The pitfalls of cybersecurity are growing deeper
Authored by HDI Global
Cyber is transcending its IT roots to become a fundamental part of almost every organization. This makes cybercrime a more common and more serious problem. Our look at selected cybersecurity trends for 2023 and beyond.
Just how serious a problem is cybercrime?
This may seem an odd question. But the answer is likely, ‘More serious than you think’. According to the 2023 edition of the World Economic Forum’s Global Risks Report, cybercrime and cyber insecurity now ranks inside the world’s top ten short- and long-term risks. For businesses, it’s top five. That’s alongside several environmental risks and ahead of major issues like debt crises and infectious disease outbreaks.
One thing’s for sure: more and more organisations are vulnerable. The rapid growth of digital technologies, data and evolving business needs are increasing exposure levels. One recent report noted a 38 percent increase in cyberattacks in 2022 compared to 2021.
And the consequences of these attacks are evolving. Deloitte says that while operational disruption remains the most serious, loss of revenue has leapt from ninth to second in its ranking over the last two years; a result of increased threat as well as organisations gaining a clearer picture of the financial impact of cyberattacks.
Geopolitical events also play a role. A new report by Google into the impact of Russia’s invasion of Ukraine says the war “will likely have long-term implications for both coordination between criminal groups and the scale of cybercrime worldwide”. In 2022, Russian government-backed cyber attackers increased their targeting of users in NATO countries by 300 percent, the report says.
It all adds up to cyber transcending its traditional IT roots and becoming a fundamental part of almost every organization. “Cyber is more than technology-focused,” says Deloitte. “It is foundational.”
Remote work increases cyber risks
One of the most important cyber trends facing many organisations is the rise of distributed workforces. Across industrial nations, around a quarter of all workers now work remotely at least three days a week.
Greater use of mobile devices, including private ones, not to mention public Wi-Fi networks, are making companies more vulnerable. In a 2022 survey by telecommunications giant Verizon, 79 per cent of organisations said remote working had adversely affected their cybersecurity. Nearly half of companies had recently experienced mobile-related compromise – almost twice as many as in Verizon’s 2021 survey.
There are several important solutions to this challenge, says Larissa Chiarella, Head of Cyber Risk Engineering Services at HDI Global SE. Multi-factor authentication (MFA) requires two or more verification factors to log in and can fend off the majority of automated brute force attacks. “This is particularly important for protecting administrative accounts,” Chiarella says.
The second defence mechanism is endpoint detection and response (EDR). “EDR provides an integrated solution, which monitors all desired devices and isolates them in case of anomalies,” explains Chiarella. “With machine learning techniques, advanced attacks can also be detected and responded to automatically,” she adds.
Trust no one?
This is just one of a growing number of tools to combat innovative cyber criminals. According to Gartner, global spending on cybersecurity is set to rise 11.3 per cent in 2023, reaching more than USD 188.3 billion.
A major driving factor is an increase in the use of cloud storage. Companies are storing more and more data in the cloud as well as granting access to a variety of users, including external suppliers. As a result, cloud security – including EDR – is set for the strongest growth within cybersecurity over the next two years, Gartner says.
Linked to this, and the rise of remote work, is a further cyber growth area in the near to medium term – ‘zero trust’ security. Traditionally, organisations have relied on perimeter security solutions to monitor what enters and exits a network. But as this becomes increasingly difficult, a ‘never trust, always verify’ approach assumes all users and systems, whether inside or outside an organisation’s network, are untrusted. To access data and applications, they must be authenticated, authorized and continuously validated, shifting the focus away from static perimeters around physical networks.
According to PWC’s 2023 Global Digital Trust Insights Report, more than a third of CISOs (36 percent) say they have now started to implement components of zero trust, while another 25 percent will start in the next two years.
Those who are not yet thinking about a zero-trust approach should at least have a multifactor solution in place.
“Based on loss experience, we know that hackers have often been able to successfully compromise systems or entire companies by obtaining user IDs and passwords. With additional factors, such as a fingerprint or a release on another device, the hackers often give up.” Said, Larissa Chiarella, Head of Cyber Risk Engineering Services, HDI Global SE.
More global rules needed
But should the onus lie so heavily on organisations to fight cybercrime alone? The World Economic Forum says problems are currently compounded by a lack of global agreements on how to regulate cyber threats.
Some progress is being made, it points out – a UN treaty on cybercrime is under development, for example – “but until global rules are strengthened and reporting of breaches is mandatory across most sectors, it will be impossible to understand the true magnitude of the challenge.”