The world is changing dramatically, partially fueled by the COVID-19 pandemic that forced every organization to accelerate its digital transformation. As we rapidly digitize infrastructures, adopt artificial intelligence (AI), and expand the Internet of Things (IoT), we should reimagine how we organize to defend against the cyber threats each new technology brings. Below are some of the cybersecurity trends that Niloofar Razi Howe highlighted in her testimony to keep in mind when rethinking how we defend against cyber threats.
Ransomware attacks are one of the fastest-growing and most damaging cyber threats to organizations. With the disruption and ransomware costs, these attacks are estimated to cost between $40 billion and $170 billion globally. As many as 100 million ransomware cases have been observed over the last four years alone. The sophistication of bad actors’ techniques is increasing while they demand higher and higher ransoms over time with little fear of any consequences.
Phishing attacks continue to be the top attack vector seen by our analysts. The number of reported incidents increased from first quarter to fourth quarter showing that more attackers are getting around tools. 33% of tickets from Q1 were created because of phishing attacks. Threat actors are getting smarter with their phishing techniques, and with more attacks, there are more opportunities for end-users to accidentally click the wrong link.
IoT devices are another threat as security features are almost nonexistent in their design due to regulations and liability being rare. Most IoT devices have known vulnerabilities and have already become a key component of adversary attack tactics like botnets. Cybersecurity is essential as IoT device adoption grows in many business applications including manufacturing, agriculture, healthcare, power grids, and transportation.
AI adoption is increasing across industries, from finance, manufacturing, pharma, and healthcare to applications such as cybersecurity. AI modeling is dependent on the integrity of data used in training its systems, and it’s important to protect that data from compromise and manipulation.
While eliminating the threat of cyberattacks is almost impossible, there are actions we can take over time that can restore deterrence and lead to greater resilience. The issue is not when we suffer cyberattacks but how quickly we can react and recover from these attacks.