Cyber-crime is on the rise around the world, driven by global connectivity and the increasing use and reliance on cloud services. As organisations embrace cloud services, normal on-premise security or firewalls controls and data governance processes no longer apply, which presents new challenges to businesses wishing to ensure the security of their sensitive data.
Couple the increasing reliance on third party cloud providers with the ever-increasing sophistication of cyber criminals means cyber security becomes more important than ever before.
Long gone are the days when antivirus software and a solid firewall are enough to protect your business. Cyber threats can come from any level of your organisation from the simple yet extremely effective email phishing scams to the more sophisticated and targeted cyber security attacks including ransomware and malware, designed to steal intellectual property and personal data or to prevent an organisation from legitimately accessing its own company data, unless a ransom is paid..
We’ve already talked in-depth about the biggest threats to Cyber Security in 2020 and you can read the full breakdown in our recent post. To summarise, these are the areas we have identified as the five biggest threats to cyber security in 2020:
- Cloud vulnerability
- Sophisticated phishing attacks
- IoT-based attacks
- Vehicle cyberattacks
Cyber criminals are focusing on three key areas when it comes to attacking your business: Disruption, Distortion and Deterioration.
Another factor influencing the growing levels of global cyber-crime is a worldwide shortage of cyber security professionals. CNBC reported in 2019 that there were 2.93 million cyber security positions unfilled around the world.
This paucity of cyber security professionals has organisations asking themselves “Do we really need cyber security?”. We attempt to answer this as follows:
The importance of cyber security
Cyber attacks are the fastest growing crime in the US, increasing in size, sophistication, and cost. While investment in cyber security continues to grow (Gartner, Inc. forecasted a growth of 8.7 percent to $124 billion in 2019), it is not keeping pace with the US growth of cybercrime.
In a global context, in 2016, Cybersecurity Ventures predicted that by 2021 cybercrime will cost $6 trillion annually, up by $3 trillion from 2015. This represents a huge global increase in scope and financial impact of cybercrime across the board. If you do not have a cyber security strategy or focus, now is the time to invest and ensure your business is protected, as much as it can be, from the threats of cybercrime.
Our increased reliance on technology is the reasons cyber security measures are now so important. Whether in our personal lives or at work, we use technology as a solution to almost every problem. We store our passwords in third-party tools such as One Password or LastPass and we keep our credit card and bank details in cloud storage services like Dropbox or Google Drive. In doing so, we open ourselves to the threat of cybercrime.
A big step in winning the fight against cyber-crime is acknowledging that no one, from individuals to large multi-nationals, is immune from the threat posed by cyber-crime. One of the worst things you can assume is that ‘it will never happen to me’.
Education is a crucial part of the strategy to combat cyber-crime and it is important that everyone in your organisation, from the CEO to the clerical staff, understands the potential risks when utilising your network and applications.
Why is cybercrime growing so quickly?
As we already discussed, the increased use of cloud services for storing sensitive data is one of the reasons why cybercrime is on the rise so significantly. Most businesses simply don’t have the storage and infrastructure to keep all their sensitive data in secure, data storage facilities on-site. Even if they did, preventing users from adopting cloud services for some of their day-to-day business tasks is extremely difficult. Whether a business wants it or not, whether a business likes it or not, business users are likely to already be reliant on cloud services.
It also isn’t the case that you can be selective about what cloud services your users adopt. While it might seem sensible and even possible to simply block personal cloud services, doing so will have unintended consequences such as making your organisation exceptionally unattractive as an employer to gen-x and gen-y employees. And even if you “tie down” the desktop device, what will you do about the employees’ mobile phones and devices, that are likely also on your corporate network. Today, Bring Your Own Device (BYOD) = (BYOC) Bring Your Own Cloud.
Social engineering remains the most prevalent form of cyber-attack with ransomware and phishing being the most common attack vector. Third-party and fourth-party vendors who process your data and have poor cybersecurity practices are another common attack mechanism, making vendor risk management and third-party risk management even more important. And with the distributed nature of cloud services, often housed in datacentres spread across the world, for reasons or availability and redundancy, just how do you confirm that your data is stored in an accredited data centre or even in a country or jurisdiction with laws similar to your own?
Other factors driving the growth in cybercrime include:
- The distributed nature of the internet
- The ability for cybercriminals to attack targets outside their jurisdiction making policing extremely difficult
- Increasing profitability and ease of commerce on the dark web
Protecting your business against cybercrime
Hopefully, this article has provided you with a wake-up call if your cyber security policy is not up to date, or worse still, you don’t have a cyber security policy.
According to the annual Cost of Data Breach Report conducted by IBM in 2019, it takes on average 297 days for organisations to identify and contain a cyber security breach. The lifecycle of a malicious attack from breach to containment is 314 days.
If you don’t have a cyber security policy in place, you are leaving yourself open, not only to a breach, but to the huge cost of recovery. The IBM Report states that a breach lifecycle under 200 days costs $1.2 million less than a lifecycle over 200 days. Detecting the breach as early as possible is obviously crucial in managing the potential cost impacts on your business and that’s where NEC can help.
Here at NEC New Zealand, we offer a wide range of cyber security services and solutions. Our cyber security experts are continually analysing the latest threat and vulnerability information collected from around the world and adding it to a “security intelligence” database and knowlegebase.
NEC uses this “security intelligence” combined with our security platform and Security Operations Centre that allows for real-time visualisation to provide “Proactive Cyber Security Solutions” that implement proactive and effective measures before cyber-attacks occur. These solution offerings are known as the “NEC Cyber Security Platform.”
If you would like to find out more about the NEC Cyber Security Platform, or you would simply like to talk to someone about the cyber security needs of your business, drop us a line and we would be glad to provide you with a consultation.
Our suggestion is that you do so BEFORE you are attacked, before it is too late.