The Cybersecurity Apocalypse: How to Protect Your Business from Cyber Attacks
ESI ThoughtLab and WSJ Pro Cybersecurity recently teamed up with a group of other thought leaders to bring us The Cybersecurity Imperative, a rigorously researched reportthat continues to raise the alarm that cybersecurity is the most important security priority we face today and heading into the next few years.
U.S. Homeland Security Secretary Kirstjen Nielsen, reiterates this: “We are facing an urgent crisis in cyberspace. The CAT 5 hurricane has been forecast, and we must prepare.” According to the report, cybercrime will be a $6 trillion annual expense worldwide by 2021, exceeding the GDPs of both the UK and France.
One overarching security challenge is the dearth of shared best practices and benchmarking among governments and corporations on how to prevent and how to survive a cyber attack. This interactive report seeks to remedy that, and this post distills the most important and actionable information for your use:
1. Beware of Digital Backlash: Companies adding new technology, using open platforms or connecting with partners and suppliers open up new channels for hackers to disrupt faster than they can be secured. Firms are already battling malware (81% reported this), phishing (64%), ransomware (63%), viruses (62%) and app attacks (62%). In the next two years, new issues will arise through customers, vendors and partners’ channels (+247% from them and +284% to them); supply chains (+146%); denial of service (+144%); apps (+85%) and embedded systems (84%).
With the digital backlash coming from technology growing faster than our ability to secure it, the chances of a major cyberattack, which racks up over $1 million in losses, are much greater. Enterprises with stronger cybersecurity measures in place can expect to weather a 17 percent chance of such an attack; whereas less sophisticated systems face a 27 percent chance.
“A new piece of malware is released every day within 4.2 seconds. One of the problems that CISOs face is how to combat the sheer volume of malware bombarding us.” Vali Ali,VP, Fellow, and Chief Technologist –Security and Privacy for Personal Systems, HP
2. Watch the Insiders: It’s the internal threats that are most insidious. External issues like unsophisticated hackers, cyber criminals and social engineers do pose problems for firms. However, 90 percent of firms believe that untrained general (meaning non-IT) staff are their biggest liabilities. More than 50 percent think that partner and vendor data sharing will be their biggest vulnerability. Onboarding of new technology and shadow IT projects are also attractive hacker entry points and ripe for insider mistakes. Meanwhile, lack of training is rampant. Less than 20 percent of global companies have adequately prepared their staff and partners for these inevitabilities.
3. Consider Boosting Your Cybersecurity Budgets: Fortunately, many firms are anticipating these risks and planning accordingly. The largest increase is by platform companies (58% greater than last year), followed by energy/utility companies (20% greater), technology (15% greater) and consumer markets (14% greater). Across industries,cybersecurity budgets grew 7 percent over the past year and are on track to increase by 13 percent next year.
4. Compare Budgets by Location and Size: Companies in China, Singapore, Argentina, the US and Canada are planning to exceed the average rate of a 13 percent increase. Companies under $5 billion in revenue will increase cybersecurity spending at almost triple the average. Companies with less than $1 billion in revenue plan to bump budgets by 33 percent and those with $1-5 billion by 30 percent.
5. Prepare to Fund More Cybersecurity Strategies: In the next two years, firms will depend more on behavioral analytics (18x more), smart grid technologies (9x more), deception technology (7x more) and hardware security and resilience (more than 2x more). Currently, 90 percent of global firms use multi-factor authentication, 68 percent employ block chain, 62 percent rely on the IoT and 44 percent deploy AI.
6. Shift Your Focus from Prevention to Resilience. The National Institute of Standards and Technology (NIST) provides an important guide to achieving cybersecurity through these five steps:
In this study, companies emphasized “protect” and “detect” at 27 percent and 24 percent respectively. Next year, these firms expect to move some of the budget from “protect” to “respond”and “recover.”
7. Evolve Your Security Roles: Enterprises entrust cybersecurity to those with higher leadership roles as the stakes get higher. Companies that are considered cybersecurity leaders are far more likely to have a CISO handle cybersecurity than companies considered cybersecurity beginners. For beginners and companies with under $1 billion in revenue, a Board tends to oversee cybersecurity initiatives.
Surviving a Cybersecurity Catastrophe
To address these pressing issues, there are several key actions you can take now. Most importantly, you can make cybersecurity a priority in your plans and budgets. It’s wise to integrate cybersecurity into every stage of your digital growth plan and continually track its ROI (both directly and indirectly) to address the effects of digital backlash. All teams that handle innovation should be included to avoid creating stale silos that don’t share important information. Make sure that you all stay on top of these trends as the year unfolds.
For more ideas on surviving the Apocalypse, see our recent blog post.
IST designs, implements and supports sound cybersecurity strategies at the top levels of government and for companies at every stage in their security development. You can trust us to help you stay ahead of the cybersecurity curve. Read more here.