According to a 2020 study carried out by McAfee and the CSIS (Centre for Strategic and International Studies), the cost of cybercrime has reached over $1 trillion since 2018. This roughly translates into $945 billion monetary loss from cyber crime and a $145 billion global spending on cybersecurity.
The cybersecurity firm Check Point shows in a research that in 2021 there was a 50% increase in overall attacks per week on corporate networks compared to 2020, education and research sectors being the most attacked ones. Looking even further, Cybersecurity Ventures expects global cybercrime costs to grow by 15 percent per year, reaching $10.5 trillion USD annually by 2025.
With all these numbers in mind, regularly reviewing the possible risks and whether your company’s current measures are appropriate in the given context, represents the foundation on which it’s mandatory to build, step-by-step, a coherent cybersecurity strategy.
As cyber attacks get more and more elaborated, the already complex cybersecurity landscape is constantly changing. Cybercrime has many hidden costs from opportunity costs, time and money spent on cybersecurity decision-making, the effect of downtime, loss of productivity, and damage to brand and image. Most of these costs do not have an easily assigned dollar value, but we must consider them in assessing the effect of cybercrime.
Starting with the key-essentials, like social engineering penetration tests, malware and ransomware protection, each company should invest not just into adopting a healthy and relevant cybersecurity strategy, but also into keeping it updated and accurate.
We’ve gathered 4 cybersecurity trends that are gaining ground and are most likely to help you set the baseline for a pertinent strategy against cyber-attacks.
1. The Zero-Trust Architecture (ZTA) or the “never trust, always verify” principle
The Zero-Trust framework is based on assuming there is no implicit trust granted to assets (enterprise or personally owned) or users from inside or outside the organization’s network. That’s why it requires all users and assets to be authenticated, authorized, and continuously validated for security configuration and posture before being granted or keeping access to applications and/or data. Taking into consideration the new way of working, this framework’s importance is undeniable.
According to a global survey conducted by McKinsey “[..] approximately 25% of all workers now work remotely three to five days a week. Hybrid and remote work, increased cloud access, and Internet of Things (IoT) integration create potential vulnerabilities.”
Organizations should tailor the adoption of zero-trust capabilities to the threat and risk landscape they face and to their business objectives. They should also consider standing up red-team testing to validate the effectiveness and coverage of their zero-trust capabilities.
2. Cybersecurity mesh integration
Part of the whole Zero-Trust philosophy, the cybersecurity mesh provides a composable approach to security based on identity to create a scalable and interoperable service; it’s a flexible, composable architecture that secures all assets, regardless of location, to enable a security approach that extends across the foundation of IT services.
Example: An organization in the technology space was struggling to create value from its threat intelligence program. Using a cybersecurity mesh approach, they integrated multiple data feeds from distinct security products to better identify and respond more quickly to incidents. (Gartner)
According to Gartner, by 2024 organizations adopting a cybersecurity mesh architecture to integrate security tools to work as a cooperative ecosystem, will reduce the financial impact of individual security incidents by an average of 90%.
3. Privacy Enhancing Computation (PEC)
Privacy-enhancing computation allows data to be shared across ecosystems, creating value while preserving privacy. Approaches vary and include encrypting, splitting, or preprocessing sensitive data, to allow it to be handled without compromising confidentiality. (Gartner)
Example: DeliverFund is a U.S.- based nonprofit with a mission to tackle human trafficking. Its platforms use homomorphic encryption so partners can conduct data searches against its extremely sensitive data, with both the search and the results being encrypted. This way partners can submit sensitive queries without having to expose personal or regulated data at any point.
Gartner highlights that by 2025, 60% of large organizations will use one or more privacy enhancing computation techniques in analytics, business intelligence or cloud computing.
4. Blockchain technology
According to Forbes, the widespread use of the blockchain technology in businesses and in consumer applications will positively affect the world. This will include new utilities ranging from smart contracts that allow for supply chains to be optimized to being able to eliminate ad fraud. Blockchain will usher in an era of true transparency in business transactions.
The ledger technology has virtually endless uses in everything from medical and financial data sharing to anti-money laundering monitoring and encrypted messaging platforms.
Blockchain offers decentralization, transparency, immutability, security, and efficiency. It ensures network security and cybersecurity in a multitude of cases by:
a) Making the IoT networks more secure
The IoT networks have been often associated with cyberattacks due to their connected devices vulnerability. But here blockchain enters the stage, thanks to containing strong protections against data tampering, locking access to Internet of Things devices, and allowing compromised devices in an IoT network to be shut down.
As part of the Trusted IoT Alliance, networking giant Cisco belongs to a group that is considering scaling technologies to enhance the security of IoT products. The company embraced blockchain because the ledger technology eliminates single points of failure and secures data through encryption.
b) Checking the Integrity of Software downloads
It’s a common fact that hackers often tamper with software products (e.g. malware) which end up being downloaded on personally owned or enterprise’ computers. The blockchain technology uses the so-called “integrity hash” to avoid getting the software compromised. Vendors can store the “integrity hash” on blockchains so that the users can see it and compare the one from their downloaded file against it. A match means that the software product is safe to use.
The Government of Malta welcomes international companies to test and operate the blockchain technology. While currently implementing blockchain cybersecurity measures in its finance sector, the government is looking into how the ledger technology could be useful in safeguarding government documents and sensitive citizen information.
c) Preventing the Distributed Denial of Service (DDOS)
DDOS attacks are becoming more and more frequent, as it’s one of the cheapest ways a hacker can harm a company and because they only need to attack a centrally administered website or network (which is ruled by a Single Point of Failure SPoF).
But blockchain works as a decentralized network which means it eliminates the SPoF making it harder and more expensive for hackers to attack it.
Philips Healthcare, part of the Philips Research firm, is pairing blockchain with AI to create a new healthcare ecosystem.
In partnership with hospitals all over the world, the company uses AI to discover and analyze all aspects of the healthcare system, including operational, administrative and medical data. It then implements blockchain to secure the massive amounts of data collected.
McKinsey raises the point that “companies are using all kinds of sophisticated technologies and techniques to protect critical business assets, and the most important factor in any cybersecurity program is trust.”
Trust lies on a foundation of transparency and inside a company the board must trust that its C-Suite can handle security breaches without affecting the company’s value. The same study points out that “The C-suite and the cybersecurity function can no longer talk past one another; security must be a shared responsibility across the business units.”
“The companies that take steps now to build greater trust between the business and the IT organization will find it easier to foster a resilient environment and withstand cyberthreats over the long term.”