Cyber Threats: Rise In Prevalence, Rise In Costs

Threat Surfaces Are Expanding

The proliferation of devices requesting access to the network, driven largely by the adoption of BYOD policies and utilization of IoT devices, has forced network security teams to be more diligent about setting and enforcing effective access control policies. Despite best efforts, attempts to address this evolving problem are akin to putting a finger in the dike – rogue devices inevitably slip through the cracks, leaving corporate networks vulnerable to ransomware and countless other cyber threats.

What’s more, network complexity complicates the issue. Today, networks consist of an ever-increasing number of WANs, LANs, VLANS, SD-WANs, MPLS, VPNs, employees’ homes, coffee shops, hotels, airports – wherever authorized devices can connect to gain access to company resources. As if the industry needed another acronym – some are calling it Bring Your Own Network (BYON). Regardless of how we define the trend, access to everything (from everywhere) has changed the security dynamic.

The impact on corporate bottom lines is tangible. The risks and costs associated with network breaches are growing larger by the year. It seems as if every day a new Fortune 500 company is reporting a costly cyberattack. Data breaches from January through September 30, 2021 (9 months), exceeded the total number of events in the entire year of 2020 by 17% (1,291 breaches in 2021 compared to 1,108 breaches in 2020). Adding to the challenge, threat actors are becoming more sophisticated and prevalent, leaving organizations on their heels fighting to catch-up.

A New Age of Cyber Threats

Cyber threats have become alarmingly prevalent, with malware increasing 358% overall and ransomware increasing 435% in 2021 compared with 2019. All threats, from phishing to attacks on Internet of Things (IoT) devices and supply-chains, have grown exponentially. Attacks on IoT devices tripled in the first half of 2019 and supply chain attacks were up 78%.

Costs have escalated in tandem. The average ransomware payment rose 33% in 2020 over 2019, to $111,605. The total cost of cybercrime for each company increased 12% from $11.7 million in 2017 to $13.0 million in 2018. Data breaches cost enterprises an average of $3.92 million annually.

In an attempt to mitigate these costly risks, many companies have opted to deploy niche solutions and tools such as network and host intrusion detection, various threat intelligence feeds, and mobile device management. While useful in isolation, these disparate tools (e.g., Network Performance Management, SIEM, XDR, SOAR, etc.) create many different panes of glass, leaving gaps in network security and complicating IT infrastructures.  All this means extra work for already thinly-stretched IT teams. In this sense, less really is more.

Essential Areas of Cybersecurity

The cybersecurity software market is oversaturated with tools that have been designed for very siloed tasks. Many of these have been developed in direct response to new threats, and require a certain focus and sophistication that doesn’t lend itself to the average IT professional’s chaotic daily life. Instead, companies need to develop a simple, yet solid security foundation that consists of three essentials:

1. Firewalls to monitor incoming and outgoing network traffic
2. Network access control to enforce access policies, assess connected device risk and remediate non-compliant devices
3. Endpoint protection like antivirus to prevent, scan, detect and eliminate malware and other viruses from devices