New reports affirm cybersecurity war is not being won
Despite the best efforts by technology experts, the cybersecurity war continues to rage and digital miscreants still have the upper hand in their assaults on corporate, government and individual targets.
Two newly published reports detail how the cybersecurity threat continues to get worse.
The “State of Cyber security Report 2020” published by Wipro Ltd., the Indian-headquartered information technology, consulting and business process services provider, incorporated data from more than 190 corporations in 35 countries. This report noted that a flood of new considerations created in 2020 ”” including the massive shift to remote work, a greater dependency on third-party and cloud providers, a higher leverage in digital tools for workplace collaborations and an increase in bring-your-own-device situations ”” heightened existing cybersecurity threats and created new ones.
“In the last six months, the cybersecurity landscape has evolved considerably,” said Bhanumurthy B.M., president and chief operating officer at Wipro. “We have come some way since the Covid-19 pandemic breakout. What started as a medical crisis and transformed into an economic and social crisis is being used by threat actors for targeted campaigns.
“Global trade wars are taking shape and could lead to cyber espionage,” he added. “Stringent data privacy regulations and rising cybersecurity concerns in boardrooms are bringing more focus and accountability on executive management.”
The Wipro report noted that phishing campaigns related to Covid-19 increased during the first two quarters of 2020 as the health crisis intensified.
Some industries experienced greater cyberthreats last year, with Wipro identifying increased attacks by state-sponsored attacks on the pharmaceutical sector, presumably to gain insight on vaccine developments, as well as the manufacturing, energy, natural resources and utility sectors.
The health care sector saw increased activity in electronic medical records-related breaches and ransomware attacks.
Wipro identified China, Iran, Russia and North Korea as the leading state-sponsored sources of cyber-based criminal activity last year. However, the report also acknowledged that “a significant number of attacks have an unknown source. Unlike a battlefield, where combatants are visible and identifiable, attribution in the cyber realm sometimes requires painstaking efforts over time.”
Wipro observed that the pandemic sparked a dramatic increase in the use of cloud services during 2020, but the report pointed out the cloud is not impenetrable to cyberassaults.
“Cloud adoption, digital transformation initiatives and hyper-automation are expected to accelerate in the post-Covid-19 world,” the report stated, adding that “rapid migrations of enterprise services to the cloud need a secure foundation.
“Our survey responses align to this school of thought: 87% of respondents plan to scale up secure cloud migration, 89% plan to increase security-as-a-service consumption and 94% plan to embrace secure digital transformation initiatives.”
Looking forward into 2021, the report found most information technology experts considered email phishing to be the biggest cyber risk right now, followed by a lack of security awareness or employee negligence and ransomware attacks.
Another cybersecurity report, LexisNexis Risk Solutions”™ “Fraud Trends to Watch in 2021,” focused on the U.S. and Canada markets, but found more than enough digital mayhem with a new hacker attack occurring every 39 seconds.
Mobile devices have become particularly vulnerable to cyberthreats with a 48% year-over-year increase in fraud attacks aimed at these devices.
LexisNexis also detailed that 45% of Americans had their personal data compromised by hackers over the past five years, with online account takeovers up 72% year over year and one in seven new accounts created online were fraudulent.
But mitigating this situation continues to baffle the experts. LexisNexis highlighted Federal Reserve data that found up to 95% of applicants who were identified as potential synthetic identities managed to elude flagging by traditional fraud models.
“Businesses can no longer use a check-the-box, incremental approach towards addressing these challenges and trends one at a time because fraud always evolves,” said Kimberly Sutherland, vice president, fraud and identity management strategy at LexisNexis Risk Solutions.
“These factors feed on each other and require an integrated and holistic approach to detecting, assessing and mitigating fraud risks moving forward. 2021 will likely be another challenging year for the world in many ways, but organizations can and should make sure they take a comprehensive view of their customers so that they can effectively fight fraud.”