Stop me if you have heard this one before; cyber criminals are going to steal your data, your identity, and your entire digital footprint. Much like the Terminator, they can’t be bargained with, they can’t be reasoned with, and they do not feel pity, remorse, or fear. And they absolutely will not stop ever.
If there is one element that routinely defines the connected society, it is the plain and simple truth that the digitalization of our lives has made the opportunities to access both personal information and company secrets extremely tempting to those with malicious intent. In fact, data security has been a constant fixture in the list of concerns cited by corporate executives and decision makers for years now, with the consensus being that hackers will get bolder and more inventive as companies move further along their required digital journey.
A quick search for “cyber breaches 2021” brings up 16 million results in 0.66 seconds, while toggling to the news section throws up 201,000 stories which fit that narrative. That, sadly, is only the tip of the iceberg.
Digital Security is Under Attack
According to a recent industry report, for example, there were more than 304 million attempted ransomware attacks in the first six months of 2021 alone, a year-on-year increase of 151%.
The report, cited by ZDNet, said that the countries most impacted by this form of attack were the United States, United Kingdom, Germany, South Africa and Brazil, while the most common targets were government, education, healthcare and retail – government customers saw 10 times as many ransomware attempts each month than other industries, the report said.
Malware was also seen by the report’s researchers to be both diminishing in terms of identified instances – 5.6 billion in 2020, 2.5 billion in the first two quarters of 2021 – and increasing in its global spread. Europe and the U.S. both reported dips in malware volume, but India and Germany saw their levels “skyrocket” in those six months, recording 147.5 million and 150.4 million attempts respectively – for the record, Germany’s numbers increased by an astonishing 465%.
“Less malware isn’t the same as less cybercrime,” the authors of the report said. “Instead, it’s a sign that the traditional malware associated with spray-and-pray attacks of yesterday is being abandoned…usually in favor of more specialized, more sophisticated and more targeted attacks, capable of making criminals much more money and leaving much more devastation in their path.”
The report also uncovered 185,945 malware variants that had never been seen before, a year-on-year increase of 54%. Black hat hackers had also decided to target specific areas, the report noted, with 32 million attacks being traced back to IoT devices. In addition, cryptojacking – malicious cryptomining that infects both business and personal computers, often without the user’s knowledge – became more prevalent, with 51.1 million attempts recorded.
Cyberattacks are the Norm
There are very few brands or companies that haven’t had to ward off an attempted cyberattack – the key word is attempted, as opposed to successful – but the almost monotonous regularity of “breaking news” that highlight data breaches means that the average person only takes notice when they are potentially impacted.
T-Mobile customers, for example, are likely to be still digesting the revelation that around 7.8 million current accounts and 40 million former or prospective accounts were part of a “highly sophisticated cyberattack” against the nationwide network. To its credit, the company has been proactive in its internal investigations and taken immediate steps to protect any exposed data, but hackers have gone after T-Mobile in the recent past and it obviously remains an attractive target in terms of the data that it holds
The same could be said for the Ford Motor Company, who brought in white hat hackers to proactively test its data security defenses, the Detroit Free Press reported.
Concerned about a potential data breach that would impact both customers and employees, the company asked ethical cybersecurity researchers to access its internal systems and databases. As a result of this open-door policy, the “friendlies” discovered a bug on Ford’s website that allowed sensitive parts of the company-wide system to be breached at an exceptionally large scale.
Both companies would have a lot to lose in terms of both their reputation and bottom line if these targeted attacks had not been caught and resolved in time. And they are certainly not outliers in terms of the industries that are in the firing line.
A leading bank, for instance, recently admitted that a technical bug on its online banking website and app was allowing “accidental leakage of customer banking information to other customers.” A California-based non-profit healthcare provider with five hospitals and 19 outpatient facilities said in its quarterly financial reports that it expected, according to The Record, to lose around a cumulative $106.8 million in operating revenues and expenses by the end of the year, thanks to a ransomware attack in May 2021.
In the case of the healthcare provider, that doesn’t even consider the potential losses due to litigation. And while you must give kudos to that company for being willing to reveal exactly what that ransomware attack had cost in a monetary sense, the attack was further complicated by the fact that the provider was reportedly unable to access its web portal, patient medical records or even provide some patient services for four weeks!
Be Proactive, Not Reactive
The security stakes have always been high in the connected society, but what is becoming increasingly clear is that companies that don’t have the right protections in place are leaving themselves open to all manner of malicious activity.
Data is already the currency that oils the wheels of continued (and required) digitization, so the onus on decision makers and business leaders is to ensure that systems are in place to prevent bad actors from gaining access to company resources and, importantly, customer data. This takes on even greater relevance when you factor in the increased adoption of and migration to the cloud.
In recent years, the ubiquitous nature of cloud deployments as a business optimization strategy has shone a spotlight on not only the benefits of adopting a cloud first strategy, but also the challenges that companies face.
There is little doubt that integrating an on-demand cloud platform such as Amazon Web Services (AWS) into your digital journey comes with a lot of benefits – scalability, speed to market and cost savings, to name just three. The caveat is that a decision to move from a traditional (on premise, internally controlled) IT infrastructure to one that is virtual and, in theory, overseen by a third party, is one that is not taken lightly.
Often, the first question that any company asks when considering the move to a cloud-based working environment is related to security. This question is one that has been asked thousands of times by decision makers and there is no doubt in my mind that it will be asked for years to come – a recent industry report said that eight out of 10 respondents to a survey cited data vulnerability due to misconfiguration as a major concern, for instance.
That makes the choice of cloud provider a critical part of the process. AWS’ Shared Responsibility Model splits the onus on security between the provider of the virtual services (AWS) and the customer. AWS secures the cloud’s physical infrastructure, compute and network systems, the customer secures everything they run in the cloud. A deeper dive into how security and compliance is the underlying focus can be checked out here.
Apexon offers complete end-to-end security testing services to protect your application in design and development through to QA and maintenance. By taking a comprehensive and structured approach which is focused on proactively identifying vulnerabilities during application development, we can build and deliver solutions that alleviate potential pain points across the digital product lifecycle.
In addition, our digital engineers target the best possible use of resources and time to make the migration and integration process as manageable as possible. With that in mind, our AWS experts can help you with your toughest cloud security challenges and educate you on the AWS best security practices, while our dedicated security team can help you with your mobile app security, including but not limited to healthcare, financial services and emerging technology apps.
Data Security Closes Digital Doors
Fears about cybercriminals lurking in the digital darkness have been around for decades, but the continued shift towards a connected and global village has raised the bar in terms of what can be accessed and when. There is an argument that those with malicious intent will always be part of society, albeit that it is often easier to sit behind a keyboard as opposed to physically stealing something.
Data is no longer merely just digital information; it is a currency that has value and the people who want to cash in are not going away anytime soon. That makes the need for data security ever more urgent, and the companies that both do it right and leverage the tools available to adapt to evolving threats will be the ones that will not see their brand flagged up in public.
At the end of the day, we invest time and money into making sure our physical properties are secure, so there should be no reason to leave our digital doors open.
If you have any questions surrounding security best practice, guidelines, or you have additional security queries, contact Apexon today. Your toughest security dilemma may seem to be an unsolvable challenge but let us know what it is, and we will solve it.
Also read: Keycloak: Unlocking Seamless Identity and Access Management for Enterprises