Despite gains, cybersecurity remains critical.
By Michael Scheibach, Contributing Editor
Some 12 billion records are expected to be compromised globally by cybercriminals this year. That’s a pretty incredible number. Now try this: In 2023, just five years away, more than 33 billion records will be stolen — an increase of 175 percent. As if that’s not bad enough, more than 50 percent of data breaches in 2023 will occur in the United States. The reason? Consumer and corporate data are maintained by a wide range of institutions with disparate safeguards and regulations, making it easier for cybercriminals to exploit systemic weaknesses. So says Juniper Research in its new report, “The Future of Cybercrime & Security.”
Adding to these findings is Cybersecurity Ventures, a cyber-intelligence firm that predicts that cybercrime will cost $6 trillion globally by 2021. According to the firm, much of this cost will be the cyber-protection of 300 billion passwords that will exist despite the promises of biometrics. Plus, each year some 100 billion lines of new software code introduce untold vulnerabilities that can be exploited by cybercriminals.
Compounding the issue even more is the evolution of cybercrime attacks. According to Juniper Research, four critical trends are raising the stakes in the battle against cybercrime:
- Peak ransomware — Ransomware is evolving from requesting money to restore data to monetized device capture that does not require the actions of an end user.
- Malvertising — This relatively new threat uses fake advertising companies to host malware-ridden ads. These ads contain an array of forced redirects that then deploy the actual malware. Malvertising can also function as a vector for the deployment of cryptojacking malware.
- Fileless and userless malware — This form of malware refers to attacks aimed at PowerShell, WMI (Windows Management Instrumentation), WCE (Windows Credentials Editor) and GPO (Group Policy Objects). Says Juniper Research: “These tools are generally used to manage networks, so their interaction with endpoints is expected. It is also generally not done at the initiation of the endpoint user either, as they perform scheduled maintenance.”
With the future rather daunting when it comes to protecting against data breaches, financial institutions have a real challenge. “Economic Impact of Cybercrime: No Slowing Down,” a report issued by the security software company McAfee, points out that banks remain the favorite target of skilled cybercriminals, adding the obvious: “Cybercrime imposes a heavy cost on financial institutions as they struggle to combat fraud and outright theft.”
As these various reports confirm, banks must continue to fight back against cybercriminals, but the fight will continually require more resources and more effective measures. Although many banks may already be following these procedures, Reuven Harrison, CTO and co-founder of security company Tufin (www.tufin.com), recommends three steps for banks to take.
First, banks need to respond as if their network has already been breached. “When done correctly,” Harrison says, “network segmentation, achieved through the creation of network zones, limits the ability for a hacker to move laterally across a compromised network.” Next, banks must implement an enterprise-wide security policy. And finally, banks must enforce their security policy. Banks need to constantly monitor their networks for changes to configurations and ensure that these changes are approved and compliant with policy.
“Going beyond the basics,” Harrison says, “empowers employees with knowledge about the latest threats and common tricks used by cybercriminals. If employees have some knowledge of the threat landscape, combined with a firm grasp on best practices, there will be greater adoption of those best practices.”