How the black market puts businesses in the red

null

Organisations are struggling to keep pace with cybercriminals tactics. Traditional IT methods are no longer effective, and firms often lack the expertise and resources to combat the rapidly evolving threat landscape. The business bottom-line is at risk.

Data has become one of the most valuable assets a company can have. Ensuring qualified, trusted professionals are in place to protect this data has become paramount. Many executives cite cybersecurity as the big issue impacting their business today, yet they recognise that their operations are insufficiently prepared for a major attack. Now is the time to rethink the security strategy and prioritise what matters – securing applications and sensitive data.

Are you hidden on the black market?

Performance, pace, and profitability drive businesses today. Money, maliciousness, and black markets motive hackers and are the economic drivers behind their activities. The business of cybercrime is fuelled by money making scams, which is focused on acquiring both companies’ and customers’ data. Distributed Denial of Service (DDoS) techniques are used to bring down operations and disable company services, which prevent companies from functioning and deny services to customers. With every click there may be a cyber trick. Phishing e-mails are typically used to fool users to hit links and be diverted to a bogus website, which could download a virus and maliciously infiltrate computer systems to acquire data.

The financial implications can be enormous in lost business and, crucially, the loss of reputation.

Your personal details are valuable currency if placed in the wrong hands. Cybercriminals are erroneous entrepreneurs that do not play by the rules. The Microsoft Secure Blog recently reported that The World Economic Forum estimated the economic cost of cybercrime to be $3 trillion worldwide. That’s big bucks for big data and companies of all sizes, across finance, retail, technology, utilities and energy sectors, are typical hacker targets.

In recent times, companies have been brought to a standstill due to sophisticated attacks. There are many examples where systems have easily been infected with malware, such as Cryptowall, due to careless clicking. Software across the enterprise can be affected ranging from accounting software, customer account files, social security numbers, among other sensitive customer information. The attacker then makes a ransom demand for money in exchange for a decryption key. Small organisations may not be able to afford to rebuild the network systems, and operational downtime can cause their business doors to close due to no access to critical systems, sales data, and cash flow.

According to the Ponemon Institute, the average price for small businesses to clean up after their businesses have been hacked stands at $690,000; and, for middle market companies, it is over $1 million.

Rethink the strategy

Interestingly, many industry leaders have identified that prevention and preparation are vital to safeguarding operational efficiency. Back in 2015, Ginni Rometty, Chairman, President, and CEO and of IBM stated, “Cybercrime is the greatest threat to every company in the world." 

If there is a way for cybercriminals to earn from nefarious activities, the onslaught of attacks will only continue, and more importantly, escalate to a greater level in the future. Unfortunately, many enterprises are insufficiently agile to adapt their security policy and businesses strategy to fend off threats. In addition, many believe that there is no choice but to pay hackers following a ransomware attack using tools and techniques gained from the dark web.

Now is the time to rethink the strategy. Executives need to implement a change in digital culture throughout the organisation. Do not pay ransomware demands. Even though data may be released upon payment, the likelihood is that hackers will continue to target the operation. One hit does not mean they’ll quit.

Investment in systems and process can, and will, make an enormous difference to mitigate against an increasing threat landscape. Every IT worker, operations staff, and each employee must work to a common cyber policy and ensure that they adopt best practice with regards to data management.

Apps are the gateway to your data. Therefore, by fortifying security strategies with solutions and services focused specifically on the application, organisations will protect the ones that expose sensitive data, wherever they live, whether in the data centre, public or private cloud or containers. Look for solutions centred on protection, and visibility into encrypted traffic. With greater control over access management and user behaviour, it is much easier to reduce the risks of app attacks.

Think app first

Black market criminal activity has forced many firms into the red. Dollars are draining away from businesses due to growing cybercrime. Analysts predict that the damage is due to hit $6 trillion annually by 2021 according to Cybersecurity Ventures. Businesses today must remain secure and compliant, especially in line with the EU’s GDPR initiative, which can enforce major fines for not be able to prove sufficient measures have been put in place to protect customer data. It’s important for businesses to consider how they can benefit from the associated customer trust that follows compliance too. As customers become more data savvy following GDPR awareness campaigns, organisations need to demonstrate why they are the best custodians of customer data, with security and transparency now key attributes for customer service.

Many businesses are becoming more reliant on public and private cloud services to drive innovation. It is important to note that you cannot be solely reliant on native app security from providers, such as AWS and Azure, because they clearly state within their shared responsibility models that they are not responsible for application level controls. The bottom line is that cybercriminals see this as a new playground to target apps. Now is the time to prevent data loss and ensure compliance with deeper threat intelligence and visibility. When hackers see that your business takes security seriously, they will almost certainly look elsewhere.  When attacks come out of the blue, make sure you think app security first to keep your business in the black.

David Maclean, Systems Engineer, F5 Networks
Image Credit: ESB Professional / Shutterstock