As cyber crime is rapidly rising, one thing is clear that cyber security isn’t just an issue for the technology industry, but also affecting many other industries like hospitals, insurance, education and other. Cyber crime is costing big brands like Samsung, JP Morgan and Vodafone millions of pounds and affecting millions of customers in the process.
With access to huge amounts of sensitive and valuable data from multiple users, it’s becoming tougher to maintain secure transmission of it. Now it is necessary to rethink about the security strategies and planning that can address the new trends, technology and global need of secure cyber world.
Why Rethink About Security:
Let’s have a look to previous year 2016, in which we spent over $75B on cyber security to prevent unauthorized access of our important assets. But, surprisingly, breaches continued to grow intensely. Almost two-thirds of enterprises were breached on average of five times in the past two years.
The technology of the past that include firewalls, virtual private networks (VPNs), and antivirus software from various well known vendors like Cisco, Symantec, Check Point, and others are seems to be ineffective to protect against evolving cybercrimes. Statistics show that how absurdly they are failing to safe guard the intellectual assets of organizations. Nearly six billion data records were lost or stolen in the past few years, that’s an average of over 165,000 records compromised every hour.
Recent research shows that the costs of damage related to global cybercrime are expected to exceed $6 trillion annually by 2021. So, in order to defend our critical assets and reduce the risk of breaches, we must rethink how we approach security and we need to do it now.
There are many other significant factors that made us to rethink about our security strategies and posture. However, the rapid innovations in technology are weakening our security countermeasures that are meant to be revised in a timely manner. This negligence is playing an important role in various aspects:
The continuous addition of new technologies, platforms, applications, and practices, advanced the collapse of the legacy enterprise perimeter, resulted in a complex digital pool of identities, and primarily altered the way we access and interact with data.
Cyber criminals target to steal identities, from all types of users; from employees and partners, to privilege users and vendors. These identities are easier to steal than ever before and traditional security measures like passwords prove no match for these attacks.
Passwords are no safer:
According to a research, it shows that around 2/3 of all recently confirmed data breaches involved weak, default, or stolen passwords. Moreover, the hacker uses social engineering to target and manipulate individuals into disclosing sensitive information by impersonating a trustworthy source.
The two most effective subsets of social engineering attacks; phishing and spear phishing, trick individual employees and enterprises into clicking on malicious links and disclosing sensitive information. Alone in the first quarter of 2016, there were an estimated 6.3 million phishing emails and 93% of all phishing emails contained ransomware.
In addition to these methods, hackers also purchase credentials from the Dark Web, or try to reach motivated insider to willingly share access credentials.
Companies go into dark:
Previously, it has been witnessed that a huge number of the recognized companies experienced major outages after the DNS provider “Dyn” experienced a severe and extended DDoS attack. Furthermore, Millions of IoT devices with unchanged default passwords were hijacked to generate the so-called Mirai botnet. Many well-known companies like Netflix, Spotify, Twitter, Slack, Etsy, and many other websites were taken offline for hours, and even days. Even after months of the attack, Mirai was still alive and evolving.
No consumer is safe:
Many consumers feel safe when they are associated with a well-known organization that is in business for so long, but a single breach can demolish whole trust and market worth. In 2016, Yahoo revealed that they have lost account information of over one billion consumers that include names, email addresses, and encrypted passwords in a data breach that occurred in 2013.
The perimeter-based approach:
Cyber criminals are breaching systems with direct access via a compromised credential. The perimeter-based approach that focuses on protecting endpoints, firewalls and networks totally ignores the vulnerability of identities and passwords.
The new dimension security should be safeguarding the millions of scattered connections in and out of your enterprise. Protect identities as they access applications, devices, and infrastructure—both on-premises and in the cloud.
As Cyber threats are constantly getting more targeted and sophisticated, and static security methods of the past simply can’t keep up. So, the necessity to come up and implement the next generation of security is rising and should be addressed soon to prevent major loss and safeguard next generation technologies like cloud systems, IoT and mobile devices. Cyber security awareness and education are the necessities of the core planning; education is the only way to stop the organized and sophisticated cybercrimes.