One of the biggest challenges in data and information security is knowing your threat level. IBM security recently released their 2018 X-Force Threat Intelligence Index. They monitor daily security events in 130 countries throughout the year for a comprehensive understanding of trends in cyber threats.
One of the most prominent ways organizations were found to be inadvertently open to attacks was due to improper configuration of cloud services. Misconfigured cloud servers accounted for 43% of more than 2.7 billion compromised records. This is an increase of 20% over recorded incidents in 2017. According to the survey, “misconfiguration is now the single-biggest risk to cloud security, with 62% of surveyed IT and security professionals noting it as a problem”. While most of these breaches appear to be the result of inadvertent actions, it is possible for an insider to maliciously expose data and hide it as an accident.
No matter the style of attack, financial gain is almost always the motivation. Over the past few years, ransomware became a popular choice for cyber criminals. In 2018, however, we actually see a decrease in the use of ransomware by 45%. Why? Because cryptojacking is proving far more lucrative for criminals, thus increased in use by 450%! Without the need of any hardware of their own, a cyber criminal can install a cryptocurrency miner virtually undetected. Once installed, not only is the criminal gaining valuable coin at the owner’s expense, but they are also opening the door for other kinds of breaches.
The number of recorded vulnerabilities has exponentially increased in the last 3 years. This is due to the “ever-expanding attack surface as new players such as IoT devices, and other smart technologies enter the fray.” The attack surface references the span by which an organization has entry points for a cyber criminal to infiltrate. Finance and Insurance registered as the highest targeted industry, due to their access to Personal Identifiable Information (PII) links directly to bank account and credit card data that can be monetized quickly. Professional services, such as legal, CPAs and consulting, is the third most targeted industry with the second highest likelihood of a breach. Valuable customer data combined with limited security budgets and staff makes it “as vulnerable as it is lucrative”.
With all of this seemingly troubling news, you may be asking: what can we do to protect ourselves? As IBM states, we must “make security an integral part of culture and overall structure”. This is done by changing your threat landscape to reduce your risk of exposure. And that starts with knowing your risks. Our Cyber Quick Check is the first step to understanding your risk, and takes less than 5 minutes. Based on your Cyber score, discover the recommended next steps. With dedicated action and your part and the use of our automated cyber risk management system, CyberCompass™, we can increase your protection to 80% in only 90 days. The threats are real, but protection is available. Don’t wait in the dark any longer. Protect yourself and your business from threats today.