As the number of cyberattacks continues to rise across the globe, many are warning that the worst is yet to come. Earlier this year, the World Economic Forum released a report that showed 93% of cybersecurity experts and 86% of business leaders believe global geopolitical instability will likely lead to a catastrophic cyberattack within the next two years. Find out how to extract data from existing tools to identify and resolve vulnerabilities before cybercriminals can exploit them.
The Rising Cost of Cybercrime
The cost of cybercrime includes lost productivity, customers, and share price as well as regulatory and legal fines – and it’s climbing rapidly. Statista forecasts the global cost will rise by $5.7 trillion between 2023 and 2028 to $13.82. That’s an eyewatering increase of 69.94%! The cyberattack data breach list is one that every company wants to stay off, but the growing reliance on digital technologies makes this harder to do.
Here are just a few examples of prominent incidents over the past few years and the impact they had on the companies that experienced them:
- Capital One agreed to pay $190 million to settle a class action lawsuit following a breach, which compromised roughly 140,000 Social Security numbers and 80,000 account numbers linked to credit card customers. The company paid an $80 million penalty to the Office of the Controller of the Currency for ‘failure to establish effective risk assessment processes prior to migrating significant information technology operations to the public cloud environment’ and for failing to fix deficiencies quickly.
- The Marriott Hotels chain was fined £18.4 million by the UK’s data privacy watchdog for a data breach that may have affected up to 339 million guests. The breach occurred because a cyber attacker was able to roam the company’s system for years following an attack on the Starwood Hotels group in 2014. The Starwood Hotels group was acquired by Marriot two years later, but it wasn’t until 2018 that the problem was noticed.
- Alibaba saw shares plunge following a data breach. With no password protection on a dashboard managing a database of customers, hackers obtained the personal information of more than 1 billion people in China.
- The data belonging to around 60,000 organizations was compromised following a deluge of cyberattacks over two months which exploited zero-day vulnerabilities on Microsoft Exchange servers. Microsoft issued a security patch when cyber attackers stepped up activities to exploit servers that hadn’t received the patch.
- Equifax paid at least $575 million after it failed to fix a critical vulnerability months after a patch had been released and as a result, lost the personal and financial information of almost 150 million people.
- Target paid an $18.5 million settlement for the data breach of the financial records relating to millions of customers – the attackers gained access to these financial systems through a third-party HVAC system.
- 16,000 Cisco Team accounts were shut down for up to two weeks, costing the company around $1.4 million in employee time and over $1 million in customer refunds, when the company failed to remove access permissions of an ex-employee who accessed Cisco’s AWS-hosted system and deleted virtual machines.
Download the ReadyWorks Cyber Security Threat Assessment Solution Brief!DOWNLOAD THE SOLUTION BRIEF
Enterprise Cybersecurity is Growing in Complexity
While enterprises see opportunities in using technologies such as AI to enhance the way they work with customers, optimize supply chains, and bolster cybersecurity, cybercriminals are also taking advantage. They are using increasingly sophisticated social engineering techniques to aid their attacks, such as the one used to infiltrate MGM’s system this year.
Gartner suggests that by 2028, enterprise spend on battling the threat of GenAI will surpass $30 billion, which equates to around 10% of marketing and cybersecurity budgets. Because of the misinformation spread through GenAI , Gartner predicts that by 2027, 45% of Chief Information Security Officers (CISOs) remits will expand beyond cybersecurity. However as a new TechTarget report reveals, 66% of respondents believe that working as a cybersecurity professional has become more difficult over the past two years, raising concerns about their ability to manage the increased responsibility of their role.
81% of respondents to the TechTarget report cite increasing cybersecurity complexity and workload as the reasons their roles are becoming more difficult, with 59% pointing to an expanding attack surface being the reason for the increase in attacks. 71% of organizations said they’d been impacted by the cybersecurity skills shortage along with burnout and stress; 50% of security professionals said they would likely leave their current role.
The changing regulatory landscape was another reason cited for the growing complexity of cybersecurity. And it’s no surprise as some of the biggest cybersecurity-related fines have been handed out because of regulatory violations. Chinese company Didi Global, for example, was fined the equivalent of $1.2 billion for violating data security regulations. Amazon was fined the equivalent of $887 million for violating the EU’s GDPR rules on how to process personal data.
Showing Value over time
The TechTarget report says that CISOs must lead the charge, demonstrating clear leadership and communication skills and working with IT and other teams to devise a strategy that will allow the enterprise to counteract growing threats while bridging the skills gap. One way CIOs suggest looking at security spend is to align it with business goals and show how methods employed reduce costs over time. But there is a way to show how teams are maximizing the value of existing tool investments and using them to win the cybersecurity fight.
Traditionally this has been hard to do – teams have invested time and money in vendor and internally-developed solutions for monitoring, discovery, and more, as well as looking at their systems of record. But because these tools don’t interact, blind spots are created, which can only be removed via manual processes and a mountain of spreadsheets. The time it takes to manage all this means vulnerabilities can go undetected and cyber criminals have time to attack.
Identify and Remove Vulnerabilities Quickly
There is a way to stay off the cyber attacks hit list, and that’s to use a digital platform conductor (DPC). A DPC connects to all your relevant point solutions, systems of record, and other data repositories and tools to identify potential security issues – e.g., unpatched software, unprotected systems, incorrect or outdated security permissions – and resolve them quickly by leveraging automated workflows across your toolset.
ReadyWorks is a DPC Find out how ReadyWorks rapidly integrates enterprise systems, aggregates data to identify vulnerabilities, and automates responses to mitigate these vulnerabilities. Stay off the cyber security data breach list with ReadyWorks.
Book a demo today.