By the Numbers: Parsing the Cybersecurity Challenge Why your CEO should rethink company security priorities in the drive for digital business growth.
Digitization is progressing rapidly. From 2013 to 2020, EMC expects the digital universe to grow tenfold — from 4.4 trillion to 44 trillion gigabytes. In fact, the universe more than doubles in size every two years. However, along with that growth, the world becomes exposed to cyber attacks in an order of magnitude that is unprecedented. The tumult around the 2016 US election is just the tip of the iceberg - with a far bigger and growing issue beneath the surface.
Everyone is a potential target
Few are aware that literally every company and individual is a potential target. One in 10 people is now a victim of fraud or online offenses, a study in the UK concluded, as highlighted in The Telegraph. While these numbers appear shockingly high, it’s important to keep in mind that the overwhelming majority of these crimes are believed to remain unreported by the victims for a number of reasons, such as fear, a lack of awareness, or embarrassment.
According to Radware’s 2016-17 Global Application & Network Security report, 98% of organizations experienced cyber attacks in 2016. The perception that criminals only go after large enterprises and the public sector is completely wrong. As much as 31% of these attacks are directed at small and mid-sized companies with fewer than 250 employees. This trend is going to continue in 2017.
Cybercrime is an industry that is evolving exponentially
As reported on Bloomberg, cyber insurance premiums to protect against financial damages resulting from hacking could become a blockbuster product and rise to between $8.5 billion and $10 billion by 2020 from about $3.4 billion currently.
Cisco expects that cybercrime damages could cost up to $6 trillion annually by 2021, up from $3 trillion in 2015. However, these costs are sometimes hard to quantify and vary widely, depending on a number of factors, such as size of the organization, type and extent of the attack, publicity, industry, geography and so on. Most security experts (54%) estimate the impact of each attack at less than $100,000, but as much as 12% estimate the cost of an attack to be $1 million or above, according to Radware’s research.
Black Hat USA returns to the fabulous Mandalay Bay in Las Vegas, Nevada, July 22-27, 2017. Click for information on the conference schedule and to register.
Shortage of talent, missing attention in the boardroom
When asked about their primary obstacle to counter cyber attacks, more than one-quarter (27%) cited missing manpower, as the Radware report concludes. With 1 million vacancies in 2016, there is a severe workforce gap in cybersecurity, which is getting worse as the digital universe expands. Cybersecurity Ventures estimates the talent shortage will reach 1.5 million vacancies by 2019, which makes the skills rare and drives up wages.
In a 2015 study by PWC, 21% of CEOs asked globally were "extremely concerned" about cyber threats, and nearly 42% were "somewhat concerned." Frankly, these numbers appear surprisingly low, compared to the potential damages and given the workforce gap enterprises have to cope with.
So what's ahead?
Overall, the cybersecurity community seems more pessimistic about what to expect throughout 2017. Cyber attacks will become more sophisticated and catch many by surprise. According to the Radware report, the range is likely to include: Rise of Telephony Denial of Service (TDoS) and Permanent Denial of Service (PDoS) for datacenter and IoT operations; compromised surveillance systems available for rent, enabling intruders to watch through third-party cameras; more targeted and segmented ransom attacks; hijacked personal avatars and personal information for sale, or being auctioned (including medical or criminal records, lawsuit information etc.) as the Darknet goes mainstream.
CEOs should critically review their corporate priorities as the threat of cybercrime seems to be widely underestimated. To prepare their organizations for the future, gearing up and concrete actions are required. This includes technology investments (solid threat prevention and detection capabilities, robust incident response plans etc.) and, more importantly, adequate resources. Since security experts are scarce, requalification programs and formal training of the existing IT workforce plays a critical role in helping to close the gap.
While this might sound fairly intimidating, it would be negligent to trivialize the threat. With the expansion of the digital world, shiploads of data being processed, and the emergence of smart cities, societies will become increasingly dependent upon the availability and resilience of IT systems that affect our everyday lives. More than ever, it’s crucial to properly safeguard IT infrastructure as well as data whenever it's being transmitted (in motion), processed (in use), or stored (at rest).
Marc Wilczek is a columnist and recognized thought leader, geared toward helping organizations drive their digital agenda and achieve higher levels of innovation and productivity through technology. Over the past 20 years, he has held various senior leadership roles across ... View Full Bio