Ransomware, in particular, is exploding, said Bob Moore, director of server software and product security at HPE. In the past two years, ransomware attacks have increased by a factor of 15, and by next year, a new ransomware infection will happen every 14 seconds, according to research from Cybersecurity Ventures.
By 2021, the global cost of cybersecurity breaches will reach $6 trillion, equal to one-third of the gross domestic product of the United States. That figure is larger than the entire global illegal drug trade, and it is projected using only reported data breaches. “It’s the largest transfer of wealth in the history of mankind.”
In addition to becoming more organized, Morrison said, cybercriminals are becoming more creative. He pointed to other attack surfaces, noting that in addition to one-time phishing attacks, some criminals are now engaging in ongoing conversations with company insiders in an effort to build trusted relationships. The criminal could pose as a potential customer or even a co-worker who asks the accounting department to transfer money to a partner of the company.
Criminals are also turning to multiprong attacks, Morrison said. In one recent case, an attack on the hardware of a bank was cover for the criminals to use wire transfers to steal money from the organization.
The good news is there are ways to defend against these attacks, HPE representatives said. Technology such as the company’s "silicon root of trust" is designed to lock down firmware on servers and make it impossible to install rogue code, said Scott Farrand, HPE’s vice president for hybrid IT, platform firmware, and software.
To minimize insider threats, companies should adopt training programs to test employee response to phishing and other attacks, recommended Lois Boliek, HPE security and assurance strategist. She pointed out that companies can also monitor employees for unexpected behaviors as a way to head off inadvertent or malicious actions.
Many employees have gotten the word that they’re not supposed to click on links or open attachments in email from unknown senders, said the FBI’s Morrison.
Still, about 4 percent of employees will click on every link they see in an email. Some companies have gone so far as firing employees who fail a phishing test, Morrison noted.
Morrison recommended companies keep updating their security practices to reflect new types of attacks. “Cybersecurity has to be a constant process,” he said. “It’s not like something you can put out there and hope it stays good for three years.”
He also suggested companies work with trusted vendors to deal with their security challenges. “What I tell everybody is, don’t do it alone,” Morrison said. “There’s too much of a threat out there for you to go it alone.”
Cyberthreats: Lessons for leaders
- Ransomware and attacks on firmware and hardware are growing cyberthreats.
- The cost of reported data breaches will reach $6 trillion in 2021.
- Insider threats remain another major attack surface, according to the FBI.
Source > hpe.com