Ntirety CEO Emil Sayegh gives insights into the trends, myths and threats of the cybersecurity landscape.
Over the years, leaders, pundits, and analysts have all predicted that healthcare, financial, educational institutions, and even governments will face a sustained challenge from cyber-threats. According to a recent Gartner’s Emerging Risks Monitor Report, the threat of “new ransomware models” was the top concern facing executives. That is the new reality of the world we live in today – threats, schemes, identity stealing, ransomware, and more. Over the years, IT leaders have sporadically strived to overcome and mitigate these threats – some with a range of timid successes and some dismal public failures. Unfortunately for all, the threats are about to get much worse.
Unfolding Series of Cyber Events
A marked surge in cybercrime occurred about two years ago at the onset of the pandemic. Opportunists seized on the shift of office work to remote environments. From human exploitation to technical mischief, an emerging surge of attacks followed during the extremely challenging times of the COVID-19 pandemic. That surge has not let up since.
Further, when the Russia-Ukraine conflict emerged on the world scene, the open fact was that cyber warfare would immediately accompany the kinetic war efforts. Global economic sanctions started to roll in and reports from the cybersecurity sphere showed that both sides engaged in heightened cyberwarfare activities. In the buildup to the conflict, we witnessed an 800% increase in cyber activity driven by the Russia-Ukraine conflict. Both targeted and global, the sources of these activities have been traced back to sources organized by respective governments and third-party groups.
Now, global economic challenges are all around us, threatening to get worse, creating a broad impact on our economies, and us individually. One of the elements that does not get enough headlines is the secret world of cybercriminal activity. For many, the motivation for cybercrime follows logic – there are undeniable economic incentives. However, what they may not realize is that there is a clear existential motivator that drives everyday, seemingly normal people, to resort to cybercrime when faced with economic challenges.
Industry Response
A further sign of a bleak future, organizations continue to struggle to fill vacant cybersecurity roles – a pattern that has been in place for several years. Finding, training, and retaining needed talent has been a massive mission in the face of the “Great Resignation” of 2021. Companies have responded as best they can, but the dire hiring circumstances continue. To mute the underlying shortage, one of the silver linings has been the introduction of more automated tools into the respective security stacks that leverage artificial intelligence (AI) and machine learning (ML).
To understand the dangers further, we must also consider the alarming element of cloud adoption and growth that invariably comes before the availability of proper security, privacy, and compliance controls. Despite best efforts and under the pressures of escalating cyber threats, this misstep happens throughout the industry. It is under these circumstances that organizations find themselves with blind spots in their applications and infrastructure, with more questions than answers when it comes to overall security posture.
Others have turned to cyber insurance to cure their woes. This is understandable and, in many ways, necessary in the face of significant threats such as ransomware, phishing, and financially impacting cyber events. However, the cyber insurance industry has also rapidly changed for a variety of reasons. A recent trend of massive ransom reimbursements along with a clear and rising threat index has forced insurers to implement much-increased premiums, as well as higher requirements of security measures to their clients as a pre-requisite of insurability.
It is not unheard of for cybersecurity claims to take months to settle and even then, only after extended legal interventions have taken place. In other words, reliance on cyber insurance in place of true cybersecurity measures is a recipe for disaster. With a focus on compliance, claims, and overall premiums, cyber insurance policies are getting canceled in droves, and premiums are getting hiked (just like everything else).
Today, risky strategies and responses abound because of the complexity of modern cybersecurity, an over-reliance on cyber insurance, and other more human factors such as staffing, analyst burnout, attrition, and insider threats.
Existential Threats
The U.S. National Cyber Security Alliance found that 60 percent of small companies are unable to sustain their businesses over six months after a cyber-attack. Think about all of this. It shouldn’t be a surprise and perhaps it needs the light of inevitable truth. Some companies are going to die – due to cyber threats. For some, the threats are too great, the risks are beyond what they can reasonably assume, and compounded with financial pressures from a receding economy, some companies like Code Spaces, Telefonica, FlexiSpy, Medstar Health, and Lincoln College will face their final breaking point and shut down. With more freelance cybercrime ahead, the signal, and the noise are trending toward new chaos.
The fortunate few will have maintained integrity thanks to sound security partner strategies, supported by technologies that deliver the sort of cybersecurity posture that is required in the business environment. Most organizations cannot build the type of dedicated, around-the-clock security operations that can manage and ensure all the tenets of a cybersecurity program. Fiscal challenges, time-to-market, and the cybersecurity talent gap are significant obstacles to doing so.
By mitigating risks and building a stronger posture, the role of the cybersecurity and compliance partner is essential to business health. With a litany of emerging threat conditions and rapid evolution of threat technologies at the gates, comprehensive security offers the path through this upcoming wave of challenges, detecting threats, orchestrating response, and assuring that operations above all else are maintained.
This article was originally published in Forbes, please follow me on LinkedIn.