This isn’t the first blog you’ve read about cybersecurity, and it won’t be the last. With security breaches increasing 67 percent over the past five years and the average organization’s cost increasing from $1.4 million to $13 million for every breach, cyber defense is top of mind for businesses of every size and industry (Accenture).
Consider this: one in five cyberattacks comes from inside the organization (Cybraics). Yet, most cybersecurity tools only address external threats. That’s an unacceptable defense gap, but one that can be reduced significantly with a comprehensive strategy to combat attackers. Regrettably, many organizations take a one-sided approach to cybersecurity.
Cybercrime is nothing new, but four types of threats stand out in 2019:
These threats pose new challenges to businesses because they often manifest internally. Let’s review these threats and the tactics that will shape cybercrime in the coming years.
Vulnerabilities are easier than ever for cybercriminals to exploit. Even amateur hackers can carry out sophisticated attacks by simply purchasing cybercrime “toolkits” for as little as one dollar on the dark web (Cybersecurity Ventures). Hacking tutorials, DDoS-for-hire services, and remote access Trojans require little technical know-how and are easily available for anyone with access to a search engine—no wonder 61 percent of hackers begin before the age of 16 (ZDNet). The point is, the threat can come from anywhere, be it a foreign government’s cybercrime division or a high schooler typing on a keyboard sticky with toaster strudel residue.
An increasingly popular access point for cybercriminals is web applications. As businesses build out their digital capabilities to bolster their customer experience, they also create opportunity for cross-site scripting (a method of adding malicious code to legitimate websites). It’s a pervasive problem; 94% of websites have a high-severity web application flaw that can be leveraged to plant a rogue chat bot (GeekWire). Imagine the damage done when a customer visits your site and their first contact point with your company tries to steal their data or dump malware on their computer. That’s why it’s crucial to develop your web apps with a clearly defined process emphasizing quality assurance and testing.
Remember when hackers stole 40 million credit card numbers from Target? The breach didn’t come from a phishing email or malware, it originated in the retailer’s supply chain. Cybercriminals used stolen credentials to break through a vendors’ billing system, enabling them to access Target’s own customer data. The key lesson? Cyberattacks can originate inside the organization, too. Take precautions to ensure your partner and vendor network is secure, while carefully managing internal employees’ access to encrypted storage. Breaches from inside your business can be caused by actions as simple as user error, or they could be as malicious as intentional data theft. Don’t take any chances.
As businesses leverage the Internet of Things to connect their workforce and improve customer engagement, they open up holes in their defenses. Bring Your Own Device (BYOD) policies are trending, but security professionals know them by a different name: Bring Your Own Disaster. Managed and unmanaged devices in a mobile workforce network are susceptible to attack, and only 15% of security professionals surveyed had an inventory of the IoT devices connected to their systems (Ponemon Institute, Second Annual Study on The Internet of Things: A New Era of Third-Party Risk). Building out these inventories and vigilant monitoring of suspicious activity can help mitigate these threats. If you want more than a bandage, consider a security partner that can focus all of their energy on locking down your device network.
Companies of all sizes are equally exposed to cyberthreats, and they can leverage many of the same tactics to shore up their defenses. Smaller firms can create their own security operations center to keep security scalable as they grow.
Meanwhile, external forces are changing how all organizations approach security. The European Union’s GDPR (General Data Protection Regulation) has already forced international companies to change their policies, and experts predict the U.S. will pass its own version of the regulation, pressuring domestic companies to proactively adapt to new standards.
Moreover, the demand for qualified cybersecurity professionals is outpacing the workforce; an estimated 3.5 million cybersecurity jobs will be available but unfilled by 2021 (The New York Times).
Cybercrime is the greatest threat in modern history. Every day hackers, terrorists, and nation states are looking for new ways to infiltrate and attack corporations around the world. Pyramid Consulting helps our partners fortify their businesses with a full spectrum of cybersecurity solutions, implementations, and approaches. We start with an evaluation of your people, process, and systems and provide recommendations in each area to boost your security team ROI. Partner with Pyramid Consulting for proactive solutions not only to mitigate existing threats, but to prepare for future ones as well.