Last year, the shipping giant Maersk reported that it has been hit by a ransomware attack from NotPetya, which prevented its people from accessing their data unless they paid a certain amount via Bitcoin. Estimated losses to the company amounted to about $300 million. Then there was the infamous WannaCry cyberattack on UK’s National Health Service (NHS) that affected dozens of hospitals and led to a loss of £92 million.
Today, 68 percent of business leaders feel that their cybersecurity risks are increasing, as per an Accenture report. Their fears are not unfounded. In the last decade, we’ve witnessed the emergence of cybersecurity as one of the top concerns for organizations of all sizes. A University of Maryland study found that computers were attacked every 39 seconds on average, or about 2,244 times a day.
IDC’s Worldwide Semiannual Security Spending Guide predicts that the global spending on security-related hardware, software and services will reach $133.8 billion in 2022. That amounts to a compound annual growth rate (CAGR) of 9.2% between 2018 and 2022.
Being hit by a data breach can prove to be a pricey affair for companies. As per the Poneman Institute’s annual Cost of a Data Breach Report, a data breach costs a whopping $3.92 million on average in 2019. This figure represents a 12 percent jump between 2014 and 2019.
Challenges
While businesses today do understand the threat that they are facing, finding a solution to ensure complete security for your business isn’t always easy. There are several challenges that organizations encounter:
• Evolving Threat Landscape
Unfortunately, cybercriminals are getting more innovative every day, finding new ways to steal data (and money). As a result, we see new types of threats emerging every day from new kinds of malware to phishing attempts to crypto mining. As a result, businesses are exposed to new vulnerabilities every day.
• Delays in Discovering Breaches
Unfortunately, discovering that your organisation’s data has been breached isn’t always easy. Since most attackers enter an organisation’s network through its weakest link and then move laterally through the organisation’s infrastructure, the time lapse between the initial breach and the discovery is important. As per Verizon’s 2019 Data Breach Investigations Report (DBIR), however, 56 percent of breaches in 2018 “took months or longer” to be discovered.
• New Technologies = New Threats
As organisations adopt more digital technologies and connected devices, the number of security challenges and vulnerabilities goes up. Also, the transition from on-premise to cloud models throws up its own set of challenges. The World Economic Forum (WEF) ranked cybersecurity as one of the top risks that worry global executives in 2019. The primary reason that it cited was that the physical convergence of IoT, offensive AI, cloud computing, data security, and online channel threats is likely to emerge as a “growth” area for cybercrime.
• Balance between Security and Privacy
With the emergence of new privacy regulations, maintaining the fine balance between security and privacy can be a huge challenge for organizations.
• Lack of Skilled Professionals
As the cybersecurity landscape becomes more complex than ever, tracking it requires certain specialized skills and domain expertise. However, there is a huge skills gap in the industry when it comes to the availability of trained security personnel.
Preparing for 2020
When it comes to addressing the looming cybersecurity threat in 2020, there are a few steps that companies can take.
New Technologies (Artificial Intelligence/Machine Learning): Countering the new threats requires companies to embrace technologies such as AI/ML to detect new threats as well as ward off attacks. AI/ML can also prove to be extremely valuable in detecting patterns and identify zero-day attacks.
Awareness and training too play a key role, especially given the dearth of trained cybersecurity professionals. Therefore, organisations can benefit from investing in training a pool of cybersecurity experts from within their organisation.
As the world becomes more digital than ever, cybersecurity is set to become even more important for organisations. Being prepared is critical!
Krishna Kumar, Founder & CEO, Simplilearn