In a digitally connected, agile business environment, mitigating the risks associated with cybercrime is an evolving science. Data protection and reducing cybercrime impact have become one of the biggest challenges your company will have to overcome going forward. Research shows that the global cost of cybercrime is approaching $600 billion every year.
From the start of 2020, the FBI noted a spike in cyber-incidents reported to the Internet Crime Complaint Center (IC3). Although the latest increase in cyberattacks is due to the global pandemic, cybercrime was already on the rise over previous years.
Establishing an effective data protection plan is critical to ensure that your information remains secure. In this blog, you’ll find out more about how cybercrime is impacting businesses, the latest tactics used by criminals, and recommendations for how to better protect your IT environment.
Understanding the Current Cybersecurity Landscape
Cyber threats continue to evolve, often at a faster pace than organizations can respond. Modern attack vectors use sophisticated exploits to penetrate networks, and in most cases, attempts are motivated by purely financial incentives. The drive for digital transformation also increases the complexity of the company’s threat perimeter.
Adoption of Infrastructure as a Service (IaaS), Platform as a Service (PaaS), and Software as a Service (SaaS) can help your organization scale operations and reduce resource costs. Still, a lack of expertise from security teams could create gaps in your perimeter. Even after the COVID-19 pandemic, the International Data Corporation (IDC) predicts that IT spending on digital transformation initiatives will grow by 10.4% in 2020 and reach $1.3 trillion. Mitigating the risks associated with deploying new and emerging technologies will require similar growth in IT security spending during the medium-term.
Tracking Small & Medium Enterprise (SME) Trends in Data Protection and Cybersecurity
A survey of 400 companies with workforces ranging between 250 and more than 1000 employees had some interesting results. Some of the key findings were:
- Although 56% of respondents had suffered from a significant security incident (including cyberattacks and data breaches) over the last 12 months, 97% believed that high-value information remained well-protected.
- A lack of detection capabilities, cloud security, and endpoint protection hampered the ability of 40% of respondents to minimize the risks associated with attacks.
- The vast majority (87%) are planning on increasing data, information, and network security spending in the next year (with an average increase of 22% reported).
- While only 13% of companies reported a lack of security resources in the organization, 78% of respondents cited a lack of expertise and skills as a concern.
From the above, you can note that an evolving threat landscape, adoption of new technologies, and a lack of experience is what puts most companies at risk. These challenges are by no means a contemporary problem, but the way organizations reacted and worked to improve their cyber response is yielding results.
Organizational Data Protection and Cyber Resilience Improvements
The latest data shows that the C-Suite is taking information and data security seriously at last. More companies are cognizant of the risks involved when opting to deploy new technologies or enabling agile workforces. Organizations moved quickly to shore up cyber defenses to limit damage to the brand, reputation, and business continuity.
Measuring Improvements in Organizational Cyber Resilience
Research from Accenture shows that leaders are aware of the risks from cybercrime and are working to improve data security in all organizations. Innovations in cybersecurity and increased spending on improving data protection can help your organization weather the risks posed by cybercrime.
From the latest Accenture State of Cyber Resilience report, you can see:
- Companies continue to increase spending in security innovation, with 10.9% of IT costs going to cybersecurity initiatives.
- A decrease in breaches of 27% shows that organizations are responding to direct threats effectively.
- The costs of preventing an attack are becoming unsustainable, according to 69% of organizations.
While more companies are working to shore up cybersecurity, attacks are still succeeding. It could be an indication that investment is failing, although the risk is clearly understood by decision-makers.
Knowing Your Enemy: Attack Types and Perpetrators
The tactics used in cyberattacks continue to grow in sophistication, but the bad actors may not be highly skilled individuals. Phishing kits and malware deployment tools are commonly available on the Dark Web. It enables criminals to start a career in cybercrime without spending years learning about the intricacies of network and IT security.
According to Verizon’s Data Breach Investigations Report (DBIR) for 2020:
- Hackings were only featured in 45% of breaches.
- External actors perpetrated 70% of breaches while organized groups were responsible for 55%.
- While 30% of breaches originated from internal actors, only 1% involved multiple parties or partner actors.
In the same report, it showed that 72% of attacks targeted businesses, and 58% suffered a breach that compromised personal data. The vast majority of cybercrime attacks (86%) were for financial gain, and 27% utilized ransomware.
Common Points of Failure and Data Protection Recommendations
Rising sophistication in the IT landscape and the complexity of threat detection algorithms can seem like an impossible challenge. The truth is that most breaches occur due to your organization failing at the fundamentals of cybersecurity. Threat response overload is putting your business at risk, but reducing attack paths remains vital to ensuring your data is adequately protected.
Hardening IT and network security requires the following fundamentals:
- Identifying the information that hackers and criminals will value the most and increasing data protection around these applications and systems.
- Deploy security systems that use the latest available techniques, including encryption, network segmentation, tokenization, rights audits, and remote wiping technologies.
- Stage the modernization and transformation programs of legacy technologies to avoid overwhelming your security resources.
- Update and patch all business systems regularly and deploy endpoint security on all devices connecting to your networks.
Mitigating the Risks of Cybercrime and Improving Data Protection with Endpoint Security
Your organization will have to remain vigilant to protect your company’s valuable information. By getting the fundamentals right and ensuring your employees comply with your data protection plan, you’ll be able to reduce your attack surface and decrease the gaps in your perimeter. Growing trends like Bring Your Own Device (BYOD), inadequate IoT security, and changing deployment methods for IT infrastructure presents a significant risk to your organization.
Using biometric-enabled 2-factor authentication can secure endpoint devices with Fast Identity Online (FIDO) compliant fingerprint scanners. Synaptic biometric identification and authentication devices can help protect endpoint devices. Choosing the right solution for your workforce requires additional consideration like encryption, ease of use, and integration with your technology stack.
Kensington remains committed to helping organizations protect information and empower workforces with solutions that promote security, keep staff healthy, and enable efficient operations. With the right set of solutions, you can reduce your attack perimeter and protect critical business systems whether your staff is working in the office, from home, or while traveling.
You can find a complete list of Kensington’s hardware security solutions that help you protect your data in our solutions catalog.