A Growing Digital Economy Means More Cybersecurity Challenges
The Covid-19 pandemic has fueled tremendous growth in internet commerce. In 2020's second quarter, e-commerce accounted for 16.1% of retail sales, up from 10.8% the year before, according to the U.S. Commerce Department. Businesses that were already emphasizing their digital platforms have been motivated by the pandemic to accelerate efforts to grow their digital presence and speed app development to capture consumer activity as it increasingly moves online.
Just as companies are flocking to where the consumers are, cybercriminals are "upping their game" in chasing after those companies. In 2019, the FBI received 1,300 complaints per day about crimes committed online, a more than 40% increase from the year before. Businesses can expect a similar or greater increase in internet-based crime in 2020 as criminal opportunities expand at a pace roughly equal to the growth of online commerce.
For companies, this should set off alarm bells because the costs they may bear in terms of reputation, loss of market value and time spent on addressing the breach can be immense. According to a 2019 study by cloud computing company Iomart, the average time it took a company to identify a breach was 206 days, with an additional 73 days needed to resolve the problem. A report of a breach can also put a significant dent in a company's market value, the study said.
The growth in digital attacks signals that cybersecurity has risen near the top of risks companies face in an increasingly digital economy and that companies need to maintain vigilance by scaling up their security protocols to meet the threat.
Mission Critical: Protect Data
Of course, cyber crooks' real target is consumer data, which can be sold or traded to other criminals. When cyberthieves break into the virtual bank vault, rather than sacks of cash, they're making off with sensitive information. This can include checking and credit card account numbers, Social Security numbers and other vital information that can pose a grave risk to customers.
Each new online venture increases the "technology surface area" available for criminals to probe. Imagine that each new internet portal and digital app is a house. Every new home that appears in this virtual neighborhood is going to attract cyber thieves who will jiggle the "doorknob" in the hopes that it's been left unlocked.
The fastest expansion — or the largest amount of unlocked doors — comes from virtually all companies that need to innovate to stay relevant. Just 10 years ago, companies needed a web presence to demonstrate their relevance. This importance is now further amplified by mobile apps as companies bring more services online and in real-time. As companies roll out enhanced digital strategies, they need to scale security operations to keep their expanding online environments safe and secure.
Two Types Of Attacks
From my perspective, there are two basic kinds of attacks. Targeted attacks focus on a particular company, typically a larger outfit with more customer data or with well-heeled clients whose account information is particularly valuable. There are also scanning attacks in which hackers essentially use trial and error to scrape as much of the digital commerce surface area as possible and hope to get lucky and find virtual doors that are not well "locked." Often, the latter approach finds vulnerabilities at smaller companies.
Hackers are also adept at finding weak links in security systems. Most are typically found with third-party software and services, as with an operating system vulnerability such as Microsoft Windows or a network protocol. Those are ubiquitous across many infrastructures, allowing cybercriminals to find and exploit vulnerabilities across a multitude of online services and apps.
There are also application-level vulnerabilities. The OWASP Foundation publishes a top 10 list of security risks for apps, which companies should stay up to date with. Companies also need to keep up with security patches and test and deploy them on a regular basis. Without extreme diligence, systems can become vulnerable.
Minimizing surface area isn't an option for companies that need to grow their market footprint. This means they need to continue their existing efforts and protocols and remain diligent to minimize risk. There's no zero-risk solution.
Increasing Vigilance
In order for companies to stay competitive, security automation, scanning and assessment need to be increased over time to allow safety efforts to match innovation and speed to market. Right now, third-party software can automatically scan a company's code to identify potential vulnerabilities. However, companies then need people to assess and remediate the identified vulnerabilities. These are the manual processes that need AI and automation to increase accuracy and speed in order to apply the needed security patches.
Companies can use third-party services, such as managed security service providers, that help to monitor their systems' health as well as dark web chatter and business-related data. They can also monitor their infrastructure for vulnerabilities and potential breaches. This helps identify potential problems before they surface. It is also an effective way to augment an organization's information security team in a very scalable and cost-effective manner.
Businesses can also look to security frameworks, such as the Commerce Department's National Institute of Standards and Technology (NIST) or the Cloud Security Alliance (CSA), to help think through and implement holistic solutions.
Building and maintaining a robust security program depends on a company's ability to hire talented people and establish effective processes to keep their technology up to date. While companies may want to strengthen their web security, there's often a shortage of professionals who can help companies improve their own fortifications. That means companies should take a two-pronged approach — outsourcing security while growing and training internal capabilities.
While there is a cost to ramping up security, it's important not to get complacent because hackers are always innovating and seeking advantages, too. While there's no way to completely eliminate the risk of a cyberattack, the growth in digital commerce is a constant opportunity for hackers. To beat hackers at their own game, companies will have to become ever more vigilant.
Reproduced from: A Growing Digital Economy Means More Cybersecurity Challenges (forbes.com)