Ransomware and cryptojacking are just two examples of threats that businesses must be prepared to address now and into 2020. A ransomware attack is generally a single event in which hackers invade a user’s machine to lock up data or systems and demand money to release them. In cryptojacking, hackers implant malicious software on web pages and set it to activate through a user’s browser when he visits the page. The software then hijacks computing power from the user’s machine to mine the internet for cryptocurrencies. The theft of computing resources occurs whenever anyone arrives at the corrupted web page.
Consider the state of cybersecurity today and into 2020 and beyond:
- 50% of companies report that they are not adequately prepared for a ransomware attack (Cisco)
- More than 4,000 ransomware attacks occur daily, with an average demand of $1,077 (Cisco)
- In 2019 a new organization falls victim to a ransomware attack every 14 seconds; increasing to every 11 seconds by 2021 (Cisco)
- 53% of all reported malicious attacks were tied to credential phishing (Cisco)
- Hackers are targeting cloud servers for crypto-mining schemes (Cisco)
- The average company had an estimated 1,440 cybersecurity vulnerabilities in its technology systems in 2018, up 4% from 1,380 the year before (IBM)
- Number of crypto-jacking attacks doubled that of ransomware last year (IBM)
Cyber defense capabilities must work like a digital antibody – intelligently generating an autonomous and a measured, proportioned response, when a threatening incident arises. Businesses need to contain an incident as it happens. Organizations must establish a “pattern of life” for components such as devices, users, network, and containers – baseline behaviors of all such components must be known. This then enables the organization to detect emerging anomalies. The cyber defense technologies implemented must be self-learning and adaptive.
All businesses today are digital businesses. Disruption to digital assets, is a disruption to the business. Due to advances in technology, attackers can execute highly targeted, automated attacks. Businesses need to assess cybersecurity solutions that implement a combination of artificial intelligence and machine learning – away from static, signature-based solutions.
Prepare for 2020 threats now with a cyber defense that is active and autonomous. Complimentary: Discuss 2020 compliance mandates and how to leverage frameworks such the NIST CsF and HITRUST to establish a credible cyber defense program – with Ali Pabrai, at Ali.Pabrai@ecfirst.com.
Date: March 26, 2019