A few days back my father called and shared with me that for years Facebook was involved in a data breach. He updated, “This data breach compromised at least 50 million users’ personal data. This vulnerability had been exposed to Facebook in July 2017, but Facebook only became aware of it in September 2018 when they realized a spike in unusual activity.” He added, “In other words, Facebook was not ready to accept the vulnerability, or never acknowledge the seriousness of the vulnerability, or had no proper strategy to answer the vulnerability, or had no technology bandwidth the manage such vulnerability.” As I understand the cyber security landscape all I can say that Facebook could have arrested the attack if they were prepared to understand the vulnerability, if vulnerability testing had been conducted on a frequent basis. Having said this, it will be wrong to blame Facebook or any other organization that has been victim of cyber-attack.
It is known fact that governments, companies, or individual irrespective of their cyber security preparedness may end up becoming a victim of a cyber-attack at some point in their lifespan. The only good news is governments, companies, and individuals are aware of the cyber-attack challenges and are exploring the avenues to overcome it. We know that it is not an easy task for any government, organization or individual to win all the battle all the time, but it is important to be prepared.it is important to be prepared for the fight against the rising cybercrime. This task is not easy as technology is perpetually evolving.
In the last two decades, technology has undergone a paradigm shift. The new age technology has played the role of an enabler in improving the way business is performed. We all know that technology in all shape and size has its own set of benefits, and challenges. On the one hand it enables business like health care, transportation, communication, education, entertainment, banking, etc that improves our living standards, life expectancies of the end user; but on the other hand, it comes along with inherent challenges of cybersecurity. A compromised cybersecurity can cause major damage to business. It can affect bottom line, as well as your business’ standing and consumer trust.
According to one estimate, cybercrime damages projected to exceed a staggering $6 trillion by 2021. It’s quite obvious that business – banks, tech companies, hospitals, government agencies are investing in cybersecurity infrastructure; but are they investing in right product, resources, and strategy. Is their cyber security framework designed to protect their business practices and the millions of customers that trust them with their data? Do they understand that the impact of a security breach can be broadly divided into three categories: one, cyber-attacks often result in substantial financial loss arising mostly from theft of corporate or financial information, loss of business or contract; two, cyber-attacks can damage your business’ reputation and erode the trust customers have for you; and three, data protection and privacy laws require you manage the security of all personal data you hold. Furthermore, many of the cyber security issues are function of three key elements – one, rapid growth in Internet user – government, businesses, individuals and societies; two, new age applications and tools in use; three, how these new users are using these new set of tools and applications.
Cybersecurity breaches can devastate even the most resilient of businesses. It is extremely important to manage the risks accordingly. This task is not easy as cyber criminals have mastered the art of driving cyber-crimes such as frauds and thefts by manipulating technology-controlled devices for their ill intentions. These cyber criminals are not only using best of the technology, and cyber infrastructure but overtime they have also developed a well-oiled cybercrime network. This dark network of cyber criminals works together and offer services on contract. This new form of collaborative, and cloud based cyber crime ecosystem is not easy to counter. It needs a holistic approach to solve the unseen, unexplored and yet to be encounter cyber security problem. It is important to understand that any piecemeal efforts to address cybersecurity issues including the Internet’s inherent flaws, identity and data veracity, vulnerabilities from the Internet of Things (IoT), and increasing digital fragmentation have failed in past and may fail again.
It is important to create a cyber security ecosystem, culture of cyber security, and most importantly awareness around cyber security. The cyber security breach is not always by design but most of the time it is caused by the basic human error. IBM suggest that 27% of data breaches are caused by human error. It only means that more than a quarter of cyber security breaches could have been easily prevented with better education. Though cyber security education is important and critical element to prevent the cyber theft, but a robust cyber security framework is need of the hour as anyone can be victim of the weak link in their cyber security framework.
We all know that one of the most powerful and influential political leaders of our times Hillary Clinton was victim of email phishing attack during her 2015 presidential election. This cyber breach helped hackers’ access to about 60,000 emails from John Podesta, chairman of Hillary Clinton’s campaign, private Gmail account. The information leak from the John Podesta email created an environment of confusion and distrust. This email phishing attack can be attributed as one of the major reasons why Hillary Clinton lost the US Election to Donald Trump. This was not a failure of technology or system but a classic case of human error.
This growth in cyber-attack is largely attributed to increased reliance on technology, poor awareness level of the end users, compromised skillset of the cyber security workforce, underdeveloped cyber security architecture, compromised software hardware and telecom infrastructure. The sumtotal of all these adds to company’s vulnerability. Verizon conducted a year-long investigation into the leading causes of data breaches, publishing its findings in its 2018 Data Breach Investigations Report. As per the report following are the key source of cyber-attacks and their contribution: Physical actions (11%), Privilege misuse (12%), Social engineering (17%), Human error (17%), Malware (30%), and Criminal hacking (48%). The cause of data breach may not change over time but their contribution percentage may change.
The overall cyber security ecosystem and cybercrime ecosystem is evolving and both side of participants are working hard to win their respective games. Hackers will continue to be more sophisticated, using new methods and tools to gain access to private information. Hackers will also take advantage of the fact that companies increasingly rely on their supply chains and will target popular third-party tools, suppliers and companies as a way to breach as many targets as possible. To defend against such cyberattacks, companies will need to use more effective security solutions with innovative approaches. For instance, companies will assess their cybersecurity as seen from the hacker’s point of view. The goal will be to not only increase cyber resilience internally within their specific company, but also across the company’s supply chain.