A war waxes and wanes, so they say, but the war in cyberspace between enterprise and the criminal fraternity has taken on a fairly linear trajectory. Very unfortunately, it’s been a downhill one, where the majority of modern businesses can expect to suffer some form of attack or infiltration in 2020. Criminal activity online has taken a substantial and quantitative leap forward during 2018 - 2019, demanding tight security from enterprise going forward.
Worse still, attacks documented in 2019 carried a median cost associated with overall losses of some $369,000, up from the previous posting of around $229,000 according to Hiscox’s Cyber Readiness Report of 2019. Until now, it was possible to find business owners who had never experienced a cyberattack or even a phishing attempt. Perhaps a new generation of black hatters is swelling the ranks, making for thin pickings, thus compelling all to spread the net. For whatever reason, cyberattacks seem to be heading for saturation, after years of notable, unwelcome-yet-still-moderate statistics.
Cyberattacks are on the rise in London, and there are other hot spot countries when it comes to online criminality’s favourite targets. The latest figures, gleaned from 5,400 companies who shared information for the Hiscox report, show that Belgian companies are unfortunately the most common targets in the world, while US companies are the least likely to have suffered an attack.
Cybersecurity has evolved, and it’s important to remain current
According to other figures, during 2018 enterprise experienced a 350 percent rise in ransomware attacks and a 250 percent rise in business email compromise (BEC) attacks. Spear-phishing (which involves a more targeted phishing attempt on a specific enterprise or its staff members) has risen by 75 percent. This last statistic is particularly worrying, as it involves a more determined cybercriminal who’s done some homework before targeting a company. In particular, companies that have large external supply chains, overseas suppliers, or simply a regular practice of paying suppliers online (who doesn’t?) are experiencing a far greater volume of spear-phishing attacks.
The term endpoint security has become a current watchword, and it’s the logical response to a more decentralised work arena. Essentially a centralised strategy that ensures the integrity of each and every device logging into a company’s network, it expands office cybersecurity to follow people wherever they choose to work, or on whatever device. Servers and PCs, tablets, smartphones and IoT devices of any kind that company members employ to access the main database are endpoints, and the modern firewall has recognised the need to ensure such points of operation are super secure as a basic component of cybersecurity.
The criminal fraternity is turning its eye towards end users in a corporate system - the staff - and targeting individual devices of (often) those in accounting who effect payments, or those peripheral to the payment process who might request a payment when duped into doing so.
Spear-phishing attacks often show a remarkable degree of sophistication, where it’s obvious the crooks have monitored the company’s behaviour for some time. Names of suppliers, supplier invoice details, payment methods and other crucial information allow them to present phishing attempts as nothing strange, but merely a common event in a normal day in the office. Through a combination of cheek and recognisable data - the correct data is employed to present a fake invoice or other false request for access - phishing far too often succeeds.
Indeed, end point security is nothing but a logical approach to managing BYOD adoption worldwide. As if you couldn’t tell, BYOD stands for “bring your own device” and, in an era of massively expanding remote work and the rise of the gig economy, maintaining security between the host of personal devices now logging into a company’s server has proven critical.
As cyberattacks increase, business appears to be lagging
One alarming fact gleaned from the Hiscox report is that while “expert status” enterprise readiness was never high at 11 percent, it dipped in the latest report to 10 percent. This shows that business has allowed a little complacency to sink in, precisely at the time when cybercriminality is in a growth phase. This is a statistic that bodes ill for future data and financial management.
It’s always easy to dismiss risks and threats until they manifest. The IT support community still encounters many companies who have never suffered compromise online, and who thus feel content with dated or lax security at play. Those will be the open doors through which crooks walk right in during 2020. It’s only a matter of time before such complacency will be rewarded with shock and loss going forward.
Losses for smaller companies averaged $9,000, an increase of 200 percent from earlier figures of around $3,000. Alarmingly, 65 percent of all firms have had cybersecurity issues in their own or their supply chain operations - a huge and unwelcome jump in the stats.
Cybersecurity budgeting and implementation
Across the board, the average spend on cybersecurity is a whopping $1.45 million, and the sampled companies in the Hiscox report had increased their pace of security spending, too. However, staying secure online doesn’t have to bankrupt smaller businesses, and cybersecurity is more a matter of good planning and committed monitoring than heavy spending.
That said, cybersecurity does begin with a budget. Gone are the boardroom meetings of yore, where the very necessity of a security budget was still debated. Today, enterprise needs a sufficiently funded and mapped security system to safeguard its assets. As long as a budget covers all gateways (principal servers, other storage and endpoints) and is able to enact 24/7 monitoring - in other words, there are no tech or time gaps in the firewall - companies can feel sure that they’re staying ahead of crooks.
Implementing online security results in a mostly automated and unseen process, yet that auto function does need constant monitoring and other maintenance that serves as a second tier of security. A well-planned cybersecurity approach will inhibit any spurious attempts online, but also reveal possible weaknesses, attempted hacks and areas for future concern. As new approaches or malware emanate from the dark community, patching and other tweaking keeps the system current.
This human monitoring and maintenance of cybersecurity becomes a security practise in itself, and grants business the ability to both feel secure and also know that their security is active from day to day. It’s been checked, is being checked, and remains current. There’s a technical, critical eye looking at everything, with the full understanding of just what the criminal fraternity is capable of.
In an era where the diversity of businesses targeted, and the frequency and sophistication of attacks are increasing, developers are also meeting enterprise in the marketplace. Comprehensive firewall packages dot the landscape, are well-priced, and the modern cybersecurity kit can also be endlessly personalised to individual companies’ needs. Staff training on the basics of online security, protocols to deal with fake or unsolicited mails and other incoming communication, as well as a comprehensive firewall, will safeguard business going into 2020. In the coming months, it’s going to be more necessary than ever before.