According to Clark, “We are looking at a sea change in the way cybercrimes are perpetrated today. The hoodied hackers hiding in basements have morphed into well-organized and well-funded business owners – and hoodies have given way to Armani and Hugo Boss.
Access brokers abound on the dark web, offering up corporate proprietary information along with individuals’ personal data. Nation-state and supply chain attacks are escalating, and the number of cloud attack vectors is increasing exponentially. Unfortunately, many companies don’t protect their cloud usage, the way they do their endpoints – and this vulnerability is being targeted by bad actors. Given that cloud-related services will double over the next year and a half, to reach about $830 billion by 2025, this is a huge concern.
Right now, less than half of all organisations are cloud-native, or fully cloud-enabled. Only 60% of corporate data is currently stored in the cloud, and less than 30% of corporate processes reside aloft. As organisations enter into Phase 2 of their cloud migration, multi-layer security must become table stakes, or they risk becoming the next cybersecurity victim – something that happens every 37 seconds globally.”
Key facts from UNGA talk:
- According to the FBI and Interpol, approximately 33 billion accounts will be breached in 2023. That’s about 97 cybercrime victims being created each and every hour! There has been a corresponding increase in the cost of these crimes. In 2022 the figure was $6 trillion, and experts estimate the figure will rise to $10.5 trillion by 2025. That’s a 175% increase within two years.
- Majority of expenses companies face when victims of a successful cyber infiltration, fall into four categories:
- i) Investigation and remediation. About 40% of the costs are associated with identifying the problem, resolving it and then getting the company back up and running.
- Ii) Business interruption. Every moment a company is unable to serve its clients, manufacture items or delivered much needed services, impacts profitability. In the event of critical services such as hospitals and infrastructure, the toll can be life-and-death, literally.
- Iii) Brand reputation. This is especially true if customers take to social media to complain about a company’s downtime and/or clients’ personal information is leaked onto the dark web.
- Iv) Theft of corporate strategies and intellectual property. It is estimated at least two companies globally are forced out of business each and every month, because their proprietary information has been stolen and competitors have managed to steal their customers, and capture a larger market share, for a lower-priced, yet seemingly comparable product offering. Sadly, this figure is escalating.
- MUSH sector (Municipalities, Universities, Schools and Healthcare) remains primary target, with healthcare filling the number one spot three out of the past five years. In 2022, 30% of all large data breaches occurred in hospitals. But the firms being targeted most frequently are the mid-size enterprises, those companies and public organisations with only 100 – 1,000 employees and somewhere between 50 million and $1 billion in annual revenues. This is followed closely by smaller enterprises in North America and Europe.
- The number of access broker advertisements has increased by 200% in the past 12 months and continues to escalate.
- Unmanaged assets act like beacons for the bad guys because, typically, these orphans have fewer security controls. This is an easy vulnerability to shore up.
- 28% of all successful breaches were attributed to poor patch management.
- Nearly 60% of companies are seeking to optimize their cloud use over the next 12 to 18 months, while migrating more workloads to the cloud.
- Nearly two thirds of 2022 cloud security incidents were the result of misconfigurations related to permissions granted to individual or groups – most being granted far too much latitude. For this reason, Identity and Access Management (IAM) is crucial so that administrators can determine which users should be authorized to modify or otherwise engage with specific resources.
- Incorporating Multi-Factor Authentication (MFA) and Minimum Privilege policies are excellent steps to help protect corporate networks and endpoints.
- There have been double digit increases in companies moving from on-premises software to SaaS, because many of these applications have had time to mature. As a result, predictions are that cloud-related services will double over the next year and a half, to reach about $830 billion by 2025.