Cybersecurity is undoubtedly one of the most pressing topics on the business agenda. The number of malicious attacks is constantly growing, driven by the digitalization of operations. According to the IMF, it doubled since the pandemic. In 2023, the number of data breaches increased by 20 percent compared to 2022.
All these attacks can compromise sensitive information of both companies and their clients, halt business operations and result in significant financial losses for entities. According to an IBM report, the average cost of a data breach for a venture was $4.45 million in 2023. This is an all-time high, representing a 2.3 percent increase from last year and a 15 percent increase from 2020. Some companies experience an even heavier financial burden. For instance, US credit reporting agency Equifax paid more than $1 billion in penalties after a major data breach in 2017 that affected about 150 million consumers.
Moreover, malicious activities not only cause immediate financial losses for companies but also affect their performance in the long run. One significant consequence is that they undermine a company's reputation. This, in turn, can decrease a firm’s chances for future funding or compromise its client base growth. Additionally, organizations often have to patch a breach at a significant cost. For instance, one of the leading global marketplaces for in-game goods lost 11 million dollars worth of goods. This incident altered its revenue increase and repelled a significant portion of its audience. That happened as the company had to stop operations and strengthen the security of the platform.
Chief Business Officer at Qrator Labs.
Two forces
In an attempt to prevent these issues, businesses try to put increasingly sophisticated barriers in place for potential hackers. This is evident from the amount of spending on various cybersecurity tools. According to recent data, in 2023, it reached around $80 billion. In comparison, the total spending was $71.1 billion in 2022. Moreover, the number is expected to account for $87 billion this year.
Companies invest in a wide array of solutions, including advanced encryption, multi-factor authentication, and real-time threat detection systems. But here is when the ironic problem arises: with every advancement in cybersecurity, malicious actors innovate and escalate their tactics. They analyze technologies deployed by entities to protect their assets and find weak spots to breach protection.
For instance, the rise of quantum computing holds promise for stronger encryption methods. Yet, it also poses a potential threat, as cybercriminals may harness quantum capabilities to break current encryption standards. Similarly, multi-cloud architecture while offering increased risk resilience by spreading data across multiple platforms, also presents an expanded attack surface. The broader network perimeter introduces more points of vulnerability. No surprise that according to Microsoft, securing all cloud-native applications and infrastructure throughout their lifecycle is a challenge for many businesses. Their report shows that in 2023, the average organization had 351 exploitable attack paths that threat actors could use to access high-value assets.
This cat-and-mouse game, however, is evident among larger companies. What we see as another growing trend is that while big firms are increasing layers of protection, hackers are increasingly shifting their focus to small and medium enterprises. The latter usually have fewer resources to invest in cybersecurity. That makes them an easy target for malicious actors. As of 2023, 31% of small and medium-sized companies experienced a cybersecurity breach in the past 12 months alone.
Another paradox is that those malicious organizations are usually small-scale entities themselves, contrary to popular belief. Therefore, these so-called private sector offensive actors often have limited resources, compared to those of Microsoft or any other large firm. They, however, do not really need big budgets, because searching for vulnerabilities in a software is a much less complicated and cheaper process than creating it. Think of it this way: it is much easier to check 30 homeworks for a single teacher than to prepare the same amount of papers from scratch by one student. While there is no doubt that big malicious actors are indeed present in the field, their real influence on cybersecurity is much less than the impact of thousands or even tens of thousands of independent hackers.
Continuing journey
Given this paradox, businesses must adopt a holistic and proactive approach to cybersecurity. Organizations should invest in comprehensive security frameworks that encompass prevention, detection, and rapid response to any suspicious activities.
Employee training is also paramount. Human error remains one of the weakest links in cybersecurity. In fact, 95 percent of modern cybersecurity breaches are caused by people’s mistakes, such as setting weak passwords. Moreover, only one-third of breaches identified in 2023 were detected by a company’s own security team. This means that organizations must train their employees to recognize and respond to potential threats, which will help reduce the number of successful attacks.
Furthermore, collaboration is key. Public and private sectors must work together to share intelligence and develop unified strategies to combat cyber threats. Information sharing can lead to more robust defenses and a collective understanding of emerging threats.
It is important that all of this be done continuously. Companies must regularly monitor the cybersecurity field, adapt, and modernize—or even radically change—solutions, doing so faster than malicious actors. Slightly paraphrasing the famous words of cybersecurity expert Bruce Schneier, security is a process, not a one-time product.
We've listed the best patch management software.
This article was produced as part of TechRadarPro's Expert Insights channel where we feature the best and brightest minds in the technology industry today. The views expressed here are those of the author and are not necessarily those of TechRadarPro or Future plc. If you are interested in contributing find out more here: https://www.techradar.com/news/submit-your-story-to-techradar-pro
