Lately, it seems that every time we turn around, there’s a cyber-assault, potentially more dangerous and more devious than the last. There’s the real threats and attacks like WannaCry. And there’s the apparently fabricated news you see on television and in theaters. We appear to be surrounded by virtually any sort of potential cybercrime. But we shouldn’t have to accept this as normal.
On top of this very active threat climate, organizations are drowning in the complexity of dozens of “best-of-breed” security solutions that get pulled together in an effort to build a proper defense solution. On top of this, organizations face a flood of alerts on many different consoles, and need to try and keep numerous security policies up-to-date. Did you know that most policies are written once and rarely updated? These go mostly unnoticed until there’s a security incident and the root cause analysis points to an ancient policy that was left unattended.
The idea of a lone hacker maliciously tapping away in a dark room is an antiquated one. The business of cybercrime is now a multibillion-dollar enterprise with highly organized entities looking to exploit vulnerabilities and scam businesses and consumers in our increasingly networked world. According to a Juniper commissioned report from the RAND Corporation:
The cyber black market has evolved from a varied landscape of discrete, ad hoc individuals into a network of highly organized groups, often connected with traditional crime groups (e.g., drug cartels, mafias, terrorist cells) and nation-states. It does not differ much from a traditional market or other typical criminal enterprises; participants communicate through various channels, place their orders, and get products.
Today, attackers are much more efficient in their efforts than ever before, driven by the ability to work with others in the criminal underground. Left unchecked, I worry that the ability to defend against these organizations will be more challenging.
Cyber threats today are evolving, becoming more sophisticated and making it critical for organizations to educate, implement and encourage employees to follow cyber best practices. In a recent RAND Corporation report, sponsored by Juniper Networks, it was projected that the cost to businesses in managing cybersecurity risk is set to increase 38 percent over the next 10 years.
As our world has become ever more connected, we’ve all learned common online safety tips. It’s now second nature to use strong passwords and antivirus software; take care when connecting to public Wi-Fi; and remain alert to social engineering scams (e.g., phishing).