Defense specialists and cybersecurity professionals alike speculate that modern fighter jets face more of a threat from hackers and malicious code than they do from conventional means of warfare. It stands to reason that if cyberthreats are so daunting from a military perspective, they’d be at least a little intimidating for your average citizen.
And so, it is. Cyberattacks have grown to become a multi-billion dollar drain on the economy. Threats in 2020 were estimated to have cost businesses upwards of 20 billion dollars (more than the sum of the totals of 2018 and 2019 combined) and this number is only expected to rise in the future. With the dawn of IoT and the hybrid workspaces, the potential cost of a cyberattack is now substantially greater, in terms of both scope and ferocity.
While Senior IT and Tech professionals were found to lack confidence in the corporate sector’s ability to defend itself against these threats, attacks themselves saw an almost unprecedented surge. Malware attacks tripled in number between 2018 – 19 and ransomware attacks quadrupled, while nearly 80 percent of tech executives reported a lack of confidence in the corporate sector’s preparedness for these threats in a survey conducted earlier in the year.
With employees returning to their workplaces around the world, IT as a function has evolved rapidly to meet the needs of a pandemic-ridden global workforce. With the vast majority of office-goers expected to be completing at least part of their former duties remotely, the need for a secure environment has never been direr. Where a company could once rely on locally-housed, externally inaccessible servers to secure themselves, systems today are spread thin, with every home, every router, and every phone being a point of entry, and thus a potential point of compromise.
Let’s look into a few threats that companies need to be on the lookout for and what a potential attack could entail:
Ransomware and the point of compromise – Loss of data and credentials
When systems are connected to the internet, they become potential targets for a variety of cyberthreats. While you might picture a compromised system as one that starts blaring alarms and displays warnings, your most dangerous threats are from snippets that sneak in undetected.
The original breach could be disguised as something as innocuous as a single employee receiving an email from a long-lost friend. Simply opening this email could bear tremendous consequences for the entire organization.
By hopping from system to system through address books and network traffic, this code can find its way onto the majority of your system before triggering an event, and when it eventually does so, a company could lose access to half its customer data.
This ‘event’ will often be followed by correspondence from a malicious party demanding payment in return for restored access. This is what is known as a ransomware attack, and you might have heard of the term a few years ago. Ransomware attacks saw a sudden explosion during 2016 but had become less popular overtime. They saw a resurgence last year (recall that we mentioned them quadrupling between 2019 and 2020) and are now one of the most prominent threats in the cybersecurity domain. Did you know that half of all companies that fall victim to ransomware end up paying the ransom, and that the average cost of a ransomware attack is a staggering $234,000 dollars? Those are frightening numbers.
And it doesn’t end there. Ideally, your data is encrypted to the point where it can’t be ‘stolen’ per se, just ‘held captive’. In this scenario, a hacker may be able to deny you entry, but they can’t get to the contents of the data itself. But that’s an ideal scenario, and more often than not the hacker will be able to extract your data and sell it off to the highest bidder to supplement their income. A business suffering from such an attack on their customer data, for example, will not only lose the trust of every customer whose data is compromised, but also hundreds of thousands of dollars in potential sales in the form of leads.
The Internet of Things has made it so that every other device in today’s households connects to the internet. Because these devices often offer only very limited functionality, their design process doesn’t include much cyberthreat consideration. It doesn’t matter much if your digital wall clock is hacked into displaying the wrong time, after all.
Except that it does. The “smart” device that is compromised could allow remote access to your local network where programs and data can be accessed. Basically, once a device is compromised or has a vulnerability that is exploited, it plays a key role in launching an attack.
Phishing is still the most prevalent means of compromise and is the only type of social engineering technique that “from home” workers are susceptible to. Social engineering refers to ways in which cybercriminals deceive end-users into giving away vital or sensitive information. A potential victim will receive an email or text from a domain that sounds almost legitimate (something like email@example.com), asking them to click a link or confirm their credentials. If the victim accepts, they’ll have willingly given away critical information to someone who could use it to inflict harm.
A simple anti-virus just doesn’t cut it
When it comes to threats like phishing, potential victims can avoid being compromised by just being mindful. But this is not the case for all threats.
The majority of threat prevention and detection practices have to do with securing and instilling oversight upon the identity and access management domain. This means managing and securing credentials to ensure that no one can access them and utilizing techniques like multi-factor authentication to ensure that systems aren’t susceptible to a single point of failure.
This is why simply investing in an antivirus or firewall alone, or other similar software, simply doesn’t cut it anymore. Critically, any software can only secure the machine it is installed into, and even then, it can only manage security with respect to that machine.
A cybersecurity firm, meanwhile, can build you a solution, from the ground up, that is tailored to your business needs. This process invariably starts with a cybersecurity audit of your company, to assess your current preparedness and your greatest vulnerabilities. Then it’s a matter of meticulously securing each endpoint and compliance and/or governance issue to arrive at a system that is robust enough to handle the threats of tomorrow.
As cyberattacks become more and more nuanced and personalized, so to must our means to defend against them. This is why tomorrow’s cybersecurity solutions must evolve beyond a single software or software suite, and involve the same kind of attention-to-detail that hackers are investing into designing their tech. In a clash between two multi-billion-dollar industries, cybersecurity and cyberthreats, wouldn’t you want to come out on top?