5 ways companies can protect their data, time, money and infrastructure
Just as the U.S. Department of Homeland Security’s Cybersecurity and Infrastructure Agency issued a “SHIELDS UP” advisory to help protect critical portions of U.S. critical infrastructure from potential cyberattacks, the security industry billion-dollar cybercrime realigned its scope. With heavy law enforcement interference, a shift from critical infrastructure cyberattacks to businesses is expected.
The enterprise attack surface, which is the sum of all entry and exit points, is massive. The use of video and audio conferencing and other digital tools, such as IoT, open source code, cloud applications and social media, has increased tenfold during the COVID-19 pandemic. Companies have beefed up their technology infrastructure to cope with the ramp-up. The amount of data has increased along with interconnectivity. According to a 2021 World Bank report, in 2022, total annual Internet traffic will increase by 50% from 2020 levels, reaching 4.8 zettabytes. This digital ecosystem will make businesses vulnerable to cyber threats and attacks that will create a torrential ripple effect.
Identity and access management (IAM) infrastructure and credential misuse are also primary attack vectors. And zero-day exploits are fueled by the emergence of hacking as a service and new open-source tools that dramatically lower the barriers to creating new malware variants. This combination of malicious intent and ease of development has accelerated the scale of deployed malware, with more than 376,000 threats created per day. Most threats are now polymorphic (self-mutating) in nature, contributing to the rise of one-time, low-cost attacks that bypass signatures, file reputations, and rigid heuristics.
In response to the unprecedented increase in malicious cyber activity, the World Economic Forum’s Center for Cybersecurity has released the Global Cybersecurity Outlook 2022, which outlines the perceptions, concerns and forecasts of more than 120 renowned cyber leaders across the world. Unsurprisingly, the report states that ransomware attacks increased significantly in the first six months of 2021, with global attack volume increasing by 151%. The US Federal Bureau of Investigation (FBI) has warned that there are now 100 different strains of ransomware circulating around the world. An escalation in the number of cyber threats is expected in 2022, including distributed denial of service attacks, ransomware and phishing attacks.
The costs of cybercrime and protection against it are astronomical. Deloitte, the multinational professional services network, reports that 50% of all large companies, those with 10,000 or more employees, spend $1 million or more annually on cybersecurity. Cyber warrior General Keith B. Alexander (former commander of US Cyber Command and director of the National Security Agency/head of the Central Security Service) calls the loss of industrial information and intellectual property through cyber espionage “the greatest transfer of economic wealth from history”. », exceeding the damage caused by natural disasters in one year.
The only way for businesses to protect themselves, their data and their employees from the coming storm is to prioritize proactive responses to cyber risks. Specifically, there are five key tactics they can implement to counter cyberattacks:
- Make cyber resilience and protection a business priority. Cyber-resilient companies activate technologies that can detect and mitigate problems and maintain continuity in a reliable and trustworthy manner.
- Train and prepare all staff. Phishing, spear phishing and smishing attacks, which use emails and text messages, are the most common ways to hack into a company’s system. Untrained or unknowing employees are open invitations to attack.
- Consolidate your physical security infrastructure. Physical security and cybersecurity can be targeted and compromised separately or simultaneously to bring down a business, but they are often treated as separate divisions or entities.
- Conduct regular security audits. To mitigate internal biases, which can lead to shortcuts or overlooked issues, companies should work with third-party vendors for security audits. They provide insight into the performance of specific technologies and can identify security vulnerabilities.
- Adopt AI-powered cybersecurity solutions. Malicious actors, including hacktivist groups, lone wolf hackers, and state-sponsored cyberwarfare units, are becoming increasingly sophisticated in their efforts, continually devising new forms of cyberattacks like crypto-jacking, malware attacks on the Internet of Things or smartphones, and cross-site scripting. By leveraging machine learning (ML), businesses benefit from real-time monitoring and detection of security threats, which can prompt prompt action. Low-profile cognitive endpoint agents learn common device behavior patterns so they can be analyzed for anomalies without affecting user experiences. These artificial intelligence technologies prevent zero-day and polymorphic malware attacks, such as the malicious computer worm Stuxnet, the banking Trojan called Ursnif (also known as Gozi), the Windows worm virus Vobfus; and Bagle, an email worm; as well as advanced hiding techniques such as documents, scripts, macros and memory injection attacks.
As long as cybercrime remains profitable, it will continue. Today, extortionists, as well as those who engage in fake auctions, identity theft, and the sale of PII (personally identifiable information) such as credit card numbers, social security numbers and account passwords, bring in $1.5 billion a year. By remaining vigilant against it, companies will protect their data, time, money and infrastructure.