Published on June 12, 2018
For today’s businesses, data is as valuable as cash or physical inventory. This mentality has thrust information security safeguards into the spotlight as the world continues to grasp with the never-ending battle against cyberattacks. In fact, 67% of Chief Information Security Officers believe their companies will fall victim to an attack or breach this year.
Ransomware is the posterchild for information security gone wrong, and rightfully so; the global cost of ransomware will hit $11.5 billion per year by next year with a new ransomware attack hitting a business every 14 seconds. However, ransomware is only representative of a new era of increased and varying attacks requiring the attention and resources of every company.
Points of Access
Any breach or transfer of information means hackers had a way in and data had a way out. It’s common sense, but it’s surprising how few companies are able to locate the point of access during or after an attack. These can include IoT devices, employee cell phones, the network, emails, WiFi, the cloud, websites, employee portals, out of date programs, weak passwords, and much more. It requires dedicated talent to leave no stone unturned, and cybersecurity talent is arguably the hardest kind of technologist to find.
Even inside 96 government agencies that were surveyed, 71 were found to be relying on cybersecurity programs deemed “at risk or high risk.” Part of this is due to human error with rapidly evolving phishing attacks that don’t require the downloading of a file and are harder to spot as fraudulent. CISOs believe there is a 65% chance they will experience credential theft due to an employee falling for a phishing scam. With so many different points of access and given the fact that even government agencies cannot keep up, it’s clear any business faces a challenge safeguarding their information in 2018.
It’s More Than Ransomware
Ransomware is ripe for headlines because it sounds like a spy movie: data is taken hostage, a massive sum is requested, and vital information is at risk of being destroyed. Despite the billions lost to high-stakes ransomware attacks, the cost of cybercrime damage as a whole will hit six trillion dollars by 2021. That is the staggering bigger picture of what’s at stake.
Data doesn’t have to be held hostage for cybercriminals to profit from it. Look at the epidemic of synthetic identity theft and the massive Equifax breach of 2017. Other notable attacks include Meltdown, Spectre, Dyn DDoS, and countless others. Some of these attacks tricked security measures into working against themselves, others used vulnerabilities between applications and memory storage, and more capitalized on unpatched operating systems.
The frequency of these events is increasing so quickly that zero-day attacks, or cyberattacks exploiting an unresolved vulnerability, are expected to happen once per day by 2021. For hackers, the window of time from a vulnerability opening until the time it is caught and closed is what makes their attacks possible. Businesses are responsible for not just stopping those vulnerabilities from appearing in the first place, but for also detecting and closing them as quickly as possible. That can only be done with the right technologists in place.
Prevention Requires Talent
Information security measures, policies, and strategies are underdeveloped in many companies, and the reason is the lack of available cybersecurity talent. After all, plans for the most innovative safeguards can only become a reality with the right team to implement them. It’s estimated within four years there will be 265,000 more data security roles than qualified technologists, making it even harder to be proactive in preventing attacks.
Taking a deeper look at this drastic skills shortage, 70% of CISOs cite “incompetent in-house staff” as their number one concern and 65% say this is the top reason they are likely to encounter a data breach. In short, cybersecurity talent is a red-hot tech skill for the foreseeable future. That drastically affects salaries for high-profile roles such as Information Security Analyst which can further complicate the landscape of hiring in cybersecurity.
Evaluating Information Security Safeguards
Even the smallest data breach that is responded to promptly and appropriately can be a PR nightmare for any company. People are scrutinizing the trustworthiness of those they do business with more than ever and expect their information to be secured. It’s imperative for organizations to invest in the technologists who can successfully implement information security safeguards and prevent ransomware and all other forms of attack. 2018 has ushered in a new age; it’s time to prepare accordingly.