Cyber crimes may target absolutely any person or organization that uses Internet. The only perfect solution to avoid an attack by a cyber criminal is to simply switch off your computer. However, both progressive business environments and modern lifestyles require a permanent presence on the web from organizations and individuals, and users have to increase their cyber security awareness, and this is where the Cybersecurity Landscape data will be helpful.
To give you the comprehensive picture of the cybersecurity world, we created simple but meaningful pictures followed by our security experts’ comments. We covered the cybersecurity landscape including the most high-profile cyber crime statistics: number of attacks, crime targets, cybersecurity spendings, and cyber risk management.
Table of Contents
1. Cyber Crime Statistics
The increasing number of attacks and its constant tendency to grow is mostly explained by the following factors:
- The growing black market for cyber attack tools makes them widely available for a comparatively low price (about $100 – 300 for a framework).
- As technology advances, the global society becomes digitized and people use Internet and mobile devices more frequently.
- Companies of all sizes (from small to medium sized businesses to huge corporations) generally utilize a relatively low level of security measures.
- The Internet of Things devices create a rapidly growing network of connected objects that frequently were manufactured without taking the security issues into consideration; so additional data protection or encryption can not be implemented.
Medical and business organizations suffer several times as many breaches as other industries because of these three reasons:
- On average, companies from financial, government and educational sectors hold sufficiently more secure corporate security architecture than organizations from a medical or business sector.
- Medical and business spheres differ from others by having a tremendous number of companies, especially those of small and medium size.
- Medical organizations store individuals’ SPI (sensitive personal information) that is of a great value for cyber criminals; this is why medical organizations have recently become the main target of ransomware attacks.
2. Cyber Crime Targets
Who are the actors?
- Hactivists – might use computer network exploitation to advance political or social causes.
- Individuals and sophisticated criminal enterprises – steal personal information and extort victims for financial gain.
- Insider threat actors – typically steal proprietary information from private companies.
- Espionage nation-state actors – might conduct computer intrusions to steal sensitive state secrets and proprietary information from private companies.
- Terrorist groups – might seek to sabotage the computer systems that operate the critical infrastructure.
- Militaristic nation-state actors – might attempt to sabotage military and critical infrastructure systems to gain an advantage in the event of conflict.
3. Spending on Cyber Security
Why is the cybersecurity market expanding so rapidly?
- Cybercrime is a profitable business, with the global cybercrime market generating a higher turnover (about $0,45 – 1 trillion) than that of drugs and stolen cars.
- A darknet and cryptocurrency guarantee criminals’ anonymity complicating the police investigations and decreasing the effectiveness of cyber countermeasures.
Cyber Crime Impact?
- For high-frequency traders, a cyber event could render your data / systems inoperable for an extended period of time thus preventing trading activity.
- For those invested in health funds, a data breach could significantly impact the value of your holdings.
- For any investment, internal data could be breached or held ransom thus impacting most business operations.
4. Cyber Risk Management
It’s important to recognize that what is commonly called cybersecurity is really cyber risk management.
When an organization narrowly focuses on cybersecurity it oftentimes mistakenly considers it to be a technological responsibility. Cyber Risk Management is a business responsibility. A holistic approach shows that your cybersecurity strategy needs to align with your business strategy. A holistic approach recognizes that people, and thus culture, is an important element. It also recognizes that your industry is a driver of your threats. Finally, a holistic approach understands that managing risk has a cost and must be funded.
Cybersecurity needs to be managed consistently with other risk disciplines. Negative events are inevitable – that’s why it’s important to have in place controls to minimize the negative events, processes to quickly recognize they have occurred and a plan to manage their impact and recover from them.
Effectively managing cybersecurity risk requires an organization to incorporate all the appropriate elements, including some not typically included in most cybersecurity discussions.