With each passing year, the number of attempted data breaches and the damages of successful cyber attacks continue to rise. It’s no secret that hackers are more adroit at stealing in the virtual world than ever, and that new threat vectors are constantly being identified and exploited. Staying ahead of the competition is becoming a daunting task, but one that has never been more important.
In particular, 2015 was a fantastic year for cyber criminals. The Identity Theft Resource Center tallied a total of 750 data breached in 2015 and nearly 180,000,000 exposed records. These numbers do not factor in the many billions of threats that have been neutralized.
By any measure, these statistics are alarming to say the least. Worse yet, there appears to be no reprieve in sight. The breaches of today are merely an overture for what comes tomorrow.
Cyber crime breeds more cyber crime
In November 2015, Trend Micro released a study that assessed many of the notable cyber threats faced by organizations large and small, public and private. The list was long, and entailed everything from mobile device exploits to zero-day attacks, to vulnerabilities resulting from patching issues, cyber espionage, PoS malware and so much more. The most frightening elements of the report is the important insight that cyber threats are never one-and-done ploys. Each threat can be augmented or altered to become something new entirely. Cyber warfare is not a boxing match with a finite amount of rounds; it’s a never-ending game of chess.
For example, in which one cyber attack leads to another, according to Trend Micro, is classic data-breach dump, in which stolen data is dumped online for all to see. This information can subsequently be used for purposes of extortion, or to execute further data breaches. This is exactly what happened in 2015, when the Hacking Team was hacked and 400 GB of dumped information prompted the uncovering of multiple zero-day threats and mobile OS spying tools, which were then used to execute attacks in Asia.
One of the more egregious examples of a meta-cyber attack occurs when a hacker poses as an organization and falsely informs customers that they have been breached. They may request that the person share certain sensitive information for verification purposes and voila: If the contacted individual hadn’t been affected by the actual breach, he or she may well become the victim of a meta-breach. This occurred in the wake of the OPM breach that affected more than 21 million people. The Federal Trade Commission recently released a warning about false breach notification letters and provided best practices for determining the authenticity of such letters. Given the regularity with which breaches occur, this tactic can work surprisingly well. All hackers have to do is read the news and insert themselves into an already messy situation.
A lack of awareness makes matters worse
As if the fact that cyber attacks upon cyber attacks are barraging organizations and individuals alike, studies have shown that many businesses and personal users may be unprepared to sustain the coming onslaught. One of the main sources for this lack of preparedness is a severe cyber security talent gap.
According to Forbes, there are approximately 200,000 cyber security job vacancies, and they need to be filled fast. The question is, by who? A study conducted by Raytheon and the National Cyber Security Alliance has revealed that more than half of all millennials are oblivious to a career path in cyber security. The majority (61 percent) also said that they don’t actually know what being a cyber security specialist entails. This is a serious problem given that millennials are the most prolific users of information and communication technology, and considering that the rate at which cyber threats are compounding. Cyber security experts are more important than ever before and yet, there is a significant shortage of them.
While it’s all too easy to place the blame on millennials, a lack of strong cybersecurity education is the real culprit. Sixty-two percent of survey respondents said they had not been made aware of cyber security as a career prior to entering college or the workforce. This problem will only worsen with time, as threat protection becomes more complicated and threat vectors continued to multiply – unless of course, cyber security education improves.
A light at the end of the tunnel?
Organizations have long way to go before achieving the level of protection mandated by the current threat landscape. However, a recent study by PwC reveals that business leaders are slowly but surely getting closer to creating a secure environment for employee and customer data. The survey revealed that the number of cyber-security incidents increased by 38 percent since 2014 and that theft of intellectual property rose. However, spending on threat protection rose by 24 percent from 2014 and 54 percent of organizations now have a chief information security officer in charge of security.
These statistics can hardly be called “good news” given the immensity of the cyber-threat storm hovering over the horizon. But it is a silver lining, especially if business leaders continue on a path to improved cyber security.