Estimated reading time: 5 minutes
Hackers have upped their game and breaches are at an all-time high. Fighting back is exhausting, but it can be done…
Across every vertical, organisations are embracing digital transformation. This is a good thing. For companies, switching away from ‘analogue’ drives costs down. For consumers, digital transformation creates services that are more convenient and accessible.
The downside, of course, is rising fraud and data theft.
Why? Because any migration to digital services widens the attack surface for cybercriminals. Unfortunately, hackers know this well.
Research by Check Point Software Technologies revealed there were 50 percent more cyberattacks per week on corporate networks in 2021 than in 2020. And these attacks affected the entire range of verticals.
Sector Annual rise in spend
Healthcare sector 71
Internet Service Provider 67
Not surprisingly, the cost of defending against these attacks is mounting too. Gartner predicts spending by the information security and risk management market will hit $172.5 billion in 2022. It estimates spend will reach $267.3 billion in 2026. The rise is partly explained by the growing attack surface. As companies make their processes digital, there are so many more areas to defend.
Application Security 12.2
Cloud Security 41.2
Data Security 17.5
Identity Access Management 5.6
Infrastructure Protection 16.8
Integrated Risk Management 12.6
Network Security Equipment 8.9
Other Security Software 9.6
Security Services 9.6
Consumer Security Software 7.4
And so the attacks keep on coming, with all the consequential cost and reputational damage. In 2022 alone, victims ranged from The Red Cross to the Costa Rican government. In July, Twitter confirmed that a breach enabled the attacker to compile (and sell) a list of 5.4 million user account profiles.
Cybersecurity teams are under pressure
Needless to say, the relentless wave of hacks is ramping up the workload of cybersecurity teams. Understandably, employees are becoming overworked and overwhelmed.
According to a 2022 study of more than 500 IT decision makers by ThreatConnect, 50 percent of private sector US businesses say staff issues are creating shortfalls in IT security skills. The report all revealed:
• Senior decision-makers report an average security staff turnover rate of 20 percent
• 64 percent have seen a rise in turnover over the past year
• 43 percent say a lack of skills is the biggest barrier for recruitment
• One in five respondents are considering quitting their jobs in the next six months
• 57 percent of cybersecurity staff have experienced an increase in stress over the past six months
Is this work pressure prompting unhappy staff to attack companies from the inside? It’s hard to say for certain. But there’s no doubt that the number of insider incidents is rising.
On the more ‘innocent’ end, these breaches can come social engineering (phishing scams), poor password hygiene or from employees misusing privileges. Conversely, some employees might succumb to corruption or disgruntlement, and deliberately attack their own workplace systems.
According to the 2022 Ponemon Institute Cost of Insider Threats: Global Report, the total of incidents has jumped by 44 percent in two years. It argues that negligence is a bigger issue that genuine insider criminality and concludes:
• 56 percent of incidents were the result of a careless employee or contractor (average cost $484,931 per incident).
• Malicious or criminal insiders were behind 26 percent of incidents (average cost $648,062).
• Stealing users credentials and data represented 18 percent of incidents (average cost $804,997)
An optimistic view of the future
In 2022, with an unprecedented number of people working remotely, the risk of cyberattack has probably never been greater. For this reason, the pressure is on organisations to take care of their cyber professionals. Security teams should be well-resourced to give them time to monitor threats – and also to mitigate the risk of insider attacks. At the same time, businesses and governments must of course keep data secure.
Still, there is plenty of optimism around. In 2022, the World Economic Forum published its Global Cybersecurity Outlook. It stated its belief that the remote working habit is making enterprises much more aware of the threat – and consequently much more willing to spend on defence.
It said: “The accelerating pace of digitalization due to the COVID-19 pandemic and the shift of our working habits is pushing cyber resilience forward. As many as 87 percent of executives are planning to improve cyber resilience at their organization by strengthening resilience policies, processes and standards for how to engage and manage third parties.”