In 2018 alone, cybercrime was a $45 billion industry. Yes, you read that right. And 2020 is already projected to be much, much more expensive for organizations.
The cybersecurity landscape evolves every year, which means you need increasingly updated defenses to protect against current and trending attacks. Phishing, social engineering, ransomware, and denial-of-service (DoS) attacks continue to plague the security and integrity of corporate systems, and the damage done from data loss costs U.S. organizations an average of $8.19 billion.
Most successful attacks are preventable
Numerous challenges add to the difficulty of architecting and deploying the right cyber-defenses. Skilled labor is expensive, tight budgets limit the amount of infrastructure used to defend organizations, and cybersecurity equipment requires constant maintenance, monitoring, and updates. One break in the chain of defense and the entire network of data resources could be exfiltrated by attackers.
Because of these challenges, organizations often make the critical misstep of being reactive when it comes to cybersecurity, rather than being proactive.
Phishing and ransomware attacks increased significantly from 2017 to 2018, and are expected to intensify in 2020. Ransomware’s monetary damage shot up from $5 billion in 2017 to $8 billion in 2018, making it one of the most dangerous malware attacks in the wild.
Many ransomware attacks start with phishing, so user training and better security controls are among the best lines of defense against these attacks. Email filters, disabling SMB, cloud backups, and better monitoring all help alleviate the effects of ransomware. That said, providing better user training can limit exposure at the heart of the issue: human error.
Financial motives drive attacker persistence
The latest Verizon Data Breach Investigations Report confirms that the main goal for attackers is financial benefit. In 2017, about 75% of attacks were for monetary gain, while an estimated 20% were corporate espionage. About 80% of threat actors were external, so organizations should focus on hardening cybersecurity at the perimeter, as well as instituting internal monitoring and logging suspicious events that occur on the network.
Organized crime and state-affiliated attacks constituted the majority of attacks. And while attackers tend to focus on big payouts, small businesses shouldn’t consider themselves safe just because they’re smaller. Hackers know that SMBs often don’t have the funds or resources to protect from advanced attacks, so they’re often considered easier targets.
Financial and healthcare industries are among those with the highest risk
Another cybercrime trend is a change from random automated attacks to targeted data breaches. An estimated 5,000 websites per day were targets for attacks, mainly on shopping cart systems. However, attackers know that the financial and healthcare industries have the highest risk-versus-reward ratio.
For example, earlier this year state-sponsored attackers breached Bank of Chile’s ATM system and stole $10 million. Last year, North Korean attackers infiltrated Cosmos Bank in India for $13.5 million. These attacks aren’t limited to just financial institutions. Attackers can use vulnerabilities in shopping cart systems implemented by major retailers. In 2018, a vulnerability in Magecart left 50 million NewEgg customers open to credit card theft.
Cybersecurity is critical for business continuity
Being simply reactive to cyber-incidents could cost an organization billions in damages. Having the right infrastructure, user training, monitoring, and human resources will only increase in importance in 2020.
No cyber-defense is 100% effective, but it can help mitigate damage and reduce the amount of time an attacker stays on the network and the data that can be exfiltrated. Enacting the right defenses and being proactive in terms of both your own education and training your team is one of the most important investments you can make in the long-term success of your organization.