It seems like every week we hear of another significant cybersecurity breach somewhere in the country. Everyone from corporations to public utilities and even retail banking customers are constantly targeted. Costs of these attacks routinely run into the billions of dollars year after year.
As bad as the problem is, it has been getting significantly worse and is expected to continue to get worse in the near future. Cybersecurity professionals are already in high demand, and the demand is likely to grow by over 50% in the next four years.
Cybercrime is Costly
One reason why the cybersecurity industry is growing so rapidly is that the costs associated with a cyber attack are so high, and the likelihood of a successful attack if a company cuts corners on cybersecurity spending are also so high that they simply cannot be ignored.
Cybercrime is increasing because criminals can easily make money and rarely get caught. According to the McAfee Group all of these security breaches lead to monetary costs of almost one trillion per year, or 1% of global gross domestic product (GDP).
There are numerous nonmonetary costs as well, such as the opportunity costs when a service cannot be rendered or a product manufactured or delivered when a system is down due to an attack. Businesses also run much less efficiently when systems are down and employees cannot communicate effectively or run their daily operations.
Perhaps the most significant non monetary cost is the damage that cyber attacks cause to the brand’s reputation and loss of trust. A recent Mckinsey Study found that 87% of consumers would cease to do business with an organization that was perceived to have an outdated cybersecurity system where an attack was likely to occur. Institutions simply cannot afford to be without robust, and expensive, cybersecurity systems and professionals.
Cybercriminals Have so Many Points of Entry
Automation and the Internet of Things (IoT) have given cyber criminals a myriad of opportunities to exploit vulnerabilities in an institution’s systems. Every device on the IoT has code that can be exploited by hackers.
Take a home security system for example. In the past, a hacker may only have had one way to breach the system, hacking into the main point of control. Now with the Internet of Things, every door, window, light switch, and even the thermostat is controlled by its own sensor.
In addition, every household member will have the security system’s app installed on their smartphone. Each one of these devices is an opportunity to gain entry into the system, and a hacker needs to only find one point of entry to gain control of the whole system.
Automation is another opportunity for cybercriminals to exploit a system. A business’s marketing team may have several services bundled together and all communicating with each other automatically. For example, a company’s blog may be integrated with its social media accounts to automatically post or tweet out recent blog entries. A hacker needs to only successfully get into one account to potentially gain access to them all. Businesses need to constantly be upgrading their cybersecurity protocols as automation increases.
Our Data Needs are Growing
More and more companies are switching to cloud storage, which makes operations less expensive and more efficient, but also adds another potential entry point for hackers. Typically the best way to make a robust system immune from cyber attacks is to maintain strict control of all of your data and transactions. Cloud computing and data storage by definition means trusting your data to a third party vendor, which adds a layer of risk to any system.
Even if the third party has a solid security system with proper protocols in place, the chances of an attack are never zero, but more importantly, attacks on a cloud storage site are usually extra devastating because they may contain all or at least huge amounts of data.
Even outside of the cloud, our data needs are growing, giving hackers another chance to exploit a system, and increasing the likelihood that any breach will be severe. Companies generally keep very detailed records on everything from individual customer behavior to multilayered vertically integrated supply chains.
Hackers are Getting Smarter
Hackers are always getting smarter and looking for new ways to exploit a vulnerability. As lucrative as cybercrime is, criminals are heavily incentivized to always improve their skills just as much as cybersecurity professionals are looking to improve theirs. In addition, many are now backed by state actors giving them large budgets to work with. We have seen several cases in the last few years of very serious and costly data breaches traced back to governments of North Korea and Russia, and there are certainly many more at work as well.
The popularity of Remote Work
The pandemic ushered in a new age of remote work and work from due out of necessity, but as the pandemic is winding down, remote work seems here to stay. Employees have made it clear that they are reluctant to return to the office, at least five days a week, due to quality of life issues. Businesses will struggle to retain top talent without lenient work from home policies.
While work from home offers benefits, it opens up many more doors for hackers to obtain entry into a company’s systems. Employees now use their laptops, smartphones, and tablets much more frequently than ever, and often on public wifi systems. Firewalls and VPNs of course help but many are outdated. All of this leads to an ever growing need for cyber security professionals.
Increased Risk of Social Engineering
As more people continue to spend more and more time online and use more and more services, opportunities for criminals to exploit a weakness will grow along with them. Most retail users use more than one smart device and must keep track of dozens of passwords. In addition, each user has many accounts with different entities that store their personal information.
Each vulnerability can be exploited to gain more and more information about a particular user, which gives a criminal an opportunity to use social engineering to carry out a crime. Phishing attacks and similar online scams, for example, bilk customers out of millions of dollars of assets a year.
It’s Almost Impossible to Catch Cybercriminals
Cybercriminals are rarely held accountable for their crimes. This lack of accountability makes cybercrime a low risk, high reward enterprise to engage in, especially for criminals in far flung corners of the world. Often, hacks in the United States are carried out by hackers on other continents who have virtually no chance of getting caught, or paying any consequences if they are caught.
As outlined in the Hidden Costs of Cybercrime report by McAfee, most cyber attacks originate from outside of the United States, in countries such as China and Russia. It is reported that many African and Eastern European countries also frequently participate in these attacks too. Law enforcement in the United States has very little chance of identifying the criminal, to begin with, but even if they can be identified, they typically will not have any jurisdiction over them anyway.
Furthermore, criminals go to great lengths to hide their identities. They often use VPNs and proxies to hide even their country of origin. Granted, the vendor hosting the proxy or VPN will have access to that information, but are usually unlikely to share it unless compelled by a court order, which is often hard to get when they are hosted in a country that is possibly complicit in carrying out the attacks anyways.
Another reason that it is increasingly difficult to catch cybercriminals is the lack of reporting of their crimes. Many entities are reluctant to share that they have been hacked due to damage to their reputation.
Finally, cryptocurrency is being effectively used by criminals to stay anonymous. Criminals demand a ransom to be paid in Bitcoin or other cryptocurrencies which adds another layer of anonymity. In the past, it was often difficult for criminals to demand ransom for their stolen data because the funds could easily be traced or frozen by law enforcement. Cryptocurrency, while not always completely anonymous, does at the very least add another layer of complexity to law enforcement officials trying to track them down.
As a result, the deck is stacked in the favor of the cybercriminals as they are able to use effective ways to demand randoms via cryptocurrency. The world is increasingly shifting to a world where everyone’s data is stored on a cloud system giving hackers multiple ways to exploit a system with little chance of getting caught and the potential for a large payoff.
With attacks rising, the payoffs for criminals increasing, and the chances of getting caught almost zero in many cases, the need for cybersecurity professionals are more in demand than ever and institutions’ needs for larger and larger cybersecurity budgets are always increasing.
The need for cybersecurity will continue to grow for the foreseeable future due to both the growing number of vulnerabilities available to hackers and the growing costs associated with each individual successful attack. The likelihood of an attack and the increasing severity simply cannot be ignored.
Sources:
https://www.statista.com/statistics/595182/worldwide-security-as-a-service-market-size/
https://www.mcafee.com/enterprise/en-us/assets/reports/rp-hidden-costs-of-cybercrime.pdf
https://usa.kaspersky.com/resource-center/definitions/what-is-cloud-security
https://www.studyinternational.com/news/cybersecurity-career-in-demand/
https://blog.tmb.co.uk/why-is-it-so-hard-to-catch-cyber-criminals