Cybersecurity has been a priority for businesses for many years, however, even with investments in security processes and technology, cyberattacks are commonplace across all industries. Evaluating incidents over the years, cybercriminals have been keeping busy honing their craft, resulting in cybersecurity incidents increasing across the board. It is not only the rise in the number of incidents, but the perpetrators have also become more sophisticated, adapting swiftly and targeting victim companies more effectively.
Given the increase in attack sophistication over the years, it is imperative to establish new rules of the road for risk management and cyber fraud prevention. One needs to keep in mind that the ‘bad guys’ operate as a business. They are organized, tenacious and constantly augmenting their methods. Their objective is to make money whilst expending the least amount of effort in the shortest time.
Challenges in cybersecurity
There have been many challenges in people’s ambitions to achieving a more secure digital environment. Recently, the major challenge has been the global pandemic and the subsequent necessity to alter work and operational processes. The new vulnerabilities that emerged from shifting to a remote workforce have enabled hackers to exploit employees from home offices.
The COVID-19 pandemic has given cybercriminals a unique window of opportunity to play on human defenses. The US Federal Trade Commission received 1.4 million reports of identity theft last year, double the number from 2019. With remote workers less cautious, and as a result, more vulnerable outside of their organizations’ network perimeter, and the plethoric adoption of web- and cloud-based applications, cyberattacks have become more common and much more dangerous. Data leakage continues to be a significant blind spot for businesses and now we are stretching our perimeters by working remotely.
Not only this, but the cost of breaches has also consistently risen over the last few years. Considerable investments have been made to strengthen security postures. Despite all the efforts into protecting systems and data, cloud breaches are likely to increase in both velocity and scale. Google registered 2,145,013 phishing sites as of January 17, 2021. This is up from 1,690,000 on January 19, 2020 (up 27% over 12 months).
The state of cybersecurity readiness
While businesses know cybersecurity is a major concern, many of them are not prepared to tackle the increasingly sophisticated ploys of cybercriminals. Nearly 80% of senior IT and IT security leaders believe their organizations lack the necessary protection against cyberattacks, despite increased IT security investments made in 2020 to deal with distributed IT and work-from-home challenges.
It’s staggering, yet somehow not surprising that 20% of organizations worldwide have no plans when it comes to protecting themselves against cybercrime events.
These stats reveal that there are gaping holes and vulnerabilities in business networks for cybercriminals to extend their attack strategies.
Financial institutions must take a proactive approach
Financial services organizations and other businesses that are responsible for the security of customer financial data need to be agile and vigilant in their cybersecurity efforts. The high value of financial data, including Social Security numbers, banking details, and more, makes them a lucrative target.
It is interesting to note that financial firms are not breached as frequently as those in other industries such as healthcare. However, when they are breached, the incidents tend to be much greater and more detrimental than those experienced by other industries. For example, even though 7% of breaches in 2019 occurred at financial services companies, 62% of all records leaked in that same year were from financial organizations.
Managing risk and strengthening cyber fraud immunity
Businesses have made strides to address rifts in security processes, by integrating cybersecurity into business operations and IT infrastructure, however, there is still an enormous volume of work to be done. Bolstering security postures is a complicated and continual task.
An important step towards this complex undertaking is to study the latest stats. Cybersecurity statistics have an empirical value as they can point to gaps, growing threats, and alert to trends. The challenge, however, is to translate the data into practical and agile risk management strategies to be able to better protect ourselves. The alarming cybersecurity statistics for 2021 are a call to take the risk management mission more seriously.
Organizations need to prioritize investing in security solutions that help reduce the risks and plan and test an incident response plan to help ensure the business is resilient to high-risk attacks. A good practice is to engage security specialists to use the same techniques as the ‘bad guys’ to see if they can bypass the controls. Businesses need to ensure they have a trusted backup of their key systems and have tested and practiced recovery plan from if those systems were compromised.
Another important, but often overlooked way of safeguarding against cybersecurity assaults is through education and teaching employees to be better aware of safe computing practices. You should conduce “tabletop exercises” to test how your business would respond to a cyber-incident, not just how your IT department would respond. Also, ensure the staff knows how to identify and where to report a potential incident.
Thanks to the current macroeconomic factors, every business these days is a technology business due to the digital transformation. The world will store 200 zettabytes of data by 2025 on private and public IT infrastructures, cloud data centers, on personal computing devices, smartphones and on IoT (Internet-of-Things) devices. This is the reason cybercrime will cost the world $10.5 trillion annually by 2025. We must accept the reality that things will go wrong, but when they do, the impact can be minimized through education, rapid detection, response and recovery.