The image of a hacker as some manchild in his mom’s basement is a thing of the past. Today’s criminals are smarter, savvier, and more professional than ever. How can you defend against them?
73% of Americans have at some point been a victim of cybercrime. 90% of U.S.-based businesses have experienced data breaches online, and have had their entire data centers brought down by ransomware. These numbers are concerning – but for anyone who’s been paying attention to the growing industry dedicated to digital crime, it’s really no surprise.
Fact is, there’s a lot of money in cybercrime. It’s a billion-dollar industry – and it grows larger and more successful with each device we bring online. To offer some context, the sum total of cash lost to hackers globally topped $450 billion in 2016 – more than the entire worldwide market for cocaine and heroin.
Cybercrime Is Attracting Professional Hackers
In other words, digital crime is serious business, and it’s attracting some serious professionals. Potentially state-sponsored hackers like Fancy Bear and Dragonfly. Criminal enterprises like Morpho. Even lone hackers equipped with botnets and hacking tools can accomplish some Hollywood-esque hacks.
“Gone are the hackers from 20 years ago, when the internet was still in its infancy – bored, suburban kids who enjoyed causing virtual mischief from their parents’ basements,” writes NBC’s Abigail Elise. “Today’s online criminals use sophisticated software, bots, viruses, Trojans and phishing techniques to infiltrate businesses and homes. Many of the attacks are automated, which means cyber thieves can access data even while they’re sleeping.”
Frightening, right? How do you defend yourself against this sort of thing? How can you ensure data integrity and business continuity in the face of a monolithic criminal enterprise with limitless time, resources, and malice?
The first step is education – both for yourself and your employees. You need to know how to recognize social engineering attacks like phishing scams and fraudulent phone calls. You need to know what apps and devices are secure, and which ones to avoid.
More importantly, you need to stay abreast of the latest global attacks, and never skip a single security patch – ransomware like WannaCry was, believe it or not, entirely preventable. All that would have been necessary for any of its victims to avoid being hacked was a simple security patch. And indeed, 90% of companies that are attacked are targeted through vulnerabilities as old as ten years.
Finally, you need to consider alternatives to traditional predictive, reactive security. Gartner advises adopting something called CARTA – continuous adaptive risk and trust assessment. This security and risk mindset essentially views security as something that’s constantly changing and evolving and implements it with that in mind.
Hackers are smarter and better-resourced than ever, so we need to be smarter as well. The days when it was acceptable – if indeed it ever was – for a business to skimp on a security patch are well behind us. In the modern enterprise, if you aren’t paying attention, you’re going to get burned.
Editor’s Note:
From time to time, SensorsTechForum features guest articles by cybersecurity and infosec leaders and enthusiasts such as this post. The opinions expressed in these guest posts, however, are entirely those of the contributing author, and may not reflect those of SensorsTechForum.