{"id":14511,"date":"2021-09-10T16:10:57","date_gmt":"2021-09-10T15:10:57","guid":{"rendered":"https:\/\/www.innovationnewsnetwork.com\/?p=14511"},"modified":"2021-09-23T09:09:21","modified_gmt":"2021-09-23T08:09:21","slug":"only-cyber-security-investment-can-tackle-the-growing-threat-of-cybercrime","status":"publish","type":"post","link":"https:\/\/www.innovationnewsnetwork.com\/only-cyber-security-investment-can-tackle-the-growing-threat-of-cybercrime\/14511\/","title":{"rendered":"Only cyber-security investment can tackle the growing threat of cybercrime"},"content":{"rendered":"
From 2015 onwards, the scourge of ransomware attacks on small, medium,\u00a0and\u00a0large enterprises grew at a phenomenal rate and moved from cottage industry to sophisticated operations run from globally connected criminal havens. Since 2012, those of us working in cyber threat intelligence and the cyber-security industry predicted the cybercriminal growth trend, but even the most audacious estimates of growth fell woefully short of the reality.<\/span>\u00a0<\/span><\/p>\n It is estimated that the cost of ransomware to businesses will top $20bn in 2021 and that global damages related to cybercrime will reach $6 trillion. The estimate includes the cost to restore and mitigate following a ransomware attack and is not limited to actual ransom payments. 1 \u00a0<\/sup><\/p>\n No board members, executives, managers or even members of staff should be unaware of the relentless cyber-attacks and cyber-<\/span>security challenges<\/span><\/a>: they are in the news almost daily in one form or another. It could have been a customer of yours, a supply chain partner of yours or even your organisation itself which has fallen victim. Anyone that has endured a ransomware cyber-attack knows all too well the inconvenience and the difficulty of recovery back to normal operations.\u00a0It is\u00a0not like anyone can ignore the warning that \u201cyour files have been encrypted\u201d.<\/span>\u00a0<\/span><\/p>\n Although the mainstream media covers the big stories, there is one key point which is often missed in the breathless reporting of the internal state of an organisation as it battles to regain control from a cybercriminal attack. The key takeaway is ransomware is a failure of the organisation\u2019s cyber-security measures \u2013 regardless of the \u201csophisticated\u201d or even \u201cpredictable\u201d nature of the attack.<\/span><\/p>\n The frustration of watching a cyber-attack unfold inside an organisation comes from the realisation that there are several perfect moments during and before the attack where the damage could have been prevented or the attack avoided all together. Although technical security controls play a role in a data breach, the key question to ask after the dust settles is: \u201cWhat could we have done before the attack happened?\u201d The answer is equally straightforward: make the business case for proactive\u00a0investment in\u00a0cyber-security.<\/span>\u00a0<\/span><\/p>\n Kaspersky has startling data from a 2020 survey\u00a0that\u00a0really underscores the importance of proactive cyber-security investment. Here are a few of the highlights from their data:<\/span><\/p>\n Financial losses<\/span><\/b> – 32% lower in enterprises that could detect a breach almost instantly, compared to those that did so in a week or longer. <\/span>2<\/span><\/sup><\/p>\n IT lifecycle management<\/span><\/b> – the cost of a data breach rises by 47% to an estimated $1.3m in enterprises that still deploy outdated technology, compared to $836k where all software and hardware are up to date.\u00a0<\/span>2<\/span><\/sup>\u00a0<\/span><\/p>\n Data Retention & Collection<\/span><\/b>\u00a0– enterprises that collect customer data lose 62% more ($1.3m) than peers\u00a0that\u00a0do not ($807k).\u00a0<\/span>2<\/span><\/sup>\u00a0<\/span><\/p>\n There is a lot of solid data to unpick here, and in terms of research into the economics of cyber-security, this study contains a lot of data you can use to drive a complete change in your enterprise\u2019s approach to confronting a data breach and ransomware attack.<\/span>\u00a0<\/span><\/p>\n Firstly,\u00a0it\u00a0is no question that the\u00a0<\/span>financial loss<\/span><\/a>\u00a0is always going to be limited the sooner the attack is detected: this is straightforward. However, because ransomware operators attempt to mass-exfiltrate the organisation\u2019s data to use as public disclosure leverage in efforts to coerce the ransom payment, detecting and stopping that activity will comprise a key cost-reduction factor. This alone should drive\u00a0cyber-security\u00a0investment into the appropriate tools and training for your organisation.\u00a0<\/span>\u00a0<\/span>\u00a0<\/span><\/p>\n Secondly, anyone who has been working in cyber-security can generally apply the rule of thumb that \u201cthe older the IT system, the more vulnerable it is.\u201d For the first time, we now have data to support that assumption, and the near 50% cost of data breach savings by investing and supporting IT Lifecycle management is a number worthy of our attention. Ensuring those older and vulnerable systems are minimally exposed to the internet and protected via MFA, VPN and WAF will help mitigate the exposure. It is highly likely that the biggest increase in organisational cyber-security posture may be the replacement of those vulnerable systems.<\/span>\u00a0<\/span><\/p>\n Thirdly, the conclusion of holding less customer data does seem to equal less organisational risk: that has always appeared self-evident. Now we can quantify the amount: more than 60% of organisational cost savings are realised in a data breach scenario by reducing data sprawl and archiving non-operational data. With less data to steal from your organisation, the cybercriminals will have far less leverage over it.\u00a0<\/span>\u00a0<\/span><\/p>\n So, within your enterprise, who is listening to what companies like Kaspersky and others are saying about the economics of reducing data breach costs? Who can take that data and apply it to your organisation? It is the job of the cyber threat intelligence team to understand the risks, threat models and opportunities for proactive cyber-security recommendations.\u00a0<\/span>\u00a0<\/span><\/p>\n The cyber threat intelligence programme works across the organisation to predict attacks and\u00a0prevent\u00a0them from happening. It identifies and protects the most vulnerable systems and makes recommendations on opportunities to reduce risk by discovering data that is no longer required: these tasks\u00a0form the ultimate proactive cyber-security capability of your organisation, and this work could dramatically decrease the cost of a data breach and ransomware attack.\u00a0<\/span>\u00a0<\/span><\/p>\n References:<\/p>\n Ian Thornton-Trump, the Chief Information Security Officer at\u00a0Cyjax\u00a0Ltd, discusses the necessity of widespread cyber-security investment. From 2015 onwards, the scourge of ransomware attacks on small, medium,\u00a0and\u00a0large enterprises grew at a phenomenal rate and moved from cottage industry to sophisticated operations run from globally connected criminal havens. Since 2012, those of us working in cyber threat […]<\/p>\n","protected":false},"author":9,"featured_media":14515,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[596],"tags":[530,885],"acf":[],"yoast_head":"\n\n