The Word Economic Forum (WEF) has just published the results of a report detailing that – out of 12,000 business leaders across 140 countries – cyber attacks are the top concern businesses will face over the next decade in Europe, North America and Asia. Globally, cyber-attacks were only the 5th highest risk cited by business leaders. This comes after a number of high-profile attacks in the UK targeting organisations such as BA and HSBC.
Fraser Kyne at security firm Bromium commented below that despite increased investment in cybersecurity, businesses are still getting hit, and this won’t change until they change their security strategy.
Fraser Kyne, EMEA CTO at Bromium:
“Businesses are right to be concerned by the prospect of cyber-attacks threatening them over the next ten years. Despite $114bn being invested in cybersecurity in 2018, businesses are still getting owned with alarming regularity. When looking at the causes of breaches, it’s evident that email attachments, links and downloads are the most common methods used by hackers. Be it HR professionals opening infected CVs from unknown sources, or employees clicking links on malware-riddled social media sites on their lunch break, users provide hackers with an easy route to bypass security.
“These simple attack methods are still effective because the architecture cybersecurity is built on is fundamentally flawed, as it overwhelmingly relies on detecting these threats. We’re increasingly seeing zero-day and other polymorphic malware being used to evade detection. Even the more sophisticated detection-based tools that utilise machine learning, AI and behavioural analytics to identify anomalies and patterns can potentially struggle to determine what is good and what is bad – and are certainly never able to be 100% accurate. Malware writers will also innovate using similar tools to make their attacks more effective.
“If businesses are to truly mitigate the risk of cyber-attacks over the next decade, they need to drastically diversify their defences. A new approach is needed to mitigate the risk of cyber-attacks, one that provides effective isolation of threats, not just identification of threats. By adopting layered cybersecurity defences that utilise application isolation, organisations can ensure they are better prepared to cope with the threats they will face over the coming years.”