In the 2013 Europol Serious & Organized Threat Assessment, the “Total Global Impact of CyberCrime" had risen to US $3 Trillion, making it more profitable than the global trade in marijuana, cocaine and heroin combined.”
Cybercrime is growing exponentially and will continue to here is why: In the early days of cybercrime, you needed to be an expert in technology to be a cybercriminal. It took a lot of knowledge and time and so only the most lucrative companies were targeted.
Today there is a mature marketplace on the darkweb, where anyone with $20 can go and rent access to 1,000 already compromised computers, then buy an already written ransomware exploit kit— a program designed to hold a computer for ransom unless the computer user pays to unlock and at the same time scrape the computer for personal information. Essentially the computer is held ransom until the user pays to get their computer back or ultimately loses all their data. The ransom amount pales in comparison to what the cybercriminal now has full information for 3 credit cards worth $30 each and 10 online payment service logins worth $20 each. Totaling $390 from just one compromised computer.
Now just think of the damage they can cause if they infect a company computer—they could get access to 100 driver licenses worth $20 each, if not more highly sensitive information. From there the cybercriminal can sell them on the dark web to the highest bidder.
Today, cyberattacks have evolved and can now be easily launched by anyone regardless of expertise. Targets have changed from the largest companies to any and everyone—especially small to midsize businesses who have tons of data and weak security.
Most business leaders feel like their IT is reactive, they’re overwhelmed with keeping the day-to-day running. This not only leaves little to no time to guide the company’s IT strategy and help drive efficiency, but it also doesn’t leave any time to really secure the IT environment. So what does it mean to be really secure?
Being really secure goes beyond having a firewall that is actively detecting and preventing intrusions, installing Microsoft security patches, filtering spam, blocking malicious sites, security awareness training, and complex passwords. These are the basics.
Download Our eBook: Managed IT Services
To really be secure means that you have implemented all the policies and procedures to meet one of the cybersecurity frameworks. For example, the NIST 800-171 a Federal standard has over 220 controls that must be in place and regularly reviewed to be considered compliant. The CIS Controls from the Center for Internet Security has just under 200 controls. The FFIEC Cybersecurity is another such framework. Proactive managed IT service providers have the experience and skillset to help you implement and maintain such controls. In fact, a managed IT service provider who cannot provide third-party proof they have implemented and follow such controls, really can’t secure your business as they themselves are not secure.
With the exponential growth in cybercrime and growing technology reliance in the day-to-day processes of small to midsize companies, more needs to be done to protect our data. Many believe Artificial Intelligence holds part of the answer.
AI leverages the benefits of Big Data to identify malicious patterns and can make the connection when suspicious activity occurs across multiple systems. In this way, they can preemptively block an attack before it starts or gains a foothold. In fact, proactive managed IT service providers are already using solutions that leverage Big Data and AI to provide their clients such benefits.
The other part of the answer is regulation. With the tremendous gap in proactive IT leadership, most businesses unfortunately are not taking the prudent steps needed to secure their companies. While the FFIEC has been in place for financial institutions to follow for some time. As recent as a few years ago manufacturers who are part of the DoD, General Services Administration (GSA), NASA or other federal or state agencies’ supply chain, must implement the security requirements included in NIST SP 800-171.
Another recent regulation that affects all companies in the European Union that hold information of people of the EU isGDPR. GDPR takes a slightly different approach in that it focuses on ensuring the secure handling of personal information by a business.