According to the Global Risks Report 2019, carried out by the World Economic Forum (WEF), cyber-attacks and data breaches represent the most likely risk to businesses across North America. This is followed by terrorist attacks, economic instability and a failure to adapt to climate change.
The threat landscape is continuously evolving, and businesses are become more reliant on technology. Companies are adopting an increasing number of interconnected devices – many of which are portable.
Additionally, more companies are starting to use Artificial Intelligence (AI) which – if not used wisely – may actually increase the risk of a security incident as attackers seek to exploit vulnerabilities in AI systems.
There is also increasing geopolitical tensions, which will inevitably contribute to a higher risk of state-backed cyber-attacks. Such attacks are typically designed to steal, extort or disrupt businesses in the target nation. However, high-profile hacking groups may target a nation’s critical infrastructure and services.
The Cosy of Cyber-Crime
According to estimates by the Center for Strategic and International Studies (CSIS), “the global cost of cybercrime may be as much as $600 billion”, whereas in 2017 global disasters cost around $306 billion. Despite these alarming statistics, businesses and governments are still relatively under-resourced.
Of course, unlike cyber-attacks, which typically involve the theft or disclosure of sensitive data, natural disasters present a much greater threat to human lives, and so it is understandable that charity organizations and government agencies focus their resources accordingly.
That said, if cyber-criminals are able to successfully disrupt critical infrastructure relating to healthcare, energy, food or finance, lives may be put at risk as a consequence. With the continuing growth of the Internet of Things (IoT), we will likely see an increase in the number of attacks on IoT devices. The FBI has recently issued a warning about how the IoT is “chronically insecure and wide open to potentially devastating cyber attacks”, and that these attacks could have “far-reaching national and even international consequences”.
The Way Forward…
According to the following post, “77% of businesses lack proper incident response plans”.
An incident response plan is a crucial element of a company’s cyber-security strategy. It typically involves research, planning and documentation about how the company will identify, contain, investigate, remove, recover and follow-up on security incidents.
While cyber-espionage is undoubtedly a serious threat, companies must be careful not to underestimate the potential damage that can be caused by their own employees. After all, employees pose a bigger threat to cybersecurity than criminal hackers.
Unlike strengthening perimeter defences to stave off malicious intruders, identifying and responding to insider threats requires a data-centric approach. It typically starts with some basic house-keeping, which involves discovering and classifying sensitive data, setting-up and documenting access controls, and then monitoring changes to these controls and the data they guard.
DCAP (Data-Centric Audit & Protection) solutions have come a long way in recent years and provide an invaluable set of automated tools which make the process of detecting, alerting and responding to insider threats a lot easier. For example, they can monitor access permissions, sensitive files and folders, and privileged mailbox accounts in real-time. They can also detect and mange inactive user accounts, suspicious login attempts, and provide automated password expiration reminders.
Companies must also be vigilant in defending their networks against ransomware, which remains one of the most troublesome forms of malware. Most Data Security Platforms using DCAP use “threshold alerting” to respond to events that match a pre-defined threshold condition, such as the bulk encryption of files, which can help to stop the attack from spreading.