For the first time in a few years, I went to Infosec to catch up with a few old friends. Cyber security was one of my journalist beats – and I was surprised how sophisticated the attacks have now become.
The cyber security industry will boom this year, but ratings agency Moody’s suggests most organisations are unprepared for attacks.
According to research by IBM, it takes 280 days to find and contain the average cyberattack, while the average attack costs $3.86 million. Cybersecurity Ventures predicts global cybercrime costs to grow by 15 percent per year over the next five years, reaching $10.5 trillion USD annually by 2025. As CyberCrime editor @Steve Morgan says, “If it were measured as a country, then cybercrime — which is predicted to inflict damages totaling $6 trillion USD globally in 2021 — would be the world’s third-largest economy after the U.S. and China.”
But the growing industry signals that threats continue to rise and as they do, four global issues are driving an exponential rise in cyber-attacks:
1 – The Great Resignation
The sustained mass exodus of employees worldwide carries an increased risk in the volume of disgruntled employees – the greatest source of internal breaches.
Breaches, such as data theft, accidental exposure combined with hybrid working are mild compared to serious grudges that have shown employees to leak data or give ransomware hackers access to the companies.
According to research from Code 42, there is a one in three (37%) chance your company loses IP when an employee quits. Almost all companies (96%) experience challenges in protecting corporate data from Insider Risks and 73% report Insider Risk is a big problem within their company.
2 – War in Ukraine
The UK’s National Cyber Security Centre (NCSC) has warned businesses to suit up to defend from long-term cyber-attacks – and to ensure cyber security staff don’t become burned out due to the sheer scale of the task ahead. Many of these will be fuelled by the conflict in Ukraine.
Paul Maddinson, NCSC Director for National Resilience and Strategy, said: “From the start of the conflict in Ukraine, we have been asking organisations to strengthen their cyber defences to help keep the UK secure, and many have done so. But it’s now clear that we’re in this for the long haul and it’s vital that organisations support their staff through this demanding period of heightened cyber threat.”
According to research from Appriver, 93 percent of survey respondents believe as foreign adversaries attempt to breach national security or wage cyberwar, they will use small businesses such as their own as entry points. Among them, two-thirds expect this threat to become even more severe.”
3 – Inflation
Okay – bear with me on this one.
Crypto is the currency of choice for the cyber criminal. In fact, the criminal. Crypto prices have fallen over, with hundreds of billions of dollars of value – gone. One of the reasons for this is the increase in mining costs of crypto as energy prices have shot up amid rising inflation.
These circumstances are pushing cybercriminals to rethink how they operate, moving them away from crypto and back to more traditional cybercrime that pays out in hard currency. Trojan horses, malware and phishing attacks etc can be much less detectable than going head to head with a corporate.
In other words, inflation is changing the nature of attacks and the effort vs risk vs output equation has changed.
4 – Hybrid working
Finally – with so many employees and employers uncertain about how they should work for optimum productivity vs life balance, hybrid working is set to stay. Only this opens many security challenges for companies. Unsecured home networks, use of personal devices and even distraction are all contributing factors.
Research by Deloitte details that a quarter of employees have noticed an increase in attempted cyber attacks since the pandemic.
So, it’s no surprise that 55% of IT leaders said that their top challenge is training employees on how to securely and compliantly work from home.
If your organisation needs to evolve – in product, strategy or engagement, why not get in touch. We’d love to help you.