In 2021, the global cost of cybercrime was over $6 trillion.
For perspective, this was more than the individual GDP of every country in the world except the US and China. The cost of cybercrime will only continue to increase, with some experts predicting that number will exceed $10 trillion by as early as 2025.
It’s no wonder that cybercrime and cybersecurity have become primary concerns for CIOs and CISOs in boardrooms everywhere. According to Cigna CIO Noelle Eder, in an interview with The Wall Street Journal, “this year reflects a massive shift” in CIOs’ role in cybersecurity.
While cybercriminals have certainly gotten more sophisticated over the past few years, a huge factor in the rise in cybercrime has been the Covid-19 pandemic. Covid thrust everyone – from individuals to huge corporations – squarely into the digital realm in almost all aspects of life and business. With increased digital and virtual interconnectedness came a plethora of security risks and vulnerabilities. Read on to learn about the risks CIOs and CISOs are, or ought to be, considering when developing cybersecurity policies and protocols.
Working from Home: Keeping Information In-house
More than ever before people are working either entirely remotely or with a hybrid schedule, and it seems like it may be the norm moving forward for the near future. To support working from home (one among a variety of other reasons) companies have migrated to the cloud, with roughly 92% of companies using either public or private cloud services, according to Foundry’s 2022 Cloud Computing Study. While working from home has generally positive upsides for both the employee and the employer, it is important to be aware of, and prepare for, potential threats posed by supporting a remote work environment.
Cybercriminals make money by obtaining sensitive data to which they otherwise do not have access. They can then use that information for nefarious reasons, sell that information to others, or simply ransom the information to the company from which it was stolen.
For example, phishing, a cybercrime whereby users are fooled into revealing sensitive information by downloading something that seems otherwise legitimate, is widely prevalent. Indeed, a 2021 Cisco study revealed that nearly 90% of companies reported having at least one employee fall for a phishing scam. Similarly, ransomware attacks, a form of malware that holds information hostage rather than destroying it, affected approximately 60% of US companies’ bottom line, according to a 2021 report by Cybereason.
To be sure, cyberattacks are not limited to those working from home. However, there are generally more security measures in place for a controlled office network. It is critical for CIOs and CISOs to develop policies and educate remote workers on security measures.
RELATED POST: Looking at COVID-19 From a Different Perspective… Candidates and Recruiters
Third-Party Risks: Know Who You’re Dealing With
In 2019, patients of a Massachusetts hospital had their data stolen; not because there was a breach in the hospital’s network, nor was it due to an employee of the hospital. Rather, an employee of a vendor used by the hospital was the culprit of the breach. Facebook had two such third-party breaches in 2019.
These types of occurrences are far from uncommon. According to the Ponemon Institute, more than half of organizations reported having a data breach caused by a third party.
Businesses do not operate in a vacuum and often work closely with other businesses in B2B relationships. In these partnerships, sensitive data is sometimes shared. Indeed, third parties multiply cybersecurity risks because it may be easier for a cybercriminal to access desired data, not from the source itself, but from a third party that also has the data.
A frightening example of such a thing happening was the Accellion (now Kiteworks) breach in 2020 and 2021. Accellion provided users (including major universities like Stanford, University of Miami, and the University of Colorado; government agencies like the State of Washington and City of Toronto; and over one hundred other companies and organizations) with dedicated private content networks, which allowed large transfers of data in what was supposed to be a secure way. Cybercriminals discovered vulnerabilities in Accellion’s system and were able to access the data. Accellion tried to fix the problem after the initial attack only to be attacked again months later. It was a frustrating set of circumstances that resulted in significant liabilities along with shaken patient and consumer trust in their data privacy.
Third-party cybersecurity risks should be an important consideration for any CIOs’ strategy to protect data and combat cyber crimes. With so many companies relying on different cloud-based vendors to meet their operating needs, CIOs must understand and prepare for the risks that come with using such third-party services.
Conclusion
Cybercrimes will only increase in scope, complexity, and economic costs as we move further into the digital era. And while cybercrime threats are troubling for any company, research from IBM and Ponemon Institute found that the faster a breach is contained, the better. Unfortunately, it takes an average of 206 days to identify a threat, while the time to contain it was 73 days, on average.
The problem of cybercrime for companies also isn’t merely limited to financial risks. There are a host of potentially devastating risks to companies that are unfortunate enough to be the successful target of a cybercriminal. Reputational, operational, and potentially legal and ethical implications can all be the horrific results of a data breach, from which some companies simply won’t recover.
It is paramount, then, for CIOs and CISOs to make policies and protocols that protect both a company’s internal systems and also be cognizant of potential third-party vulnerabilities. CIOs and CISOs must be as vigilant as the hackers and threat actors who never give up.
Are you looking for a job in Information Technology?
See all of our current openings here!
About the Company:
Peterson Technology Partners (PTP) has partnered with some of the biggest Fortune brands to offer excellence of service and best-in-class team building for the last 25 years.
PTP’s diverse and global team of recruiting, consulting, and project development experts specialize in a variety of IT competencies which include:
- Cybersecurity
- DevOps
- Cloud Computing
- Data Science
- AI/ML
- Salesforce Optimization
- VR/AR
Peterson Technology Partners is an equal opportunities employer. As an industry leader in IT consulting and recruitment, specializing in diversity hiring, we aim to help our clients build equitable workplaces.