In the last two decades, technology has undergone a paradigm shift. The new age technology has played the role of an enabler in improving the way business is performed. We all know that technology in all shape and size has its own set of advantages and challenges. On the one hand it enables businesses like health care, transportation, communication, education, entertainment, banking, etc that improves our living standards, and life expectancies of the end user; but on the other hand, it comes along with inherent challenges of cyber security. A compromised cyber security can cause major damage to business. It can affect the bottom line as well as your business’ standing and consumer trust.
According to one estimate, cyber crime damages are projected to exceed a staggering $6 trillion by 2021. It’s obvious that business – banks, tech companies, hospitals, government agencies are investing in cyber security infrastructure; but are they investing in the right product, resources, and strategy? Is their cyber security framework designed to protect their business practices and the millions of customers that trust them with their data? Do they understand that the impact of a security breach can be broadly divided into three categories: one, cyber-attacks often result in substantial financial loss arising mostly from the theft of corporate or financial information, loss of business or contract; two, cyber-attacks can damage your business’ reputation and erode the trust customers have for you; and three, data protection and privacy laws require you to manage the security of all personal data you hold.
Furthermore, many of the cyber security issues are a function of three key elements – one, rapid growth in Internet user – government, businesses, individuals and societies; two, new age applications and tools in use; three, how these new users are using these new set of tools and applications.
Cyber security breaches can devastate even the most resilient of businesses. It is extremely important to manage the risks accordingly. This task is not easy as cyber criminals have mastered the art of driving cyber-crimes such as frauds and thefts by manipulating technology-controlled devices to their advantage. These cyber criminals are not only using the best of the technologies, and cyber infrastructures but have also developed a well-oiled cyber crime network. This dark network of cyber criminals works together and offer services on contract. This new form of collaborative, and cloud-based cyber crime ecosystem is not easy to counter. It needs a holistic approach to solve the unseen, unexplored and yet to encounter the cyber security problem. It is important to understand that any piecemeal efforts to address cyber security issues including the Internet’s inherent flaws, identity and data veracity, vulnerabilities from the Internet of Things (IoT), and increasing digital fragmentation have failed in past and may fail again.
It is the need of the hour to create a cyber security ecosystem that includes the culture of cyber security, and most importantly awareness around cyber security. The cyber security breach is not always by design but most of the time it is caused by the basic human error. IBM suggests that 27% of data breaches are caused by human error. It only means that more than a quarter of cyber security breaches could have been easily prevented with better education. Though cyber security education is important and critical element to prevent cyber thefts, but a robust cyber security framework is the need of the hour as anyone can be a victim of the weak link in their cyber security framework.
We all know that one of the most powerful and influential political leaders of our times Hillary Clinton was a victim of email phishing attack during her 2015 presidential election. This cyber breach helped hackers’ access to about 60,000 emails from John Podesta, chairman of Hillary Clinton’s campaign, private Gmail account. The information leak from the John Podesta email created an environment of confusion and distrust. This email phishing attack can be attributed as one of the major reasons why Hillary Clinton lost the US Election to Donald Trump. This was not a failure of technology or system but a classic case of human error.
This growth in cyber-attack is largely attributed to poor awareness level of the end users, increased reliance on technology, compromised skillset of the cyber security workforce, underdeveloped cyber security architecture, compromised software hardware and telecom infrastructure. The sumtotal of all these adds to company’s vulnerability. Verizon conducted a year-long investigation into the leading causes of data breaches, publishing its findings in its 2018 Data Breach Investigations Report. As per the report following are the key source of cyber-attacks and their contribution: Physical actions (11%), Privilege misuse (12%), Social engineering (17%), Human error (17%), Malware (30%), and Criminal hacking (48%). The cause of data breach may not change over time but their contribution percentage may change.
The overall cyber security ecosystem and cyber crime ecosystem is evolving and both side of participants are working hard to win their respective games. Hackers will continue to be more sophisticated, using new methods and tools to gain access to private information. To defend against such cyber attacks, companies will need to use more effective security solutions with innovative approaches. For instance, companies will assess their cyber security as seen from the hacker’s point of view. The goal will be to not only increase cyber resilience internally within their specific company, but also across the company’s supply chain.