It feels almost sacrilegious that we are already in July and we have not spoken about cyber security as much as we did last year. The scary thig about this is that the cyber threat is no less pertinent then it was in 2018. In fact, if anything, the threat is growing, and we are on the precipice of a major cyber breach.
We have heard it all before, batten down the hatches…. sleep with one eye open…spend money on cyber resilience. The truth of the matter is that all the above messages are preaching to the choir, and the best way to make companies cyber resilient is to highlight what is going on in the world.
Let’s start with the first bit of shocking information that I came across. I recently read an articlewhich pointed out some of the most important cyber-security statistics that were unearthed in 2019.
The article points out that, invented in 1989, the World Wide Web is home to around 2 billion websites today. This unimaginable expansion has brought the world closer and shrunk it into a small global village. The internet is responsible for fast forwarding the world’s technological progress and advancing us hundreds of years ahead.
However, as the world has made a shift from the physical to the digital landscape, security threats have also changed from physical to cyber.
Trillions of dollars.
The article adds that cybercrimes have accounted for trillions of dollars in losses, as per Juniper research the amount in 2019 was $2 trillion.
With such vulnerabilities revolving online, companies are investing heavily in cyber security and training employees, particularly regarding online scams and ransomware attacks.
It is estimated that by 2027, global spending on cyber security will reach $10 billion. In this age of IoT, where there is no escaping the internet, it is very important to understand the importance of cyber security and more importantly, the types of cyber security threats around you!
Half of all cyber attacks are targeted at small businesses.
The article points out that small business owners often do not pay attention to cyber security, thinking they’re not even worth being attacked. This is what makes them the perfect target.
Hackers may gain access to their data and steal consumer information, which may include personal details, credit card numbers, and social security numbers. According to Juniper research, small businesses make up to 13% of the entire cyber security market, surprisingly small businesses invest less than $500 in cyber security.
The article adds that, as per Cybint, almost 60% of companies have experienced cyber attacks such as DDoS attacks, phishing, and social engineering attacks. According to Juniper research, small businesses make up to 13% of the entire cyber crime market, yet surprisingly small businesses invest less than $500 in cyber security.
Estimated $6 trillion in damages by 2021.
The article points out that as per Forbes, the estimated amount of $6 trillion will cost much more damages and cost than all natural disasters in a year. Surprisingly this amount exceeds even the global trade of all illegal drugs.
It is relatively easy to stay anonymous online, compared to real life scenarios. The use of secure VPN services enables a person to hide their actual location and identity. A VPN encrypts all the online traffic making it impossible to track a person’s online activities.
$76 billion of illegal activities involves bitcoin.
The article adds that Bitcoins have created an amazing system of digital currencies providing anonymity, safety, quick transfer, and freedom from artificially regularized currency rates by governments. Unfortunately, most of the illegal activities involve the use of Bitcoins due to the anonymity it offers.
The University of Sydney in Australia published a study that states the $76 billion amount almost equals the entire illegal markets for drugs in the U.S and Europe.
Only 10% of cybercrimes are reported in the U.S each year.
The article points out that, the United States, often regarded as the hub of technology, has greatly undercounted the rate of reported cyber crimes. This is because they are often difficult to prove. In other cases for instance where ransomware is involved, it becomes very difficult to get professional help as the criminal might put up personal or embarrassing photos of you on the screen, or cause reputational harm if any personal information lands in the hand of the hacker.
According to the unit chief at FBI’s Internet Crime Complaint Center (IC3), the total number of cyber crimes reported only represent 10-12% of the actual number. Imagine the stats in other countries where the internet is still an emerging technology penetrating its way into the masses.
Staggering $300 billion cyber security market.
The article added that a 2019 press release by Global Market Insights indicated that It is anticipated by the year 2024 that the cyber security market will be a $300 billion industry. In fact, it seems that the amount will be much more than that as technology advances exponentially.
There are hundreds of cyber security tools available online at dirt cheap rates and even free. Be careful though as there are many predators camouflaged as utility tools.
Ransomware attack every 14 seconds.
The article pointed out that according to 12news.com, every 15 seconds, someone around the world joins a social media site. The 2019 Official Annual Cybercrime Report (ACR) predicts that businesses will fall for ransomware attacks every 14 seconds.
So, by the time you raise your wrist to look at the time and lower it back, somewhere in the world a ransomware attack has already taken place.
Become a hacker with $1.
The article added that there are ample of hacking tool kits and software available on the dark web costing as low as literally $1. Of course, the costlier, the better the tools and services available.
This does not end here; if you search enough you can literally find third party apps directly on the internet, you won’t even have to go the dark web to find such a service.
Malicious emails to public organizations.
The article pointed out that Symantec’s ISTR 2019 report states that public administration organizations receive one malicious email per 302 emails.
The number might seem quite small, but considering the nature of work at such places, it’s very likely for employees to fall into the trap.
Largest DdoS attack: 1.7 TBps.
