Cybercrime costs are expected to climb towards $6 trillion in 2021
According to the global leader in cyber economy research Cybersecurity Ventures, we are entering a “Hackerpocalypse”. They recently released their 2016 Cybercrime Report and revealed that cybercrime is growing at rates far higher than was previously estimated. Their conclusions were unanimous, and called for an increase in discussion for what is becoming one of the greatest threats to our national security. We’re going to cover the main findings of the report, and how they affect your life and career. Then, we will share how SIM2K defends against these constantly evolving Malwares with a 99% success rate.
The Growing Cost of Cybercrime
Cybercrime costs may include the loss of business during downtime, or the money spent recovering compromised networks. It also includes the costs associated with damaged reputation, stolen or destroyed equipment and data, identity fraud, wire fraud, embezzlement and more. According to the Microsoft Security Blog, global cybercrime costs in 2016 were a whopping $3 trillion- and is expected to double in the next 5 years. While this number continues to grow, spending in IT security does as well, but at a slower rate. In 2016, security spending was $1 trillion world-wide. The disparity between spending on security and the cost of cybercrime is a clear illustration of the uphill battle facing businesses and governments around the world. What’s more: we can’t find enough people to fight against the “black hats”. Job openings in cybersecurity are expected to increase 500,000 by 2019, amassing to over 1.5 million unfilled roles.
Small and medium sized businesses are the favorite target
A key takeaway from this report is that small and medium sized businesses were attacked just as often, if not more, than large corporations. In fact, nearly half of all cyberattacks are committed against small businesses. The report found that over 80% of SMB’s don’t have data protection or email security in place. Hackers often have more success targeting smaller businesses without proper IT staff or support, as opposed to bigger corporations that likely have entire divisions devoted to data security. More than 90% of corporate executives have said that they aren’t prepared to handle a major attack.
To level the playing field, many SMB’s are partnering up with MSP’s and MSSP’s (Managed Security Service Provider) to leverage their knowledge and experience against hackers. The SMB’s delegate complicated tasks and responsibilities to a team of IT professionals who manage, configure, maintain and support the client’s networks. The MSP’s consult the businesses as they grow, ensuring that technology grows with them, and also provide data storage and backup solutions- in case of a catastrophic event like a ransomware attack. This is the only effective way SMB’s can battle evolving cyberattacks without staffing a dedicated IT professional.
Why is cybercrime on the rise?
There are actually a few reasons. First of all, there is simply an increasing number of devices online. As the population grows, so too does the amount of personal devices being used. Microsoft predicts that by 2020, there will be twice as many people online as in 2016. For this reason, we are seeing a shift from attacks on networks, to attacks on individuals.
On top of this, IoT enabled devices are becoming more common, and expected to surge in production in the next few years. What it all boils down to is that we are going to be faced with protecting over 50 times more data than we do today, on an ever-growing number of devices.
We also see a very young crowd participating heavily in cybercrime. The FBI reported at this year’s Black Hat conference that many attackers are aged 16-17 years old, and even more were in their mid-20’s. Their report highlighted how inexpensive it is to begin hacking, and pointed to the large amount of free time many of these individuals have. Nowadays, ransomware can be purchased from the dark web and deployed with little technical knowledge, so criminals of all computing backgrounds engage in the activity.
Bitcoins embolden cybercriminals
Last week we discussed the concept of Bitcoins and their role in the online environment. If you are familiar with ransomware, you understand how cybercriminals leverage Bitcoins as a source of untraceable revenue. The dark web uses Bitcoins to make illegal transactions like selling stolen data or equipment, and their recent spikes in value have undoubtedly motivated cybercriminals. As Bitcoin's value rises, the payoffs for a successful ransomware attack become more attractive.
Here are some main points from Cybersecurity Venture’s report that you definitely want to take home with you:
· Every second, 12 people online become a victim of cybercrime
· Identity theft is now the fastest growing crime in America
· Cybercriminals produced malware at a rate of 230,000 new samples per day in 2015, this number today is much larger
· The 5 most attacked industries: 1. Healthcare 2. Manufacturing 3. Finance 4. Government 5. Transportation
· There is a cybersecurity workforce shortage of about 1 million in 2016
· Nearly half of all cyberattacks are committed against small businesses
· By 2020, the world will need to protect 50 times more data than it does today
Fight cybercrime with Artificial Intelligence
The key to SIM2K’s success in battling cybercrime is employing the most innovative and advanced antivirus solutions available. In today’s cybersecurity environment, that technology is AI. By partnering with Cylance, SIM2K brought next generation AV to Indiana, capable of preventing over 99% of malware from executing. Furthermore, the flagship product CylancePROTECT uses only 1-2% CPU, and doesn’t even require an internet connection to stop zero-day threats. Cylance stole the show at this year’s Black Hat conference, showcasing the abilities of their new approach to AV. They are reinventing the entire industry, shifting it from detect and respond methods to preventative ones.
15 years later, he may not be so sure…
You may not be familiar with the name Bill Burr, but he has probably had an impact on your daily life. In 2003, Burr, who was working for the National Institute of Standards and Technology, shared some very convenient advice on creating passwords: use a mess of numbers, characters, and letters (upper- and lower-case), and then change them every 90 days. So was the standard for creating and managing the credentials of our growing number of online accounts. Tragically, Burr waited 15 years to share his next advice on the subject: “I was wrong”.
“It just drives people bananas”
That is literally what Bill Burr recently said of his own 2003 password guidelines. We just wish he had come to this conclusion as quick as we did (possibly in 2004?). His new advice (not sure who is asking for it at this point) offered by a man now in his 70’s, focuses instead on grouping unrelated words to create a random combination of characters. The problem with Burr’s previous advice was that when people changed their passwords, they would only slightly modify a previously used password, and preferred to use the same numbers and characters. This would create a set of credentials that shared similarities across multiple logins, allowing for more insightful hacking attempts. Now, Burr explains that we should instead focus on grouping unrelated words together, for example: Lighthouse Baseball Purple Cow. No numbers or capital letters required. The National Institute of Standards and Technology expects to rollback previous rules in upcoming weeks. tH@nK$ @LoT B!LL
Thank you to Cybersecurity Ventures for contributing their findings to this post: http://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
Like us on Facebook!