The Biggest Risk Potentials for Cyber Attacks
At least for Germany the following applies: despite the growing complexity of IT infrastructures, it is still staff who remain the weakest link with regards to cyber attacks: Not recognising phishing emails, negligent encryption or the use of insecure data and applications – all these provide the biggest risk potential for cyber attacks on companies, as IDC found out during their research for “IT Security in Germany 2018”.
The security risk of networked devices and applications was only in last place with 23%, but this risk potential will intensify in 2018 and beyond. According to a study by Varonis, the number of attacks in the IoT has increased by 600% since last year. In forthcoming years more than 50 billion devices will be connected with the internet. The Internet of Things will become a reality and companies want to take advantage of its benefits, while at the same time they are also sceptical regarding security: According to a study commissioned by Raytheon, 82% of those interviewees from the US expect that unprotected IoT devices will lead to data theft in their organisations.
The Evolution of Hacker Attacks
We know that the number of cyber attacks has multiplied. The extent and approach of the hacker attacks has also evolved. When you imagine that during the attack on credit agency Equifax the data of around 143 million people in the USA was stolen, you become aware of the scale of this threat. Attacks become more far reaching, more perfidious, more commercialised and harder to keep track of.
Nick Ismail of InformationAge points out that a group of hackers already operated its own call centre. Such criminal teams often set up their offices in countries with less stringent relevant laws, whereby they escape the sphere of their target countries. Another negative trend is the increasing agility of malicious code as often it is written and modified more quickly than opponents can discover and remedy it.
In the meantime, ransomware has gained a second foothold: Money is no longer exclusively demanded to recover the data of victims. In fact, certain ransomware turns the victim into the perpetrator. If the affected person forwards the malicious code to a certain number of recipients, who then install and pay for the data of the hackers, his or her own data is then released again by the attackers.
Expenditure for Cyber Security Reaches Record Levels
According to a study by Cybersecurity Ventures, it is therefore hardly surprising that expenditure for cyber security between 2017 and 2021 is to be around one billion dollars worldwide. With the growing complexity of local and global IT infrastructures, targets for data thieves also multiply. The resulting damages are immense. According to figures by Varonis, a malware attack costs a company in the US an average of around 2.4 million dollars.
Consultancy firm Gartner therefore advises to no longer try to prevent attacks, but instead invest in the detection and remedy of malicious code. “The truth is that you won’t be able to stop every threat and you need to get over it “, comments analyst Earl Perkins on the cyber security debate.
Offer Information Relating to Security Issues and Cloud Security
Often it is your own members of staff who open the doors to hackers. Therefore, a very good first step would be to raise their awareness of security issues. It can be helpful to assign an IT help desk or relevant contact to staff. They can then, in addition to administration, offer support regarding any queries or insecurities staff may have relating to cyber security.
Cloud security services are also gaining in popularity. According to the IDC study, in comparison to the previous year 20% more companies use such services. The most common were firewalls, IDS and IPS (66%), followed by email protection (60%), web filtering (58%), client administration (55%), as well as data back-up and disaster recovery services (53%). One of the advantages of cloud services, such as the oneclick™ platform for the provision as well as distribution of software applications and data, is their simple set-up, maintenance and absolute scalability. Depending on company requirements, services can be flexibly customised and invoiced. There is also a minimum of maintenance and set-up costs for the service recipient. Effective security systems can be set up quickly and easily with no need for specialist knowledge.
- Image 1: unsplash.com