As organizations try to ramp up their protective layers, cybercriminals are adapting to some of the defensive tactics that are being deployed. CrowdStrike, a US-based cybersecurity company, said in its 2022 Threat Report that, despite new approaches taken by law enforcement, it observed an 82% increase in ransomware-related data leaks in 2021 compared with the previous year.
The context for these developments is clear: the drive to digitally transform. In addition, there’s the increasing technical complexity of systems we depend on, combined with a jumble of legacy systems that present their own risks and vulnerabilities.
Crucially, as organizations leverage new technologies for their transformation – such as artificial intelligence, blockchain, and cloud computing – so do the cybercriminals. And cybercrime is big business. A data breach is a business transaction, so it should not surprise us that criminal gangs are not only better organized, but deploy business plans too.
So, what does this all mean? First of all, we need to recognize that we are swimming against the tide and so must get determinedly creative. Doing so will involve realizing that it’s not enough simply to protect your own perimeter if your partners or stakeholders are vulnerable.
But I believe it is also time to go further, and work together to ensure that a minimum level of cyber hygiene is achieved globally. We need to start collaborating and stop sweeping under the carpet the stigma associated with discussing breaches.
Many organizations still do not map the value enabled by their cybersecurity initiatives, viewing cyber as a cost center instead of business enabler. We also need to enable open discussions, learn from our mistakes, and learn from the mistakes of others. Only that way can we start to push back against the tide.