Well, last night I was working on a proposal for a new book on Cybersecurity. I am currently writing one right now on Web Application Security, with three co-authors. The new book I am pitching about is the use of Artificial Intelligence (AI) in Cybersecurity.
Right now, that is the big buzzword, but there is a lot of substance that goes behind. Right now, from the research that I have done, it seems like that Corporate America is fascinated with this new concept in order to beef up their lines of defense, but people are still warming up to its potential benefits.
I will say more about it when the book proposal hopefully gets accepted and I sign a contract. But in the meantime, I had a great podcast yesterday, and we have quite a few more coming down the road. One of the key questions that I ask of all my guests is what they think the #1 Cyberthreat will be for the remainder for this year, and even going into 2020.
Of course, the answers vary to some degree, but the main consensus remains that it will be Phishing.
True, this is probably the oldest form of a Cyberattack that can happen, and in fact, the first true Phishing attack occurred in the late 90’s (during the time of the .com craze) when AOL was impacted. But many variants have come out of it, and still haunt us to this day.
In fact, it has come to the point now we cannot even tell the difference at first glance what is a legitimate or spoofed website. Because of this, my guest even said yesterday that Corporate America will be ramping up their spend in order to combat this menace known as Phishing.
In fact, this prediction is underscored by a recent market research study entitled the “Cyber Incident & Breach Trends Report”, launched by the Online Trust Alliance.
In their study, they calculated the total loss that Corporate America faced in 2018 because of Cyberattacks. Here is what they found:
*There was a staggering $45 Billion in losses;
*The financial impact from Phishing attacks have been the worst ever. For example, Business Email Compromise (also known as a “BEC”) is a very sophisticated variant of Phishing. This type of attack cost many businesses and corporations over $1.3 Billion in 2018 alone, and since then has increased by 60%.
*Credential stuffing is also on the rise. This is yet another variant of Phishing, where the Cyberattacker attempts to use the login credentials gained from a Phishing attack to try to access other websites that the victims may be using as well. Just in 2018, there were over 2.2 Billion credentials stolen to launch credential stuffing attacks.
The see more details in this report, click on the link below:
In order to further reflect upon these findings, there was also another survey conducted entitled the “2019 Hiscox cyber Reading Readiness Report”. This research discovered the following:
*The average cost for a business in Corporate America as a result of a Cyberattack ranged anywhere from $229,000 to $369,000 per incident. This only multiplies further if the same organization is hit again repeatedly. This is an increase of 18X.
*SMBs have reported a 14% increase in the level of Cyberattacks from 2018, and the larger organizations have reported witnessing an increase of 27% as well.
*Because of this increase, many businesses and corporations are now increasing their spend on Cybersecurity to unprecedent levels. For example, the average spending on Cybersecurity is now $1.45 Million and the pace of spending is rising quickly. For example, the total amount spent thus far by the 5,400 firms polled in this survey comes to a staggering $7.9 billion.
*Over 60% of the respondents report that they plan to increase their budgets and spending on Cybersecurity by at least 5% (if not more) for the rest of 2019 and going into 2020.
The see more details in this report, click on the link below:
My Thoughts on This
Well, there is no doubt in my mind that there will always be a rise in the number of Cyberattacks – this statistic will never change, and not for a very, very long time to come. In return, the knee jerk reaction to Corporate America is spend more money on Cybersecurity. The thinking here is that if you spend more, then you will be organization will be better protected. But keep in mind, this is only a perceived level of thinking.
Remember, simply spending more money does not mean that you will have a better line of defense!!! For example, suppose Company XYZ has just received an increase in the amount that they can spend in Cybersecurity. The natural tendency of the CISO or CISO in this case would be to simply procure more Firewalls and Routers and deploy them all over in hopes that their IT Infrastructure will be much better protected. But this is backwards thinking.
In fact, the more hardware you implement, your attack surface increases by that much more. For instance, rather than just hacking into 2 Firewalls, the Cyberattacker can now hack into 10 Firewalls, and cause even more damage and havoc. So, what should a company do?
This is a topic that I have touched on before. Company XYZ should instead spend their increased budget on conducting Penetration Tests and Threat Hunting exercises to see where the true vulnerabilities and weaknesses lie in its IT Infrastructure. Once this has been done, then it is important where the Firewalls and Routers should be strategically placed in order to provide maximum protection to the organization.
So really, just having 2 Firewalls placed at the most crucial points in the IT Infrastructure will probably provide far more efficient protection and just simply throwing in 10 Firewalls in a haphazard fashion, and not increase the attack surface. In other words, this is taking a much more “surgical approach” rather than a “shot in the dark approach”.
The CIO and/or the CISO now need to embrace and take on this kind of approach. Keep in mind, whenever the economy sours, IT budgets are amongst the first to be thrown out of the window. Therefore, it is very important that you conserve your budgets as much as possible but spend in the most strategic ways as possible.
So far, despite all the chaos that is happening in DC and the trade war with China, the United States still has a booming economy. In fact, according to many economists, this is the longest period of economic growth we have had since World War II. But it can’t last forever.