When Warren Buffett suggested that cyber attacks were the ‘number one problem with mankind’ during Berkshire Hathaway’s annual shareholder’s meeting in May last year, he raised a valid point. His logic was that nuclear was less likely than biological and cyber warfare.
The numbers make for stark reading. According to the 2016 Cybercrime Report from Cybersecurity Ventures, cybercrime is set to cost the world in excess of $6 trillion within three years, which according to some suggestions now makes it more profitable than the global trade of all major illegal drugs combined.
Indeed, it’s a fair assumption that we’ve reached a tipping point in the battle against cybercriminals, as firms continue to fight what now feels like a never-ending battle against those that would seek to breach the perimeter and cause chaos within the corporate network. Almost every day we’re exposed to new narratives in the cat and mouse game of IT security as firms strive to keep one step ahead of hackers and those attempting to disrupt the business.
Over the past twelve months we’ve been witness to a spate of new attacks from cybercriminals that have attempted to pierce the over-stretched resources of IT with ransomware in particular coming to the fore.
Names such as WannaCry, Petya and NotPetya have become all too familiar as those within the enterprise and public sector suffered business disruption at the hands of cybercriminals and ransomware – where computer data is hijacked and a fee demanded.
When WannaCry struck, disruption was wide and swift. According to to NHS England, more than 81 NHS trusts were affected, with some even turning of devices and shutting down computers as a precaution. With a further 603 primary care organisations also reporting disruption, there were said to have been nearly 20,000 cancelled appointments, with 600 GP surgeries returning to pen and paper and five hospitals simply diverting ambulances as they were unable to handle any more emergency cases.
Although that ransomware attack was stopped within a matter of days, reports suggested more than 300,000 computers across 150 countries had been affected. WannaCry was also significant in being the first ‘ransomworm’ the world had seen – a self-replicating piece of malware that bounces from computer to computer in much the same way that diseases in the real world do, feeding and growing off the best connected computers.
Indeed, WannaCry was seen as a necessary wake-up call in many respects. Particularly when experts revealed the number of ‘unpatched’ IT systems stood somewhere in the region of 40m. That degree of carelessness and cyber criminals upping the ante are just two reasons that the frequency of these attacks are set to increase to one very 14 seconds in 2019 if figures from Cybersecurity Ventures are to be believed.
Although this represents just one aspect of policing the perimeter it really does put into perspective just how much firms have to think about when it comes to securing the business today and that’s before considering how you manage and police mobile devices and IT assets. After all, it’s not just those on the outside you need to consider.
This is forcing businesses to strategically look at and reconsider their approach to IT security with a fresh pair of eyes. Factor in impending regulations such as the upcoming General Data Protection Regulation (GDPR) – the EU’s attempt to drive better standards of cybersecurity to provide increased protection for the data of EU citizens being handled by firms – and most have their hands more than full. It can all appear very daunting even to the most seasoned of professionals and is certainly one reason many firms are now looking to trusted partners for help and in some cases secure outsourced solutions.
Imagine, for instance, being able to forget about certain elements of this by using secure encryption and modular services that protect your devices before they even boot up? What about encrypting both these and hard disks right down to individual folders and segments of data? Wouldn’t it also be wonderful if you could do this via a centralised management system that ensures seamless integration with existing IT infrastructure and meets the FIPS 140-2 security standard for full disk encryption; a certified mark of quality expected by security experts the world over? Imagine being able to produce a report at the click of a button, demonstrating your organisations compliance with the GDPR.
It’s actually easier than you think and with the correct encryption solutions deployed across the business, you can deliver measurable improvements to your bottom line whilst at the same time being able to reassure customers that they are taking the correct precautions when it comes to customer data and compliance.
Need help with securing your data and the GDPR?
CIS recognises that security and compliance can be difficult to understand. To help with any confusion and issues we offer modular support services that are available 9-5 and with emergency support 24/7. We take data security very seriously and our secure encryption keys are held within an ISO27001 certified military-grade data centre.
For further information on this or the GDPR please contact Gareth Johnson.