Cyber Security Crisis: An Origin Story

The 2020s are quickly being defined as a decade of globalism driven by digital connectivity, technological innovation and the questioning of socioeconomic norms that have persisted since the early 20th century. If the 1970s gave rise to the “me” generation, the 2020s can only be described as the “now” generation. Information at unprecedented scale is available at our fingertips – anywhere, anytime, in nearly any format. This has changed the expectations of the average consumer and the military-industrial complex alike. We communicate online, we work online, we wage war online.

In this new digitally connected age, data has become the world’s most valuable resource. Data means power. Those that hold it have the edge. This applies to individuals, businesses and governments alike. With data at such a premium, it’s no wonder a market for data theft has flourished – after all, it’s human nature. For every good deed, a bad deed lays in wait. 

The hacker represents the modern day boogie man – lurking out in the digital ether, unseen…but we know he’s there. It’s a delicate balance, especially at the corporate level. Companies play digital defense because they possess the data, whether it be financial, legal, personal or otherwise. Hackers innovate, finding new ways into corporate networks, devices and applications. This continuum has in turn created the cyber security market, where vendors strive to make a quick buck by plugging the latest hole in corporate infrastructure. But it’s been a losing battle thus far because security solutions that come to market are reactionary to problems their customers are already facing. The black hats have the element of surprise, and companies typically don’t know what hit them until it’s too late. 

This new digital dystopia is here to stay. And while it might make you want to shield your eyes like an episode of Black Mirror, the outlook for data protection and cyber security is not as bleak as it may seem. The first step to resolution (or general improvement), is to acknowledge that a cyber security crisis exists, and to identify our current challenges and shortcomings in order to pave a path forward.

Today, corporate networks are expanding and evolving in true Darwinistic fashion thanks to architectural advancements, new networking protocol standards, device proliferation, hybrid work policies…you could write a dissertation on this topic alone. The point is: the corporate network now extends to wherever authorized devices can connect to gain access to company resources.

More, More, More: Exacerbating the Cyber Security Crisis

All of this proprietary, confidential or merely sensitive data being accessed across these parts of the network is no longer safe behind your castle walls. The physical headquarters still exists, but it’s basically just a “fat” branch like any other satellite office or employee working from home. 

This complexity has driven cyber risks and costs to dangerous new heights. The number of significant cyberattacks globally is increasing and includes devastating ransomware attacks that are breaching even the most secure networks. But are we really surprised? Cyber defense (and offense) is the national security priority for every developed country on Earth. We’ll never know the global investment made into clandestine black hat innovation for the sole purpose of destabilizing the digital footprints of nations perceived to be threats. We may not want to. Ignorance here really can be bliss.

The Bad News

There were on average 270 attacks per company over the year, a 31% increase over 2020. Third-party risk continues to dominate: successful breaches to the organization through the supply chain have increased from 44% to 61%. (Accenture)

As they’ve adopted these new extortion approaches, ransomware gangs have become greedier. The average ransom demand was $5.3 million. That’s up 518% from the 2020 average of $847,000. (Palo Alto)

32% of organizations say security is not part of the cloud discussion from the outset and they’re trying to catch up. Reasons preventing take-up of the cloud revolve around security issues: about one-third of all respondents say poor governance and compliance is a problem, that cloud security is too complex and that they do not have the internal skills to structure a proper cloud security framework. (Accenture)

The Good News

82% of IT executives say their budgets have increased in the last year. IT security budgets are now up to 15% of all IT spending, 5 percentage points higher than reported in 2020. (Accenture)

49% of IT executives said their top security priority is the protection of sensitive data. (IDG)

The global median dwell time – the duration between the start of a security intrusion and when it’s identified – has dropped to below a month for the first time, standing at 24 days in 2021. That means incidents are being identified twice as quickly as they were year-over-year. (ZDNet)