With October being cybersecurity awareness month, Reperio looked at some of the latest statistics regarding cybersecurity and the steps that are being taken to prevent incidents occurring.
Cybersecurity Incidents on the Rise
Last year, WannaCry ransomware attacks wreaked havoc globally and affected the UK’s National Health Service, Germany’s Deutsche Bahn railways, China’s banks and Russia’s interior ministry, just to name a few. The World Economic Forum estimates that these attacks affected 300,000 computers across 150 countries.
The World Economic Forum’s Global Risks report found that in 2018, the financial impact of cybersecurity breaches is also rising, and some of the largest costs in 2017 related to ransomware attacks, which accounted for 65% of all malicious emails.
Over the last two years, the number of cybersecurity incidents being reported to Information Commissioners Office has increased by 75%, possibly due to compliance with GDPR. Alarmingly, 2,124 of these incidents could be attributed to human error compared to just 292 that were deliberate cyber incidents. Security guru Brian Honan explained that breaches by human error could be caused by poor passwords in web-based attacks, vulnerabilities in web platforms and out-of-date software. Deliberate cyber incidents, on the other hand, occur when there is unauthorised access, malware, phishing attacks or ransomware.
Preventing Cybersecurity Incidents
It is predicted that by the end of 2018, worldwide security spending will increase by 8% and reach a value of $96 billion, according to Gartner. This is likely to occur because of a growing awareness of threats and regulatory change.
Just last month, the Minister for Communications, Climate Action and Environment, Denis Naughten, TD, announced important new national cybersecurity requirements. These requirements will apply to the network and information systems of critical national infrastructure providers in Ireland and will aim to help protect infrastructure against cyber attacks and online threats. These requirements will centre around five core themes which include identify, protect, detect, respond and recover.
User and Entity Behaviour Analytics (UEBA), a security technology, is experiencing significant growth at present. They use a combination of machine learning, behavioural modelling and statistical analyses to identify when a user or machine patterns deviate from established behaviour, indicating a potential security threat. Unlike other security technologies, this technology provides both environmental and situational context and thrives on high volumes of data to get a comprehensive analysis of what is happening.
However, in an interview with SC Media UK, Stephen Burke, Founder and CEO at Cyber Risk Aware believes that security technology alone is not enough and everyone has a role to play because cyber-criminals are targeting people and they’ll bypass tech defences. This is in accordance with the view of Brian Honan, who stated that "all the technology in the world alone will not keep us secure, people will keep us secure". However, research from Menlo Security found people to be the weakest link in any organisation’s cybersecurity strategy.
Overall, as Sarah Armstrong-Smith, Head Continuity & Resilience at Fujitsu UK & Ireland explains, "to be truly effective when it comes to protecting personal data, it requires a mix of people, processes and technologies: all of which need to be carefully aligned so that everything fits together properly".
If you are interested in cybersecurity and would like to pursue a career in this field, we have a number of roles available. Check out our jobs page or give us a call on 01 571 3000.