Cybercrime has developed quickly, with fresh attack vectors wreaking havoc on many businesses. While businesses and governments have increased their preparedness to combat this threat, the number of occurrences continues to rise. While the pandemic damaged many organisations' current cybersecurity frameworks, the frequency and sophistication of cyberattacks wreaked havoc on the cybersecurity infrastructure of others.
As the number of cyber and data breach incidents observed in 2020 and 2021 rose, the following are the trends that businesses need to be prepared for:
1. Stricter regulatory compliance and increased self-reporting of security incidents and breaches: Many countries put the responsibility of reporting or notifying instances of cybercrime or data breaches on companies. Over the last couple of years, regulators have increasingly focused their attention on corporates’ cybersecurity disclosure policies and on their responses to and reporting of cyber incidents. Business leaders should therefore plan adequate security postures, accompanied by administrative, technical and physical security controls, including self-reporting.
2. Surge in cyber insurance to protect critical assets: As the magnitude of cybercrime increased during the pandemic, many companies are now taking larger cyber insurance policies to safeguard their data. They are also taking proactive steps to mitigate risk, protect assets, safeguard their reputation and recover monetarily after a data or security breach. The coverage of the cyber insurance typically varies – including but not limited to forensic investigation, business loss, costs for data breach notifications and legal expenses including the cost of paying ransom to attackers.
3. Crimeware or ransomware as a service is transitioning into a highly profitable industry: Today, crimeware-as-a-service and ransomware-as-a-service are increasingly becoming widespread practices. The former refers to advanced tools and packaged services that are offered for sale or rent to criminals, while the latter is readily becoming available to anyone capable of paying digitally or through cryptocurrencies such as Bitcoin. Cybercriminals often get generously compensated for delivering or spreading malware and may even get a percentage of the extorted ransom paid per infected device. The global economic downturn caused by the spiraling pandemic has created an ideal situation for both experienced and novice cybercriminals to carry out sophisticated attacks easily.
4. Business are being crippled by outdated and open-source software: Cybercriminals these days are continuously on a look out for outdated web software. Once a vulnerability is discovered, cybercriminals exploit external web systems that run the vulnerable piece of software. Undocumented Open-Source Software (OSS) used by many organizations can be a ticking timebomb, ready to explode anytime. With the pandemic adversely impacting allocation of budgets for business operations, many enterprises ended up falling in the trap of opting for low-price software. Using the corresponding (poor) code quality in the undocumented OSS components and frameworks to save programming time may compromise the system security and ultimately cost much more.
5. Software-as-service-platforms (SaaS) continue to be attacked: There have been several reported incidents of the platforms being infiltrated through phishing and crypto-malware tools and locking companies out of their own data. We see browsers as a weak link in the security chain, as a number of zero-day flaws exploited have been because of browser vulnerabilities. Going through the list of CERT-In advisory guidelines, as on May 2021, we see that every single one of them relates to popular SaaS platforms being compromised and their vulnerabilities, be it data scraping of users or multiple vulnerabilities in operating systems.
As cybercrime continues to evolve, companies need to adopt robust cyber defense frameworks to mitigate rising threats. Protection against cybercrime must be enabled as a part of business culture and must become a boardroom agenda. Business leaders should also be actively involved in the discussion around cybersecurity strategy to better manage the evolving threat landscape.
(This is a slightly modified version of an article originally published in Financial Express. The original article can be found at https://www.financialexpress.com/industry/technology/evolving-cybercrime-and-data-security-challenges/2300990/)