The Facebook–Cambridge Analytica data scandal of early 2018, saw a breach of 87 million user records. An app scraped millions of people’s data, and the Cambridge Analytica Company was able to gain access to personal data of Facebook users.
Similarly, Quora, the popular question-answer website and Marriot also reported of data breaches involving information compromise, affecting about 100 million users and 500 million hotel guests, respectively.
Numerous data breaches occurred in 2018 and the rate of occurrence is getting higher each year.
The cyberthreat landscape continues to become more dangerous in the world that is highly connected by technology today. Cybercriminals of digital world are more organized, smart, and potent. Thus, cyberattacks have become a major industry worldwide, worth trillions of dollars.
Nevertheless, forewarned is forearmed. To fortify a business, the best solution is to essentially understand the tendencies and trends that malefactors have been following and adopt best practices of cybersecurity.
The recent Microsoft commissioned Frost & Sullivan study revealed that “potential economic loss across Asia Pacific due to cybersecurity breaches can hit a staggering US$1.745 trillion — more than 7% of the region’s total GDP of US$24.33 trillion”.
Focused on the state of cybersecurity in Asia Pacific, this study reveals some alarming facts about cybersecurity threat landscape in India too.
It states that in India, cybersecurity threats can cost large organizations an average of US$10.3 million and a mid-sized organization an average of $11,000 annually.
The new commissioned study further reveals that more than three in five organizations (62%) surveyed in India have either experienced a cybersecurity incident (30%) or are not sure if they had one as they have not performed proper forensics or data breach assessment (32%).
Large number of organizations do not conduct routine cybersecurity assessments or reviews to find out whether they have been victims of cyber security breaches.
So, if IT departments are not routinely checking whether their systems have been infiltrated or not, then they are putting their companies at a great risk. Knowing your system breaches can allow you to assess and exploit the weaknesses, fix them and evaluate the damages.
Key takeaways from Microsoft commissioned Frost & Sullivan study
1. Cybersecurity concerns delay Digital Transformation plans
59% enterprises have put off their digital transformation efforts due to the fear of cyber-risks.
In this digital transformation era, securing corporate data and managing risks is the top most priority for the business decision makers and IT leaders, while taking advantage of the opportunities presented by today’s mobile-first, cloud-first world.
Report states that cyber security breaches result in significant losses like financial loss, damage to customer satisfaction and market reputation, for organizations. Thus, these incidents undermine the ability of Indian businesses to capture opportunities of digital economy.
Keshav Dhakad, Group Head & Assistant General Counsel, Corporate, External & Legal Affairs (CELA), Microsoft India said “As companies embrace the opportunities presented by cloud and mobile computing to connect with customers and optimize operations, they take on new risks. With traditional IT boundaries disappearing the adversaries now have many new targets to attack. Companies face the risk of significant financial loss, damage to customer satisfaction and market reputation—as is evident from high-profile breaches this year.”
2. Remote code execution, data exfiltration, multiple security tools and complex environment are the key concerns of organizations witnessing cybersecurity incidents
The study also reveals the key cyberthreats and gaps in Indian organizations’ cybersecurity strategies. It states that organizations in India which encounter cybersecurity incidents, face threats with slowest recovery time like remote code execution and data exfiltration.
A large number of cybersecurity tools and a complex environment also add to the turnaround time. So, organizations should avoid deploying a large portfolio of cybersecurity solutions to render stronger protection.
Survey revealed “24% of respondents with more than 26 to 50 cybersecurity solutions could recover from cyberattacks within an hour. In contrast, 32% of respondents with fewer than 10 cybersecurity solutions responded that they can recover from cyberattacks within an hour”
3. Cybersecurity is an afterthought for most of the organizations
37% businesses don’t consider cybersecurity strategy as a strategic business enabler rather they consider it as a “safeguard” against cyberattacks. Only 18% see cybersecurity as a digital transformation enabler.
Only few organizations consider cybersecurity while initiating any digital transformation project, rest either think about it only after they start on or do not consider it at all. This leads to insecure products going out into the market.
Three kinds of losses that could result from a cybersecurity breach
- Direct Losses include financial losses associated with the incident such as loss of productivity, fines, remediation cost etc.
- Indirectlosses include opportunity costs such as loss of customers and reputation.
- Induced losses include impacts on the broader ecosystem and economy, such as loss of jobs, the decrease in consumer and enterprise spending. As per study 64% organizations have suffered job losses due to Cybersecurity attacks, over the last year.
4. Artificial Intelligence (AI) will act as a key equalizing factor in cybersecurity defense
92% of Indian organizations who were surveyed are looking to leverage Artificial Intelligence to boost their cybersecurity strategy.
Study also reveals that 22% of Indian organizations have already witnessed benefits of using AI to achieve faster and more accurate detection of threats.
AI’s ability to detect and act on attack vectors is based on data insights, so organizations using AI are equipped with predictive abilities that will help them to rapidly analyze and respond to unprecedented quantities of data and match the speed of cyberattacks’ frequency, scale and sophistication. They will be able to fix or strengthen their security posture prior to problems emerge. Also, they will be able to identify cyberattacks, remove persistent threats and fix bugs.
5 best practices to improve defense against cybersecurity threats
It is always better to find a problem early and address it quickly.
“The ever-changing threat environment is challenging, but there are ways to be more effective using the right blend of modern technology, strategy, and expertise. Microsoft is empowering businesses in India to take advantage of digital transformation by enabling them to embrace the technology that’s available to them, through its secure platform of products and services, combined with unique intelligence and broad industry partnerships.” – Mr. Dhakad
The Frost & Sullivan report recommends a set of key practices for organizations to improve their cyber threats defense.
- Consider cybersecurity as a digital transformation enabler:Establish a connection between digital transformation efforts and your cybersecurity practices as cybersecurity is a necessary to keep the company safe through its digital transformation journey, whereas digital transformation provides an opportunity for cybersecurity practices to embrace new methods of addressing digital risks.
- Invest in strengthening your security fundamentals – toolsets, training and policies: Maintain strong passwords, keep device operating systems and software and anti-malware protection updated and use multi-factor authentication conditionally against suspicious authentications.
Over 90% of cyber incidents can be averted by maintaining the most basic best practices.
- Leverage well- integrated best-of-suite tools instead of using maximum: Prioritize your best suite of tools, reduce their number and make your security operations simple to help your employees do their best with the available tools.
- Assess and review compliance continuously:Maintain continuous state of compliance. Conduct assessments and reviews regularly to test for potential gaps that may occur during the transformation of organization and address these gaps. Keep tab on compliance to industry regulations and progress of organization against security best practices.
- Leverage AI and automation to increase capabilities and capacity: Organizations should look to automation and AI to improve the capabilities and capacity of their security operations. It will help them to –
- Raise detections that would otherwise be missed.
- Interpret the various data signals with the recommended actions.
- Free up cybersecurity talents to focus on higher-level activities.
So, it’s time for your IT checkup – follow the trends like cybercriminals do, conduct regular cybersecurity assessments, focus on cyber hygiene and ensure strong security fundamentals. Either take cybersecurity action yourself or leave it to somebody else to do it for you.
Do remember, it is you who leave open your devices or systems to vulnerabilities. These threats are manageable, but it is up to you to do your part.
Feel free to share your feedback in comments.