Until lately, Governments and Financial firms were primary targets of cyber attacks. Today, with every company now integrating more of their business to the Internet, the threat is now worldwide.
Until lately, Governments and Financial firms were primary targets of cyber attacks. Today, with every company now integrating more of their business to the Internet, the threat is now worldwide. Consider the havoc wreaked by the three recent events. From 2011 to 2014, energy companies in Canada, Europe and the US were attacked by the cyberespionage group Dragonfly. In May 2017, WannaCry ransomware held hostage private and public businesses in telecommunications, logistics and healthcare. In 2017 NotPetya ransomware also attacked major European companies in a wide variety of different industries. In 2018, Meltdown and Spectre were exposed as perhaps the largest threat within cyber of all, the vulnerabilities are not just in the software but also in the hardware too.
Little wonder, then, that organisations now consider a cyber risk to be the largest risk to their company. Executives are submerged by the challenge. The threat is constantly getting worse, as the growth in the majority of industries depends on new technologies such as AI (Artificial Intelligence), IoT (Internet of Things), OT (Operating Technology) and advanced analytics, that will certainly bring all types of benefits but also expose businesses along with their customers to new kinds of cyber attacks that are arriving in new forms.
So what should executives do? The threat is too significant to wait around and the underlying vectors on which they are carried are changing too swiftly. In order to increase and assist their resilience to cyber attacks, businesses must adopt a new position- a calculated, comprehensive and tenacious approach.
The US Government has identified cybersecurity as 'one of the most serious national and economic security challenges they face as a nation'. Globally, the threat from cyber attacks is expanding in both potency and numbers. Contemplate these figures: there are some companies investing up to $500 million on their cybersecurity; globally, more than 100 billion data sets are breached annually. The majority of companies report thousands of attacks every month. These range from very serious to commonplace. Every year hackers produce 120 million new variants of malware. Some businesses now employ 2,000 people to report to the CISO and then they report to the CSO who has an even bigger team. The information that apps most often leak are phone numbers (63 percent) and device location (37 percent) (Symantec).
Nearly all workers now routinely access corporate data from smartphones, and that means keeping sensitive info out of the wrong hands is an increasingly complex puzzle. The stakes, are higher than ever: The average cost of a corporate data breach is a whopping $3.86 million, according to a 2018 report by the Ponemon Institute. That's 6.4 percent more than the estimated cost just one year before.
Whilst hackers are developing their skills, businesses are going digital- and that makes companies more convenient to attack. Assets that are ranging from distribution networks, customer data and new product designs are all now at risk. Using the simplicity of digital connection the digital value chains are growing more complex in order to tie together thousands of people, myriad servers, workstations and countless applications.
Businesses may have a state-of-the-art firewall and the most up to date malware detection software. And they may have a well-tuned security operations and incident response process. However, what about third-party suppliers, which could be the weakest link of a businesses value chain? They could have signed a nondisclosure agreement but can organisations make sure that their cybersecurity is up to date? Cyber attackers entry point can be as small as a Wi-Fi enabled camera that is used to take images at a corporate retreat. In some recent cases of IP theft at media businesses targeted third-party post production services with inferior cybersecurity.
Cyber risk has primarily affected IT in the past. However, as IT grows and more organisations set their production systems up to the Internet, operating technology (OT) is under threat as well. The amount of vulnerable devices are increasing dramatically. In previous years, a large enterprise network might of had 500,000 to 50,000 endpoints; with the IoT, the system expands to millions of end points. Although, the majority of these are older endpoints with no security at all. By 2020, the IoT may comprise as many as 30 billion devices and a lot of them will be outside corporate control. Already, smart homes, cars and smart apparel are all prone to malware. The most expensive component of a cyber attack is information loss, which represents 43 percent of costs (Accenture).
Enterprise Cybersecurity is struggling to keep up with the intense pace of change in cyber risk. There are three main problems:
Throwing resources at the problem: Some organisations try to spend their way to success, assuming the threat will go away if they persuade the high profile hackers to join the business's ranks. However, even the finest hackers don't stand a chance at expecting and fighting off tens of thousands of cyber attacks on millions of contrasting devices in a complex network.
Treating the risk as a compliance issue: Some businesses will introduce new cybersecurity protocols and checklists seemingly every day. However, these types of efforts often bring an undue focus on formal compliance rather than real resilience. Even when all of the boxes on the CISO's checklist are ticked, the business may be no less vulnerable to attacks than beforehand.
To ready global businesses for an age of all-encompassing connectivity, the executives need a more adaptive, more thorough and collaborative approach to cyber risk. Here at SaltDNA we take all factors into consideration to suit your business's needs.
Adaptation is essential: eventually every organisation is going to be affected by a cyber attack. A business's processes, IT, IOT and products must be adjusted and reviewed as cyber threats evolve.
Cyber risk must be treated as a risk-management issue, not an IT problem: It is just like any other complex, non-financial and critical. Key elements of its management include the prioritisation of relevant threats, the determination of a business's risk appetite and the definition of initiatives to reduce risk. Additionality, the organisation needs to put in place a structured approach in order to bring transparency and allow real-time risk management.
If you would like to change your outlook on your organisations cybersecurity consider SaltDNA. We understand the security of mobile communications in today's global business environment is paramount, that's why SaltDNA is built with the features and technology to keep your communications private and compliant.
If you have any questions about this article, please contact us on firstname.lastname@example.org and we'd be happy to assist you in any way.
SaltDNA, ranked in the top half in the Cybersecurity 500, provides a fully enterprise-managed software solution that enables absolute privacy in mobile communications. It is easy to deploy and uses multi-layered encryption techniques to meet the highest of security standards. The SaltDNA Desktop and Mobile apps are intuitive and easy to install and use. The SaltDNA Communication Manager provides a console for tight management of users and can be configured for the management of regulatory compliance. SaltDNA is headquartered in Belfast, Ireland, for more information visit www.saltdna.com.