It was in 2018 that the cyber-crime industry became one that was worth $45 billion. This, according to the Internet Society Online Trust Alliance report, was accompanied by more than two million cybersecurity incidents, across the attack vectors of cryptojacking, ransomware, breaches, and business email compromise.
Wrapped within these attacks are trends that are dictating the focus, the extent of, and the intent behind the cyberthreat.
Cybercriminals are no longer hacking to take the data; they are changing it. They are no longer just abusing the poor education of employees to ransom off critical data, they are manipulating it.
The Cyber Security Hub released its survey in May 2019 with the goal of benchmarking where the industry stands today compared with 2018. The survey maps sentiment from executives, looking to what they feel will be the biggest threats and issues on the cybersecurity horizon.
For most, the cloud was considered the biggest threat to security with 85.51% of respondents highlighting it as their top concern for the coming year, closely followed by a resounding 70% concerned about the security talent crisis. There just aren’t enough skilled people to fill the spots opening up at security-conscious organisations.
Invest in your people
“The lack of skills is a challenge for all leadership across all areas of the business,” says Anton Herbst, Head of Strategy, Tarsus Technology Group.
“What’s needed is for the organisation to invest into its existing talent, providing them with training and opportunities to expand their skills so that they can become even more relevant.
“Simply paying more for talent or poaching someone else’s trained security specialist is short-sighted as the loyalty won’t be there. Companies need to invest into their people and create a culture of security awareness and growth. This will make a huge difference in long-term skills retention and security posture,” he says.
While moving away from the urgent need for skills development and back towards the cloud, security is facing some interesting challenges and hurdles over the next six months to a year.
IDC believes that 2019 will be the year that cloud goes mainstream, and that many companies will look to balance their cloud across on- and off-premise to create hybrid, multi-cloud strategies that dodge vendor lock-in and enhance innovation and agility.
Data-driven workloads will also influence companies’ security and cloud investment as the rise in data value is concurrent with the need for robust data security.
What does the research say?
According to IDC, data will continue to be primarily consumed on mobile devices through mobile applications with endpoint security. To that end, 27% of companies will increase their spend on endpoint security in 2019.
The research firm also emphasised the need to ensure that security remained a focus when planning budgets. This has become something of a mixed bag over the past six months as research by IDC and other firms has shown that organisations, in spite of being aware of the volatility of the cyber threat, are not as concerned with security investment as they were in the past.
This is a trend that has also been identified in the recent World Wide Worx “State of Enterprise Security in South Africa 2019” report. Respondents to the survey found that 35% of IT decision-makers were on high alert for a cyber attack and yet, 99% felt that they were confident about protecting the company.
Meanwhile, 45% felt that they didn’t have the skills to protect the company and 77% felt that outdated software was one of their biggest vulnerabilities.
There has to be a shift in conversation where the CIO, the executive and the IT department collaborate on a more cohesive and realistic security posture. The hard truth is that cyberattacks can potentially leave a business out of action for nearly two months; for the smaller business, this can potentially leave a financial scar that’s hard to repair or recover from.
There has to be a deeper sense of responsibility embedded across all levels of the organisation so as to ensure that any breach is met with a unified and swift response.
The biggest threats of the past year
The biggest threats that have affected business over the past year – DDoS attacks, ransomware, and data breaches – have lessened in terms of frequency, but not necessarily in terms of financial damage, while email-based threats have risen by 200%.
This trend piggybacks on the “human error” vulnerability, abusing trust to gain access to business information and funds. There has also been an increase in attacks that manipulate and change data to cause problems or break down trust inside the organisation. This is a concern for any organisation, especially those dealing with sensitive information.
The need for robust security solutions that address the consistently-evolving landscape and that continuously push the employee education agenda has never been more relevant than it is today. Education is critical to minimise the trending costs of business email compromises, ransomware, crypto-jacking and DDoS attacks.
The Internet Society Online Trust Alliance report also revealed one very salient, and concerning, statistic: around 95% of all the reported attacks were preventable.
Do not neglect security
As the South African organisation turns towards increasingly sophisticated on- and off-premise solutions to drive agility, digitalisation and capability, it can’t neglect cybersecurity.
The costs, the potential fines from regulatory bodies, the reputational loss, and the impact on operational efficiency are, to put it mildly, simply not worth it.
Educate, update, evaluate, and start again. That way, your business won’t become another statistic.