Juniper Research published new research yesterday: The Future of Cybercrime & Security: Threat Analysis, Impact Assessment & Mitigation Strategies 2019-2024 which finds that Business Losses to Cybercrime Data Breaches to Exceed $5 trillion by 2024 – Cybersecurity Breaches to Increase Nearly 70% Over the Next 5 years (Juniper Research press release link). A Shared Assessments expert offers thoughts on the findings and why organizations should adopt anticipatory compliance.
Organizations are all too often and unwittingly providing open pathways into their networks, such as dormant servers and applications, self-provisioned cloud computing resources not tracked by IT asset management processes, and third party vendor partners whose practices and security gaps may provide a ready conduit. Bad actors are increasingly adept at discovering and exploiting these risks lurking in the shadows. Mapping these exposed assets including those of closely related third parties is an important and increasingly urgent first step in securing the organization and protecting its intellectual property, sensitive data, reputation and bottom line.
The EU General Data Protection Regulation is one major contributor to these projected increases. Regulations drive improvements in security through fines, which directly impact the cost of a breach. Regulatory fines are only effective drivers if they’re actually levied and paid in some cases. The goal of regulatory fines is to force organizations to spend more on preventive measures by artificially tipping the scales to make breaches more expensive.
The fact is, the growth in the cost of data breaches doesn’t seem to have slowed the growth of digital business. Cybersecurity losses are a cost of doing business in the digital age.
With GDPR and its sister regulations in the US taking full effect, it seems that regulatory bodies are gearing up to unleash the full might of their newly enhanced powers. And, as cybercrime becomes increasingly more sophisticated, it’s no surprise that costs are set to increase. The rise of deep fakes and other AI-based techniques will mean that it is more important than ever that organisations are spending their money on the right defences. Companies, large or small, must invest in up-to-date security awareness training for their staff in order to provide the best defence against cyberattacks such as phishing scams and other targeted attacks.
Every day, security professionals are waking up to more and increasingly savvy data perpetrators who are finding new and uncharted means to acquiring data. Security professionals need to continue to sharpen their tools and think “outside the box” regarding other ways these data perps can get to confidential data. Anticipatory compliance should be embraced by organizations – not necessarily from the compliance lens, but from the security and privacy lens. What they learn from anticipating the threat horizon should be shared with all employees of their organizations and it’s Information Security’s role to help promulgate changes and educate the employees to not be lured in taking a data perp\’s bait.
While $5 trillion is a staggering cost resulting from the nearly non-stop data breaches we learn about each day, there is also a significant secondary cost that we must not lose sight of. I’m referring to the growing number of malicious, automated bot attacks that are fueled by the billions of credentials stolen from these initial breaches. Those secondary attacks, which are even harder to detect than the initial data breaches, tend to focus on business logic abuse, stolen IP, and financial fraud. The cost of these types of attacks are often under-reported, but are likely in the billions of dollars.