Are Criminals Winning the Cybersecurity War?

All enterprises should be equipped with the tools and know-how to combat modern cybercrime. With new hacks and malicious attacks perpetrated against major companies making headlines every day, it’s increasingly clear that many enterprises simply aren’t prepared.

With roots that extend as far as mid-20th century military codebreaking, cybercrime has evolved in lockstep with every other aspect of technological innovation. But it’s truly advanced in scale with the advent of the dark web, which offers users anonymity and goes unseen by the vast majority of internet users. It’s this rapid growth that’s prompted some experts to estimate that cybercrime is a $455 billion a year business.

The implications of this growth are far from rosy for practically every other industry — it’s estimated that cybercrime will cost global markets a staggering $6 trillion annually by the year 2021.

It’s not just large enterprises that are affected. In fact, most cyberattacks are minor e-crimes targeting smaller companies, with the perpetrators usually looking for information they can leverage in larger attacks. But regardless of their size, what’s clear is that a significant portion of U.S. businesses are at risk because they aren’t doing enough to protect their digital assets.

Identifying the Roadblocks

Modern cybersecurity measures are sluggish and incomprehensive, due in large part to three major issues: false confidence, a lack of thorough technological knowledge, and inadequate governmental regulations and policy.

First, common misconceptions about effective cybersecurity that continue to pervade the business world. Many enterprises mistakenly believe that their networks are relatively safe from penetration by outside sources, but in fact have weak or no backup security software in place.

To make matters worse, the digital revolution continues to give way to new hacking strategies, from spear phishing to social media hacks to sophisticated corporate security breaches. Each new approach creates another hurdle for corporate IT teams to clear, and without the technical resources to protect against these approaches, they’re left with gaping loopholes in their security infrastructures. Emerging technologies like artificial intelligence (AI) and the Internet of Things (IoT) only offer cybercriminals new and untested avenues of attack.

Another major hindrance to strong cybersecurity is a lack of proper regulation. Cybercriminals often run free on the web, perpetrating attacks that result in the theft or successful ransom of large sums of money. And yet, they are very rarely caught and prosecuted for their crimes. Enterprises and government agencies alike typically lack the resources and strategies to stop attacks, let alone catch the criminals masterminding them.

Closing the Gap

The first cybersecurity task that companies should tackle is to change their mindset when it comes to stopping hackers, as they need to acknowledge them as a real and imminent threat to their safety and success. Beyond beefing up their security infrastructure, that also means training employees on how to identify and respond to threats like phishing emails and DoS attacks.

To close the technological gap between their own security and the criminals attacking it, companies first need to hire talented security professionals either in-house or in the form of managed IT services.

Their next priority should be precise access logging — recording anomalies in the system so that security teams have more time to focus on strengthening industrial control systems (ICS). Finally, implementing extra precautions will bolster the entire infrastructure. Application whitelisting, network segmentation, configuration management, and patch management controls represent a few options for reducing risk and ensuring all information is protected.

By Chris Voll

03.29.2018

Sign up for the TTI Newsletter