Defense Mechanism
The numbers are staggering. According to Cybersecurity Ventures’ 2022 cybercrime report, the cost of cybercrime is predicted to hit $8 trillion in 2023 and will grow to $10.5 trillion by 2025.
The impacts on businesses are already well-established. According to security.org, one in every six businesses that fell victim to cyberattacks faces ransomware, and about half of them pay the ransom. And according to a report last year by Security Intelligence, the share of data breaches caused by ransomware grew 41% in the previous year and took 49 days longer than the average breach to identify and contain.
A study conducted last year by Positive Technologies among financial organizations, fuel and energy organizations, government bodies, industrial businesses, IT companies, and other sectors found that cybercriminals are able to penetrate 93% of company networks and gain access to local network resources.
Such breaches, obviously, affect personal data. In 2020 alone, data breaches exposed more than 37 billion personal records, 82% of which came from only five breaches, security.org notes. Data breaches affect not only companies and organizations, but also the people whose information is in the exposed records. And identity-fraud losses in 2020 cost its 49 million victims $56 billion in total, or roughly $1,100 per victim.
“Cyber insurance premiums are climbing, and it’s becoming increasingly difficult for companies to afford or obtain coverage.”
Clearly, the threat is real, and growing. Here are a few trends to consider when looking at the cybersecurity landscape, and what tech media and organizations are saying about them.
Rising Threats, Rising Liability
With the rise in cybercrime has come increased risk for businesses, and that means a much larger cybersecurity sector. According to security.org, the global cyber insurance market was worth $7.8 billion in 2020 and is likely to grow into a $20 billion industry by 2025. About 75% of all cyber insurance premiums are for businesses, and the rest for individuals. But that could be shifting as well.
So, too, is the responsibility companies bear for their own data security, Forbes projects. “Cyber insurance premiums are climbing, and it’s becoming increasingly difficult for companies to afford or obtain coverage,” the publication notes. “To negotiate insurance premiums and better risk coverage, businesses will be required to present evidence across a broad spectrum of security areas in order to prove compliance with leading cybersecurity standards and best practices.”
Organizations will begin to conduct enterprise risk assessments that highlight the maturity level of their cybersecurity program and proactively address any underwriting concerns, it continues, noting that risk assessments can help determine decisions around insurance gaps, limits, and coverage.
“With the distinct possibility of a global recession on the horizon, we expect to see ransomware attacks spike in 2023. However, larger organizations in regions heavily impacted during the ransomware boom are the most prepared for this wave after investing time and money in fighting back.”
As for those internal efforts, Forbes also notes that cybersecurity has become too complex for many organizations to manage on their own, and most companies don’t have the skills or resources to manage a full-fledged security operations center (SOC). For these reasons, many businesses will be forced to think creatively and could decide to outsource their day-to-day security operations.
Locally, one such SOC is being developed at Springfield Union Station, part of a state- and federally funded project announced in November to establish a Cybersecurity Center of Excellence at the site, which will also include a ‘cyber range’ for training.
Mary Kaselouskas, vice president and chief information officer at Springfield Technical Community College (STCC), which will manage the center, noted recently that “a lot of companies don’t have the resources for a fully operational SOC, or can even afford to have managed SOC operations,” so the need for a local SOC is clear.
Zero Trust on the Rise
One way businesses are increasingly curtailing cyber threats is through a concept called ‘zero trust.’
According to IBM, the idea, developed by John Kindervag in 2010 while a principal analyst at Forrester Research, is a broad framework that promises effective protection of an organization’s most valuable assets. It works by assuming every connection and endpoint is considered a threat.
Essentially, a zero-trust network logs and inspects all corporate network traffic, limits and controls access to the network, and verifies and secures network resources. A zero-trust security model ensures data and resources are inaccessible by default, and users can only access them on a limited basis under the right circumstances, known as least-privilege access. The strategy also authenticates and authorizes every device, network flow, and connection.
“As hybrid work became a way of life, more organizations have started adopting zero-trust frameworks, meaning all users, apps, and devices that request access are assumed to be unauthorized until proven otherwise,” Security Intelligence notes. “Organizations with a zero-trust approach deployed saved nearly $1 million in average breach costs compared to organizations without zero trust deployed.”
Connecting the Globe
Perhaps no cybersecurity trend has been bigger in the last several years than the scourge of attacks related to the supply chain. Analyst firm Gartner predicted that, by 2025, 45% of global organizations will be impacted in some way by a supply-chain attack.
“Cyber criminals look for organizations or industries teetering at the edge and then make their move to tip them over,” said Charles Henderson, an IBM global managing partner and head of IBM Security X-Force. “Last year, we saw that with manufacturing — a strained industry viewed as the backbone of supply chains. With the distinct possibility of a global recession on the horizon, we expect to see ransomware attacks spike in 2023. However, larger organizations in regions heavily impacted during the ransomware boom are the most prepared for this wave after investing time and money in fighting back.”
Global threats often require a global response, which is why, last year, the U.S. State Department announced the launch of the Global Emerging Leaders in International Cyberspace Security (GEL-ICS) Fellowship, in partnership with the Meridian International Center.
The fellowship will support the development of a diverse global network of future cyber policy leaders who share the U.S. and other partners’ vision for cyberspace, and is designed to equip emerging leaders from the governments of these foreign partners with the knowledge and global connections to be advocates of the framework of responsible state behavior in cyberspace, as affirmed by the United Nations General Assembly.
The first cohort of 20 to 25 government officials will engage in a year-long program on international cyberspace policy in 2023. Fellows will visit Washington, D.C., New York City, and San Francisco to engage with U.S. and international leaders from government, industry, and civil society. They will also participate in a series of thematic webinars to support continuing education and foster networking among the fellows and stakeholders.
Additionally, fellows will reconvene on the margins of the 2023 Internet Governance Forum hosted in Japan to mark the end of the program. With each year, fellowship alumni will form a growing, global network of proponents for a stable and secure cyberspace for future generations.
Good Time for a Job Search
If there’s a plus to the increasing cyber threat landscape, it’s an explosion in job opportunities. Even at a time when the IT industry is seeing massive layoffs, cybersecurity appears to be a safer harbor than other tech careers.
The global cybersecurity workforce grew to encompass 4.7 million people last year, reaching its highest-ever levels, according to a workforce study by ISC2. However, the same study found there is still a need for more than 3.4 million security professionals, an increase of more than 26% from 2021’s numbers.
The U.S. Bureau of Labor Statistics projects similarly robust need, estimating that the number of cybersecurity jobs will grow by 35% between 2021 and 2031. According to Cyberseek, of those 3.4 million professionals needed globally, about 770,000 opportunities are in the U.S. alone.
The recent spate of high-profile cyberattacks, many involving paid ransoms featuring six or seven zeroes, has brought an ongoing, and escalating, problem even more to the forefront. Businesses are being advised that the problem needs to be managed — before the worst happens. That means having a detailed plan involving many layers to keep things safe.
