Why a proactive defense is crucial to overcoming the imbalance in cybersecurity
Thu 13 Oct 2016
Robert Herjavec, founder and CEO of global cybersecurity firm Herjavec Group, looks at what can be done to prevent black hat hackers outsmarting cybersecurity defences…
Cybercrime continues to impact businesses of all sizes – including corporate enterprise. Our recently published 2016 Cybercrime Report, produced with Cybersecurity Ventures, highlighted that global annual cybercrime costs will grow from $3 trillion in 2015 to $6 trillion by 2021. This includes damage and destruction of data, stolen money, loss of productivity, theft of intellectual property, theft of personal and financial data, embezzlement, fraud, post-attack business disruption, forensic investigation, restoration and deletion of hacked data and systems, and reputational harm.
It’s an astonishing figure, but when you consider that spending on cybersecurity products and services is projected to grow to $1 trillion over the next five years, it continues to show us that there is an imbalance. Our industry is being outpaced by black hat hackers. Regardless of their motivation (notoriety, political or financial gain etc.), black hats are leaving us in a constant state of catch-up.
So long as there is a way for cybercriminals to get paid, with limited risk, attacks will certainly continue.
Bitcoin and other cryptocurrencies are also making it far simpler for cybercriminals to demand and receive payments. We’ve seen this correlate to the number of cybercrime incidents globally. The trick is with this medium there isn’t an attached fear of consequence, and as long as cybercriminals don’t have fear, they’ll continue to hack.
There is no effective law enforcement for financial cybercrime today. So long as there is a way for cybercriminals to get paid, with limited risk, attacks will certainly continue. The challenge remains that large enterprises aren’t nearly as agile as their attackers.
Taking a proactive defense
To remedy this, we must continue to emphasize a proactive defense. In the midst of this cyber war, businesses need multiple layers of security, including 24/7 managed security services, a trusted security advisor and solid employee training programs to help them navigate the battlefield.
Yes, managing staff is a challenge but it all comes down to the right training and constant reinforcement, because humans really are the weakest link for an organization. It’s each company’s responsibility to train all of their teams, and not just security and technical personnel – to know what a cybersecurity attack looks like.
How do you identify a phishing scheme? What do you need to consider before you open an attachment? Why should you never email your passwords or give them to someone who is cold calling you saying they are from Internal IT? It seems simple, but these basic errors can be catastrophic for an enterprise.
This need for proactive training and cybersecurity strategies will only heighten as cyber warfare crosses from the digital world into our physical realm. If the necessary steps are not taken, there is a very real potential that cybercrime could lead to the loss of human life.
A breach of our power grids, of our dams, or of air traffic control mechanisms, could have disastrous effects that are felt far beyond the financial and reputational impacts of a corporate attack. We’ve seen power grids attacked overseas and we question how our North American infrastructure would respond to such an attack. We can’t wonder. We have to be prepared.
Securing the professional pipeline
Preparation inevitably requires talent. I believe it was at the last RSA Conference that I heard this statement – there is 0% unemployment in our industry. Think about that. We have so many talented analysts, engineers, architects etc., but we need more. We have to do a better job of encouraging youth to pursue careers in technology and help them develop true skills out of college and university.
The 2016 Cybercrime Report highlights a severe cybersecurity workforce shortage, with one million cybersecurity jobs currently open. That number is expected to reach 1.5 million by 2019. We need to recruit early and continue to grow the pipeline of security professionals to be able to keep up the pace with and even get ahead of the black hats.