Opinions expressed by Entrepreneur contributors are their own.
The Global Cybersecurity Outlook 2022 highlights that the Covid-19 pandemic has increased digitization and cybercrimes. With more and more people forced to work from home, technology has become increasingly vital in professional and personal lives. However, many organizations fail to create a ‘”cyber-safe” remote-working environment despite enhanced technology.
Research has found that people who work from home have higher chances of being victims of cybercrimes, with 47% falling victim to scams. Thus, due to the increased vulnerability to cyber danger, the rise in remote working necessitates greater attention on cybersecurity.
According to the report, the number of cyber-attacks per organization increased by 31% in 2021 compared to 2020. The price of these breaches has also escalated, with organizations needing an average of 280 days to detect and respond to a cyber-attack. Also, in 2021, every successful cyber-attack could have cost a firm around $3.6 million. Therefore, cyber-attacks are a significant issue, impacting around 55% of enterprises worldwide in 2021.
Identity theft accounts for 24% of all attacks, while ransomware assaults account for 20%. Moreover, ransomware, social engineering and malicious insider activity are the top three cyberattacks cyber leaders worldwide are the most concerned about. However, cyber leaders are most concerned about the infrastructural breakdown resulting from a cyberattack.
In the first six months of 2021, global ransomware assaults had increased by 151%, with each firm subjected to 270 cyber-attacks on average. Ransomware is a form of malicious software (malware) that threatens to expose or prevent access to information or a system software unless the victim pays a ransom price to the hacker. In several instances, the ransom demand is accompanied by a deadline.
If the victim does not reimburse the ransom in time, the information is permanently lost, or the demand is raised. According to the report, ransomware attacks are becoming more common and sophisticated, with almost 80% of cyber executives now considering that it is a “danger” and a “threat” to public safety.
Social engineering attacks
According to the report, social engineering attacks are the second-most alarming cyber danger for cyber leaders. The word “social engineering” refers to various malicious behaviors carried out through human interactions. It employs psychological manipulation to mislead people into committing security errors or disclosing sensitive data.
Social engineering depends on human mistakes, rather than flaws in software and operating systems, making it particularly dangerous. Human errors are less predictable than malware-based intrusions, thus making them more challenging to identify and prevent.
Malicious insider activity
Malicious insider activity was the third most concerning cyber danger for cyber leaders. It is described as a current or former employee, contractor or trusted business associate of an organization that abuses their authorized access to essential resources to harm the business. It is a concern as malicious insiders are more challenging to identify than external attackers because they have easy accessibility to an organization’s data and devote most of their time doing routine job activities.
Cyber resilience and cyber security
The 2022 report also highlighted that 59% of cyber leaders believed cyber resilience and cybersecurity are similar, even though the distinctions are not well comprehended. While cyber security is mainly concerned with data protection, cyber resilience, on the other hand, is concerned with an organization’s capacity to anticipate, respond to and recover from cyber threats. Therefore, businesses need to adopt cyber resilience to prepare for and fight back any cyber-attacks.
In addition, the report addresses three main cyber resiliency and cyber security gaps. Firstly, cybersecurity is not always emphasized in business decisions. Although 92% of company executives say that cyber resilience is incorporated into organizational risk-management plans, just 55% of security-focused leaders agreed with this assertion.
Secondly, another area that organizations are falling behind is obtaining leadership support for cybersecurity. While 84% of the respondents believe that cyber resilience is a business goal in their organization, with leadership support and guidance, 68% believe that cyber resilience is a critical component of their total managing risk. As a result of this mismatch, many security leaders continue to complain that they are not included in business choices, resulting in less secured judgments and security problems.
Thirdly, there is a lack of cybersecurity talents. According to the report, 59% found responding to a cybersecurity event difficult due to a lack of expertise on their team. It is therefore vital for organizations to reduce these gaps to reduce cyber-attacks.
Conclusively, new technologies such as artificial intelligence (AI), robotics or quantum computing could impact cyber transformation. Cybercriminals and cybersecurity specialists alike can benefit from them. Hackers could use them to make their assaults more complex and challenging to detect. In contrast, cybersecurity experts could use them to figure out how to improve their cybersecurity systems to reduce financial and reputational damage.