As more businesses adopt hybrid work models and undergo rapid digital transformation to cope with the Covid-19 challenges, it also exposed more cyber attacks to surface against the organisations and make them more vulnerable to the security breaches in 2022, industry experts warn.
It is no longer enough for organisations to assume they are safe by simply monitoring security tools and ensuring they are detecting malicious code, Harish Chib, vice president for Middle East and Africa at British security firm Sophos, told The National.
“Defenders must investigate alerts, even ones which in the past may have been insignificant, as these common intrusions have blossomed into the foothold necessary to take control of [the] entire networks," said Mr Chib.
Global cyber-crime costs are expected to surge by nearly 15 per cent on a yearly basis over the next four years to reach $10.5 trillion annually by 2025, up from $3tn in 2015, according to the California researcher Cybersecurity Ventures.
Cyber-crime costs include stealing and destruction of data, stolen money, lost productivity, theft of intellectual property, theft of personal and financial data, fraud, post-attack interruption to the normal course of business, investigation cost, retrieval and deletion of compromised data and systems. This is in addition to the reputational harm caused to the enterprises.
Continued investment in businesses’ “legacy mindset and traditional security set-ups” will not work, no matter how much budget is thrown their way, experts said.
“Organisations need to recognise that cyber resilience is not about preventing every attack, it’s about identifying and recovering from attacks before material damage is done,” said Ammar Enaya, regional director for Middle East, Turkey and North Africa at California-based company Vectra AI, which uses artificial intelligence to detect cyber attacks.
There is a wide gap between the cyber security and the businesses’ core operations, and the security is still not seen as a set of business processes that need to be improved, Sam Curry, chief security officer of Boston-based security firm Cybereason, told The National.
“Detecting and responding to a breach are not about just buying products that you think will solve your security vulnerabilities … they are about having the right people, doing the right things and continuously improving on a daily basis. This is true about stopping ransomware, stopping supply chain attacks and managing risk correctly,” Mr Curry said.
The global cyber security market size is forecast to grow to $345.4 billion by 2026, a jump of more than 58.5 per cent from $217.9bn this year, according to Statista.
Cyber security is the practice of protecting computer information systems, hardware, network and confidential data from cyber attacks. An increasing awareness of cyber threats led to a rising investment in cyber security infrastructure worldwide, industry experts said.
Regardless of how the cyber crime industry grows in the next few years, there are two primary attack vectors that make businesses more vulnerable to attacks, according to Morey Haber, chief security officer at US cyber security firm BeyondTrust.
“First, the lack of secure credential management including privileged credentials," Mr Haber said. "This includes insecure passwords, reused passwords, shared credentials and the continued use of single factor authentication.
“Second is the poor patch management based on identifiable vulnerabilities that can cause remote exploitation by a threat actor.”
Cyber crimes globally have risen amid a rise in remote working and a rapid digital increase owing to the Covid-19 pandemic, according to IBM.
The average global cost of a data breach rose about 10 per cent a year to $4.2 million over the past one year, it said. The US continued to top the list, with average costs of $9m, up from $8.6m a year ago, followed by Saudi Arabia and the UAE at $6.9m. Canada ($5.4m), Germany ($4.9m) and Japan ($4.7m) complete the list.
In May, cyber criminals targeted the US company Colonial Pipeline, which ships about 2.5 million barrels of oil each day across the country. It had to pay a ransom of about 75 Bitcoins to regain control of its systems. However, US investigators have said they recovered about 63.7 Bitcoins.
In August, T-Mobile US said cyber attackers breached its computer networks and stole personal details of more than 40 million past, current and prospective customers.
US tech giants Microsoft and Google have committed to invest $20bn and $10bn, respectively, to fight cyber crime over the next five years.
The two companies announced pledges after their chief executives met US President Joe Biden in August and discussed measures to strengthen the country's cyber ecosystem.
“One of the greatest challenges to securely implementing digital transformation is not having enough resources [budget and manpower]. For this reason, our first recommendation is to outsource this aspect to a third-party cyber security firm,” Abed Samhuri, lead at the UAE-based Axon Cyber Institute, told The National.
“Experience has shown repeatedly that technology cannot meet the expectation unless operated by a team of skilled security specialists. The human intelligence is an essential component of a successful cyber defence programme. Technology can be a good preventive measure … but whatever slips through the technology would need the human to analyse, examine and hunt for otherwise hidden intrusions,” said Mr Samhuri.
Axon Cyber Institute – a part of Axon Technologies – is a dedicated cyber security institute offering courses and workshops in all fields.