According to a recent study by McAfee, the global cost of cybercrime in 2017 exceeded $600 billion, with a 13% increase in reported vulnerabilities, while annual costs increased by 23%, reaching an average of $11.7 million.
The number of new variants of malware targeting mobile devices increased by 54% compared to 2016. Fraudulent cryptocurrency mining increased by 8,500%. On average, Symantec reported blocking 611,141 web attacks every day in 2017. Symantec experts reported over 27.7 million attacks blocked in October 2017 alone.
Financial fraud, the underground economy, and illegal payments increased by 1.8 times compared to 2014. Ransom demands for unlocking infected systems increased by 36% in 2017. There were over 4,000 attacks per day. Warren Buffett considers cyberattacks to be a greater threat to humanity than nuclear weapons. 78% of people say they are aware of the risks when clicking unknown links received via email, and yet they still click on them, according to a study published by Accenture and the Ponemon Institute.
The main goal motivating 90% of attacks organized by groups is information gathering. The number of organizations affected by such targeted attacks increased by 10% in 2017, and 71.4% of attacks were carried out through phishing email campaigns. The main information stolen from devices included phone numbers (63%), followed by the physical location of mobile devices (37%), with estimated fraud totaling approximately $16 billion, according to a study conducted by Varonis.
The techniques used by hackers are becoming increasingly sophisticated, with 90% of them covering their tracks through encryption, making preventive measures even more important. Nearly 81% of attack victims had not implemented detection measures for data breaches. Over 43% of cyberattacks targeted small businesses.
The chart below shows the evolution of incidents generated by malware and other types of cyberattacks since the 1980s. From 2014 to the present, the volume of threats has doubled, and complexity has increased significantly.
According to a cybersecurity study published by CISCO, only 38% of organizations worldwide say they are prepared to face a sophisticated cyberattack. Among companies, 64% have experienced web-based attacks, 62% have been subjected to phishing and social engineering attacks, 59% have been targeted by malware and botnets, and 51% have suffered DDoS attacks.
In this context, the need to implement adequate protection measures against these attacks is becoming increasingly important.
Omega Trust experts can improve your cybersecurity.
10 Quick Solutions for Improving Information Security
You can apply the following 10 solutions to protect your business from unauthorized access, incidents caused by negligence, lack of knowledge, or lack of time to update technical security measures. Depending on the complexity of the IT systems and networks you use, these solutions will often represent only the first step in improving your data protection. Do not forget that cybercrime is constantly evolving.
#1. The first solution is a security audit of the systems and the IT environment in which they operate, to determine the baseline level of existing security measures and resilience against attacks. This analysis is essential and may include exposure assessment to security risks, penetration testing, and vulnerability scanning. Without such verification, any measures applied will be “blind,” and their effectiveness will be significantly limited.
#2. The second solution is updating all software solutions installed and used on IT systems using the latest packages provided by authorized vendors. At the same time, it is necessary to remove all unstable programs or those originating from unverified sources. It is also necessary to verify how these applications communicate with each other, what information they access and transfer, especially to external systems.
#3. The third solution consists of updating policies for the use of IT systems and implementing protocols and access controls, while monitoring system activities, communications, and deviations from accepted norms. Establishing a secure working environment depends significantly on user behavior.
#4. Given the importance of user behavior in maintaining a secure environment, regardless of the technical measures applied, periodic staff training is essential to reduce the risk of security incidents. Training sessions should at least cover the use of email communication platforms, accessing unknown links, opening files from unidentified sources, and secure usage of IT systems.
#5. Continuous monitoring of activities carried out within IT systems is essential, as it allows for reduced response time to potential security threats. Any unusual behavioral pattern, suspicious activity, or attack can be detected and mitigated much more easily when successive alerts and automated monitoring are in place for ongoing processes.
#6. Proper configuration of security settings can ensure that activities are carried out in a protected environment. The time invested in customizing settings—from username complexity and password uniqueness to enabling only strictly necessary services and executable files—will contribute to protecting servers, databases, applications, and active systems.
#7. Creating backup copies of necessary information allows for efficient and complete recovery within a reasonable time, limiting potential damage. Additionally, these backups must be well protected and isolated from main internal and external data traffic flows, making unauthorized access or compromise difficult or even impossible.
#8. It is also important to identify needs and implement IT security systems that protect your organization. These systems include, but are not limited to: firewalls, intrusion detection and prevention systems (IDS/IPS), Data Loss Prevention systems, antivirus systems, data encryption and pseudonymization systems, and Security Information and Event Management (SIEM), etc. These systems should not be purchased and implemented blindly, but only after analyzing the IT environment to identify the optimal solution for the organization both in terms of security and cost.
#9. Because costs are involved, and because a cyberattack occurs every 39 seconds—with 43% of these attacks affecting small businesses—and because interconnectivity continues to grow, data protection is vital and requires a change in approach, starting with proper and complete awareness of risks. The cost of an incident will always be higher than the cost of prevention. Protection measures are within reach. Call on professionals!
#10. Last but not least, it is recommended to implement an information security management system that defines an appropriate framework for organizing all implemented technical and operational measures and ensures their adaptation to new security threats, as well as their continuous improvement.
How can you protect yourself? Choose Omega Trust services now! You can find us at Internet & Mobile World, booth 9, and on www.omega-trust.ro.
Omega Trust has been operating since 2009, providing services in 12 countries, both in the private and public sectors. To date, we have been involved in over 500 projects for more than 450 clients, public and private institutions both in Romania and abroad.
We also provide complete implementation and certification solutions and services, delivered by our experts certified in CISA, CIPM, ISO 27001 Lead Auditor, CEH, LPT, OSCP, etc.