Dreamstime L 118836607

Is Your Organization Prepared for a Cybersecurity Breach?

April 11, 2022
The bad actors aren’t going away. Here’s why your company’s digital strategy must be backed by a robust and unified cybersecurity approach.

Download this article in PDF format.

The practice of protecting systems, networks and programs from digital attacks, cybersecurity has long been a concern for governments, organizations and individuals—all of which can at any point find themselves prone to potential threats.

According to Cisco, these cyberattacks are usually aimed at accessing, changing or destroying sensitive information; extorting money from users; or interrupting normal business processes.

“Implementing effective cybersecurity measures is particularly challenging today because there are more devices than people, and attackers are becoming more innovative,” the company points out.

High-Profile Cases

A number of very high profile cybercrimes that have taken place since the pandemic emerged have pushed companies to rethink how they approach and manage cybersecurity. In 2021 alone, Microsoft, Facebook, Colonial Pipeline, JBS and Kaseya were all in some way impacted by “bad actors” attempting to infiltrate their systems for one reason or another.

According to TechRepublic, the number of encrypted threats spiked by 167% (to 10.4 million attacks) in 2021; ransomware rose by 105% to 623.3 million attacks; cryptojacking (i.e., the unauthorized use of people’s devices [computers, smartphones, tablets or even servers] by cybercriminals to mine for cryptocurrency) rose by 19% (97.1 million attacks); intrusion attempts rose by 11% (5.3 trillion attacks); and Internet of Things (IoT) malware rose by 6% to 60.1 million attacks.

These attacks are expensive for the victimized companies and/or individuals. According to IBM, the average cost of a data breach rose to $4.24 million in 2021, up from $3.86 million the previous year. “Attacks on networks rose to a fever pitch in 2021,” SonicWall’s Dmitriy Ayrapetov told TechRepublic. “Ransomware, cryptojacking, vulnerability exploitation, phishing and other attacks continue to plague organizations around the world and overwhelm security teams.”

The problems have continued in 2022 and even exacerbated as a result of global issues like the Russia-Ukraine crisis. “Cybercrime has become a big business—professionalized, specialized and increasingly personalized,” the Washington Post reports. “Sophisticated criminal networks are taking their cues from intelligence services and militaries, and certain governments are looking the other way while criminals attack companies from afar.”

Key Trends to Watch

According to a new Gartner report on the top security and risk management trends for 2022, organizations worldwide are facing sophisticated ransomware attacks on the digital supply chain and deeply embedded vulnerabilities. The pandemic accelerated hybrid work and the shift to the cloud, it says, challenging CISOs to secure an increasingly distributed enterprise—all while dealing with a shortage of skilled security staff.” Here are some of the top trends that Gartner highlights in its report: 

  • Increased exposure means higher risks. Risks associated with the use of cyber-physical systems and IoT, open-source code, cloud applications, complex digital supply chains, social media and more have brought organizations’ exposed surfaces outside of a set of controllable assets. 
  • There’s more than one way to attack a supply chain. Cybercriminals have discovered that attacks on the digital supply chain can provide a high return on investment. As vulnerabilities such as Log4j spread through the supply chain, more threats are expected to emerge. In fact, Gartner predicts that by 2025, 45% of organizations worldwide will have experienced attacks on their software supply chains—a three-fold increase from 2021.
  • Human error continues to be a factor in many data breaches. This proves that many of the “traditional” approaches to security awareness training are ineffective. “Progressive organizations are investing in holistic security behavior and culture programs (SBCPs), rather than outdated compliance-centric security awareness campaigns,” Gartner says. “An SBCP focuses on fostering new ways of thinking and embedding new behavior with the intent to provoke more secure ways of working across the organization.”

Uncle Sam Steps in

In a March briefing, the White House urged Americans to “act now to protect against potential cyberattacks,” and told companies to mandate the use of multifactor authentication on their systems to make it harder for attackers to get onto those systems. The White House also tells companies to use modern security tools on computers and devices that can continuously look for and mitigate threats; back up data and use offline backups that are beyond the reach of malicious actors; and run emergency plans to ensure fast response times, should something happen.

By making these and other recommendations, the White House hopes to raise awareness of companies’ responsibilities when it comes to identifying and thwarting cybercrime. “The US government will continue our efforts to provide resources and tools to the private sector, including via CISA’s Shields-Up campaign and we will do everything in our power to defend the nation and respond to cyberattacks,” it says.

“But the reality is that much of the nation’s critical infrastructure is owned and operated by the private sector and the private sector must act to protect the critical services on which all Americans rely.”

Voice your opinion!

To join the conversation, and become an exclusive member of Supply Chain Connect, create an account today!

About the Author

Bridget McCrea | Contributing Writer | Supply Chain Connect

Bridget McCrea is a freelance writer who covers business and technology for various publications.