Credit: ID 152789605 © Pravin Chakravarty | Dreamstime.com
Cybersecurity is a daily concern in our personal and professional lives. When you go online, whether it's to shop, connect with friends and colleagues, or access an account, you worry about who might be tracking you or breaking into your files.
But, cybercrime isn't just an individual concern, nor does it only affect first-world countries like Australia, Canada, and the US.
Recently, a major news organization announced that cybersecurity was the biggest threat to the world economy. Between record data breaches over the past few years and new, harder to detect viruses being created and unleashed every day, it's no wonder that the news media, government agencies, and cybersecurity professionals are sounding the alarm.
How big is the problem? Read on for some eye-opening statistics.
Global Cybersecurity Stats
So far, 2019 has brought us a bumper-crop of incidents and concerns, and things will only become worse as we move into 2020 and beyond. Although cybersecurity insurance spending is expected to increase to $14 billion in US dollars by 2022, 68 percent of business have no liability coverage at all. In fact, 80 percent of enterprises don't even have a comprehensive cybersecurity prevention and mitigation plan in place.
Another trending threat is the rise of bring your own device (BYOD). It's estimated that 59 percent of employers allow employees to conduct business on their personal smartphones, tablets, or laptops. Allowing staff to work from home or use their own devices is convenient and cost-effective for business owners, but it also leaves companies more vulnerable to social engineering exploits and ransomware attacks.
Globally, one of the most vulnerable sectors is healthcare, which suffered three out of the top seven most costly breaches in 2015. This is followed by manufacturing in second place, and the banking/finance industry to round-out the top three.
As far as attacks and exploits, those are becoming more sophisticated and harder to detect. There is a hacking attempt launched every 39 seconds, and more than half of those are aimed at small businesses. Last year alone, more than half a billion personal records were stolen by cybercriminals. By next year, the average cost of a data breach will reach an estimated $150 million.
What are the biggest threats to our digital security? Here are the top 10.
1. Financial Crimes
Although many crimes have a financial motive, there are specific - and disastrous - computer-based crimes that are increasing in frequency and severity. Ransomware took its share of the limelight over the past few years, but crimes like cryptojacking are becoming an even bigger issue.
Cryptomining software runs virtually undetected in the background while users browse the internet, filling up the coffers of their creators by increments over time. The code is introduced via email attachments, much like traditional viruses and ransomware. However, it isn't your money they're after; it's your processing power and other resources that are hijacked.
Ransomware has become a plague that has no warning until you're locked out of your network or admin panel. The only choices are to restore your system from a backup or pay up. However, the rate of businesses and governments that are able to successfully re-access their networks after paying the attacker is so low, the FBI is advising victims not to pay.
2.The Rise of Multi-Cloud Computing
With more platforms and services residing in the virtual world, multi-cloud and remote computing are the office space of the future. However, having a borderless global society and more cloud-based solutions also means a broader attack surface, with more access and endpoints to protect, and even greater chances of overlooking an exploitable vulnerability.
3. Third-Party and Supply Chain Attacks
The rise of cloud-computing also means an increased need to work with third-party vendors for software and services. This leads to an increase in supply-chain attacks that can cross international borders. Since global commerce will only increase, solutions involve keeping software and security patches updated, using a VPN service, and avoiding generic apps from external libraries.
Though VPNs are sometimes poorly understood, they should be a baseline security strategy for individuals and businesses alike. Compare the top choices to find one with the features you need. One of the most popular services by market share, NordVPN, has more than five thousand servers spread according to a recent test of Nord’s connection speed. Others may offer more on one and less of the other. You’ll just have to do your research.
4. Shortage of Cybersecurity Professionals
Cybersecurity spending is estimated to reach $133.8 billion within the next two years. However, there is a global shortage of 2,930,000 cybersecurity-related positions that are unfilled.[1] Much like the rise in real-world crime leads to unsafe streets, lack of personnel to combat cybercrime will lead to greater losses in money, reputations, and trust.
One solution is to encourage students to look into cybersecurity careers as opposed to just steering them toward general STEM degrees.
5. More Sophisticated Phishing Exploits
Phishing and other social engineering exploits are nothing new. They will continue to be with us for as long as we depend on email and messaging platforms to conduct our personal and business correspondence and outreach.
However, these crimes are becoming much more sophisticated than Nigerian Royalty scams and garden-variety spam. Most people are aware of the dangers of suspicious messages and links. so hackers are turning to Ai and machine-learning to craft highly targeted, more personalized emails that are harder to detect from the fakes.
Since one-third of all data leaks are due to carelessness, it is hoped that better employee training will alleviate some of the preventable security issues that are all too common at workplaces around the world.
6. Cyber Attacks on the Grid
As more of the systems that power our lives become interconnected or powered by cloud platforms, we face grave danger of system-wide attacks on electrical grids, transportation systems, and even our military facilities. Criminals don't even have to hit us online. One electromagnetic pulse (EMP) attack could conceivably knock out an entire country's electrical capabilities, and everything dependent upon them, for 18 months or more.
This is a problem that needs to be corrected at a government level, as the grids and other infrastructure around the world, including global superpowers, aren't sufficiently hardened against such widespread attacks.
7. Personal Attacks
Cyber bullying and stalking are on the rise, often with deadly consequences. Many of these crimes may begin online, but they have a high potential to bleed into the real world, ending in violence. User education will help balance some of the risks of cyberstalking at college or on the job, but fewer than 20 percent of cybercrimes are ever reported to law enforcement. This emboldens criminals and diminishes trust that our institutions are able to look out for our safety and best interests.
8. State-Sponsored Attacks
Hacking is no longer just the domain of shadowy individuals or collectives acting from afar. The new criminal enterprises are state-sponsored agents who are using technology to cripple adversaries through widespread attacks on critical systems. There is a threat of escalation not seen since the nuclear arms race of the 50s. With such capabilities, the playing field is levelled for smaller, more dangerous countries to wage large-scale attacks on bigger, better-equipped countries, who will be unable to respond.
9. IoT and Autonomous Systems
Interconnectivity is one of the biggest technological advances when it comes to convenience and improving the way we live and work. However, networked devices that connect our phones, security systems, appliances, and cars also increase the risk to our security and data integrity.
While most people know to use secure internet connections on the phones and personal devices, how many consider the security of washing machines, home theater systems, or cars? While accessing these won't necessarily lead to identity theft or an empty bank account, they are often connected to networks where more sensitive information is located.
Businesses, government agencies, and individuals should segment any networks to separate benign and high-risk devices, use secure rather than default passwords, and protect end-points on all connections.
10. Smart Health Devices and EMR
As we mentioned before, the healthcare industry is the biggest target for data thieves and other cybercriminals. The development of smart technology to monitor vital signs and medical conditions has led to more comprehensive treatments, but it can also put us at greater risk for hacking. Imagine an unscrupulous person hacking into a database or medical management network and stealing insurance information, revealing sensitive medical information, or even messing with dosages or stopping a pacemaker.
Final Thoughts
Cyber crime is big business, with the most elite hackers earning a cool half a million dollars a year just to test system security; the bad guys are raking in billions.
Cybersecurity is no longer just an in-house or IT concern. With more business being conducted in virtual environments and services becoming borderless, exploits have the potential to affect entire regions of the world. Business and government leaders at all levels should take security into consideration in all of their organizational planning, network setup, and software design.
[1] Source: 2018 (ICS)2 Cybersecurity Workforce Study.