacks at some point. Whether it’s through supply chain problems like in grocery stores or gas pipelines, or whether it’s through new security measures we use regularly, like two-factor authentication.

Have a tip or story? Get in touch with our reporters at