The article pointed out that NETSCOUT Threat Intelligence Report featured the largest DDoS attack on record. The attack was a 1.7 terabytes per second reflection targeted at a U.S company.
To make it more understandable, ultra HD quality videos require 25 megabits per second for streaming. The fastest internet speed available is 2,000 Mbps by Xfinity Internet.
It takes 5 minutes to hack an IoT device.
The article added that, in the report, NETSCOUT also disclosed that on average an IoT device could be attacked easily within the first five minutes of connecting to the internet!
As mentioned above, with the IoT there is no escaping the internet, it has become the basis of many of our daily activities, be it your, smartwatch, car, home control system, smart TVs and much more.
Therefore, there’s no way you can completely disconnect from the internet and go back to the stone age.
Impacting business growth.
According to another article I read, cyber security is having a negative impact on mergers and acquisitions.
Cybersecurity issues are increasingly becoming a concern in mergers and acquisitions, a new survey shows, and lapses can jeopardize deals or haunt purchasers long after the deal is done.
The article added that of more than 2,700 information technology and business decision makers surveyed by Forescout Technologies Inc. in seven countries, 53% reported that their organization had encountered a critical cybersecurity issue or incident that put an M&A deal in jeopardy. And 65% of respondents said they had experienced buyers’ remorse because of cybersecurity concerns after closing a deal.
The article added that, the findings, show that taking the time to conduct cybersecurity evaluations is important before and during an acquisition, even if it means finalizing the deal gets delayed, Julie Cullivan, chief technology and people officer at Forescout told propertycasualty360.com. The company sells a security platform that allows companies to monitor and control access to their networks.
“Cybersecurity is a challenge for every organization, and risk factors are changing all the time,” Cullivan said. “It’s about making sure you put as much energy into it up front.”
Impact on M&A.
The article pointed out that recent acquisitions highlight the threat that cyber risks can pose to a company’s reputation and bottom line.
Verizon Communications Inc. acquired Yahoo’s Internet properties in 2017 at a $350 million discount after security breaches surfaced at the web company. And Marriott International Inc. inherited a massive security risk when it bought Starwood, including a breach that was disclosed just days after the deal was announced.
The article added that Yahoo and Starwood aren’t isolated incidents. Earlier this month, Asco Industries, which Spirit AeroSystems Holdings Inc. agreed to buy in May 2018, was hit by a large-scale ransomware attack. The attacked cause a “serious” disruption of Asco’s activities, and its sites in Belgium, Canada, Germany and the U.S. were stopped.
Spirit AeroSystems won EU approval for the deal in March, but the acquisition has yet to be completed.
Thorough cybersecurity assessments that include utilizing third-party audits can often help avoid these types of issues, Joe Cardamone, senior information security analyst and North America privacy officer for Haworth , a designer and manufacturer of office furnishing products in Holland, Michigan told Propertycasualty 360.
“It’s not an intangible risk. It’s a very tangible thing and true money that can be lost,” Cardamone, who has been involved in Haworth’s acquisition of at least six companies told Propertycasualty 360. “Treat it like you are buying a used car. I’d still want to look underneath the hood.”
Haworth, which is a Forescout customer, revamped its acquisition policy about five years ago to include information security.
Six reasons why.
We will end off the post with six reasons why cyber security is important for any business:
- Data security. Businesses collect all sorts of data in their day-to-day operations, from customer names and IDs to phone numbers and account details. You can’t afford to have this kind of information fall into just anyone’s hands. Further, some businesses need this data to function, so losing it would effectively kill the business;
- Reputational losses. Everybody who collects data is called a data controller and they must be concerned about how and why data is collected. To be operational and effective, they have to keep three elements in mind: confidentiality, integrity and availability. Any data breaches would, therefore, severely hurt their reputation;
- Loss of revenue. If a company gets hacked, its banking details could easily be compromised, which could lead to money being diverted into the hackers’ accounts. This could bring a business to its knees in no time;
- Scalability. A start-up is not intended to be a start-up forever, and the more it grows, the more the data it will hold and the higher the number of people it will deal with. These customers will have to be protected from attacks, which calls for more investment in technology and security systems. Attacks automatically expand as you scale up;
- Assurance to investors and consumers. Investors want to know that their money is safe, so they won’t invest in a company that can’t guarantee cyber security. Consumers will have to get assurance that the data and information they’re sharing is safe with you if they’re to continue using your product or service;
- Evolving trends in tech. Things never stay the same, especially in technology. To keep up, you need to upgrade and adapt to innovations like machine learning and artificial intelligence. And when it comes to cyber security, the secret to staying safe is ensuring you stay ahead of the curve so that you’re able to seal any security loopholes as soon as they appear.
“The fact that cyber crime is expected to be worth $300 billion in 2024 is quite scary. It shows that cyber criminals are working in syndicates and are technologically advanced. Companies need to take this seriously or suffer the consequences,” said Bradley Geldenhuys, Co-Founder and CEO of GTconsult.