Two trends in particular are driving the new evolution of cyber security for businesses.
First, the increasing digitalization of processes and businesses is happening at a breakneck pace. A cyber-security incident isn’t just something that causes extra hours in a company’s IT department. IT powers business engines along the whole value chain, and a single incident can bring operations to a dead stop, and even threaten the existence of a company
Secondly, the threats are growing, both in number and sophistication. 2014 was the 8th year in a row that the amount of detected malware doubled, resulting in an average of 81 attacks per minute. The number of malware is expected to have doubled again in 2015 when the reports are available. At the same time, recent years have seen malware reach a new level of sophistication. One of the reasons this is happening is due to the emergence of nation states as cyber attackers.
They put tremendous resources into finding and exploiting weaknesses in the cyber defenses of both individuals and corporations. The development of the Duqu 2.0 malware that was used to compromise a security vendor (in addition to other targets) is estimated to have cost up to 10 million dollars.
And because criminals often repurpose exploits from nation-state attacks, businesses need to consider how this trend increases the overall sophistication of online threats. Considering that cyber incidents are costly, and that the threats are more numerous and sophisticated than ever before, it’s clear that cyber security needs more attention than annually renewing an endpoint security solution. Cyber security needs to be on every company’s agenda.
Always remember the four basics;
- PREDICT: Know your risks, understand your attack surface, and identify weak spots.
- PREVENT: Minimize attack surface and harden it, hence reduce risk of incidents.
- DETECT: Recognize incidents and threats, isolate and contain them.
- RESPOND: React to breaches, mitigate the damage, analyze, learn and implement.
Ref: Jens Thonke2016