In 2021, the number of nearly every kind of cyber threat increased. Ransomware threats grew 105% to 623.3 million — that’s 20 attempts per second.1
There were also sharp spikes in encrypted threats, cryptojacking, vulnerability exploitation and phishing. According to the Identity Theft Resource Center, there were more data breaches than any other year2 and the average cost of a data breach jumped from $3.86 million to $4.24 million — the highest in the last 17 years.3
The Usual Suspects: Ransomware, Social Engineering and Insider Threat
The World Economic Forum found that ransomware, social engineering and insider threats are the biggest cyber threats to organizations today.4
Ransomware attacks on Colonial Pipeline, JBS Foods and the Washington DC Police Department prove it’s not just a growing threat to companies but also public safety.
Social engineering attacks — which manipulate people — are also getting savvier. Incidents of phishing, spear-phishing and whaling have all increased. Cybercriminals are getting better at exploiting people to give up secure information, share passwords or help solve a pretend problem to gain access to company systems.
While insider threats could stem from either malicious intent or unwitting help from employees, 62% occur due to human error, negligence and lack of knowledge.2
Small- and Medium-Sized Businesses Are the Chink in the Armor
The World Economic Forum research found that SMBs are the weakest link in the business ecosystem. Often these businesses don’t have the cybersecurity strength or resiliency to defend against crafty and malicious cyber attacks.
That’s why cybercriminals use them as the stepping stone to access bigger targets. About 88% of businesses perceive SMBs as a “critical threat to supply chains, partner networks and systems.”4
As businesses continue to decentralize and work becomes distributed, small- and medium-size businesses have to prioritize cybersecurity as a part of their business strategy.
How to Make Your Company Cyber Secure
Thanks to increased digitization and remote work, enterprises are reaching a point where managing their digital footprint is becoming a tough assignment. The ever-growing need to keep up with variants of malicious threats, enhanced security capabilities, shadow IT and new regulations are also adding to the cost.
Business leaders have to adjust their cybersecurity strategy to keep up with these changes. Firstly, they need to “shift left” on security measures — that is, cybersecurity has to be “baked into” every product, service and business model they build by engaging development, security and operations (DevSecOps).
Secondly, leaders need to work with their IT teams to understand how to utilize automation in their cyber efforts. By replacing manual tasks with augmented intelligence and automation, they can achieve the scale and speed needed to defend their organization in the current landscape.
Thirdly, leaders need to understand that cyber is not a function that rests with their IT or data teams. It’s a shared responsibility of every stakeholder in their business ecosystem, from the C-Suite to employees to third-party vendors. The only way to build a cyber-secure organization is to foster a cyberculture where everyone is knowledgeable and equipped to practice cyber hygiene.
Bring Out the Power Weapon to Defend Your Business
One technology has been and will continue to disrupt cyberspace like nothing before it — AI. Criminals and nation-state actors are already using AI to launch the most insidious, large-scale cyberattacks ever, and the only way to fight AI-generated cyber threats is with an AI defense mechanism.
When fully deployed, AI cybersecurity will have the biggest cost savings for businesses compared to any other current technology or strategy. According to IBM, an AI cyber strategy can save companies a staggering $3.81 million.3
Cyberculture is the Best Defense
Cyberculture is much more than preventing attacks — it's a mindset that permeates every decision and action the company takes. Today, as companies become increasingly reliant on doing business digitally, cyberculture is considered a collateral.
It signals trustworthiness and makes consumers and shareholders feel confident about the company — which ultimately means cyberculture is very much tied to a company’s bottom line. When consumers view the company as socially responsible, it also adds to its competitive advantage.
Cybersecurity culture has to align with business goals, risks, strategies and its lived-in culture. Leaders have to know the strengths and weaknesses, the barriers and mindsets of their employees to recognize the gaps and develop a roadmap for change.
Without buy-in from top management as well as all employees, it will be impossible to build a culture that strengthens the organization’s cyber posture.
Prevention is Cheaper Than Cure — Make Cyber Training Essential
No matter how watertight a company’s cyber strategy is, it’ll be vulnerable to the people using the systems and accessing the data. Cybercriminals are only too aware of this, using humans to carry out most attacks.
Even companies that have executed the most intricate cyber posture have taken a laid-back approach to training their employees. No wonder 59% of employees admit they’d find it difficult to respond to a cyberattack due to a lack of knowledge and skills4 — this is the most critical cyber threat companies face today.
Without understanding how criminals are exploiting social engineering, the mechanics of viruses like ransomware, or knowledge of data privacy, employees will continue to be insider threats.
Training and preparing their employees to practice cyber hygiene, recognizing cyber threats and knowing how to act during an attack is the most critical step leaders can take to develop cyber resiliency and build a more sustainable and trustworthy organization.
Sign up for the Oxford Cyber Security for Business Leaders Programme to gain the strategic and tactical insights to navigate the complex and volatile landscape of cybersecurity and secure the sustainability of your organization.