The following cybersecurity trends article contains the combined advice of four New Zealand-based cybersecurity experts. They recently came together for the NSP Cyber Security Roundtable.
To join future roundtables and business security talks, contact events@nsp.co.nz
Here are the new emerging cyber security trends covered in this article,
- The Business Costs of Cybercrime are increasing
- The Earnings of Cybercriminals are increasing
- Business Cyber Security is changing from Product-first to Business Journey
- There’s a growing skills gap in Cyber Security
- Corporate Boards are taking Cyber Risk More Seriously
- More attacks are coming through Connected Devices
- The average time to detect a breach is getting longer
- Automation and always-on continuous scanning is on the rise
- Human networks and partner businesses are important
You can also find out about,
Who can New Zealand Businesses Ask About Cyber Security Issues?
Cyber Security Trend 1: The Business Costs of Cybercrime are increasing
Two years ago, the cost of cybercrime was about $6.9 billion worldwide. Today, the cost of cybercrime is forecast to be around $6-10 trillion by 2025.
COVID has had a direct impact on the way we work. Employees work from home, data resides in multiple locations, and we operate at pace.
Organisational attack surfaces are continually changing, and the speed of change is faster than ever.
Collaboration advancements prompted by the pandemic have occurred in condensed timeframes, resulting in larger attack surfaces and greater exposure to threats.
Read: 10 Warning Signs of an Imminent Cyber Attack
Cyber Security Trend 2: The Earnings of Cybercriminals are increasing
What drives cybercrime? Put bluntly; it’s a lucrative business in which a plain black hacker can earn around USD 90,000 a month. That’s over a million dollars a year.
Subsequently, motivated cyber criminals are increasing the speed with which they attack.
As Microsoft patches are released and rmware updates get applied to endpoints and rewalls, cybercriminals are hard at work, often taking less than two hours to reverse engineer those patches and updates. As a result, business networks are under constant threat.
Cyber Security Trend 3: Business Cyber Security is changing from Product-first to Business Journey
Business security is not about products. It is about plotting a journey that will get your organisation to a safe state in a way that supports your business objectives. You need to build a cyber security culture.
So it’s certainly not just an IT Managers’ role. Instead, it needs to be a management-wide exercise focusing on the risk profile and how the business can best mitigate the risk given its investment capability and need for ROI.
Leaders must decide – through a risk management process – which to accept, which to transfer, which to mitigate, and which to manage. Having a well-laid plan will be critical to security success.
The IT Manager can then work to support this strategy by engaging the necessary security expertise and by implementing security mechanisms.
Read: Cyber Security Questions from New Zealand Businesses: 4 Security Experts Answer Your Questions
Cyber Security Trend 4: There’s a growing skills gap in Cyber Security
New Zealand businesses face shared challenges around people, processes and technology.
Consequently, the skills gap within cybersecurity is real, with few trained cybersecurity engineers available in the NZ market.
A recent Fortinet survey revealed that 80% of organisations suffered one or more breaches that they could attribute to a lack of cybersecurity skills and/or awareness.
Partnering with an organisation like NSP for phishing awareness training and network security can save you from cybersecurity threats like ransomware attacks. See all our cyber security solutions for New Zealand businesses.
HOW NSP CYBER SECURITY WORKS
Cyber Security Trend 5: Corporate Boards are taking Cyber Risk More Seriously
There is a noticeable change in focus on cyber security at the board level, driven primarily by directors’ responsibilities and the potential for compliance backlash from a cyber event.
When overseeing critical infrastructure and merging IT and OT environments, the ramifications of security events can be life and death. Power outages or downtime impacting key machinery or software, for example, should be of grave concern to the board.
Cyber Security Trend 6: More attacks are coming through Connected Devices
As ever, hackers tend to be reactive instead of proactive, going for low-hanging fruit whenever possible, or easily-exploited vulnerabilities in systems where they can be found.
Their tactics tend to change only when their efforts become unprofitable.
Last year, over 268,000 new malware variants were detected. It’s a constant push-and-pull between security professionals and cybercriminals which makes it an ever-evolving ecosystem.
If we look at some of the significant attacks over the last few years, criminals have entered networks through things like connected aquariums and monitoring systems. Getting businesses to understand how this affects them is a challenge.
It’s easy to articulate technical risk and what that means, but often translating that into something business leaders understand and feel aligned with is challenging.
Read: Cyber Security Risks to NZ Businesses & How To Avoid Them
Cyber Security Trend 7: The average time to detect a breach is getting longer
Cyber attacks are getting more sophisticated. The vulnerabilities attackers exploit to enter the organisation aren’t all that sophisticated but what criminals do to hide inside your network is super sophisticated.
The IBM Cost of Data Breach Report (Jul 2021) states that the average time to detect and contain a data breach was 287 days. That’s 212 days to detect a breach, and 75 days to contain it.
This is one week longer than the prior year’s average time to contain a breach.
In contrast, by default, organisations often only retain information regarding threat hunting for 180 days which won’t be enough. But then, on top of that, you’ve got to deal with it, and that can take hours, days, even months if you ever fully remediate at all.
A good analogy around having someone in your network for 212 days is to imagine having a badly-behaved guest, rent-free in your home for 6-7 months.
It’s no different from having someone enter your corporate environment. They may come in the front door or through the back. If you can’t keep them out, you must quickly identify that they entered, and start dealing with it.
Cyber Security Trend 8: Automation and always-on continuous scanning are on the rise
Automation can reduce dwell time by reducing visibility gaps and offering control. However, it’s essential to understand that everyone will get hit since there’s no way you can make yourself not a target.
Putting the appropriate controls, processes and systems in place is critical to minimising the impact. Recent high-profile breach events such as Waikato DHB and the NZSE have raised awareness around potential financial and reputational consequences, clearly demonstrating what could happen to your organisation.
To understand the practical steps, we would create a baseline and score against it to make a step-by-step improvement plan. For example, we might scan your network to identify vulnerabilities.
We would then work with you, methodically closing the gaps. You may have initially scored a 1 out of 10, but with an improvement plan, you can soon achieve 9 out of 10. Then you attend to the next area of concern and so on.
Visibility is vital: without day-to-day visibility of what’s going on in your network, you could be running blind.
For example, performing a penetration test is effective, but remember, it is just a point in time you are critiquing.
We advocate constant visibility through continuous scanning, so you know what is happening
Cyber Security Trend 9: Human networks and partner businesses are important
In the past, attack surface strategies were simpler: Your network was a castle with a moat to control who comes in and who leaves. Whatever is inside is trusted, and whatever is outside is untrusted.
But modern networks have many edges involving a variety of clouds and SaaS platforms. The moat is all but filled in.
Knowing your supply chain is also critical. On average, an organisation can have 50 contracts with other companies. The knock-on effect of one of your partners getting breached is that you will also become vulnerable if they don’t have suitable checks.
Ask your partners about their security postures. Do they perform continuous scanning? To what standards do they adhere?
Doing a risk assessment of your partners and suppliers as part of the contract process is essential.
Who can New Zealand Businesses Ask About Cyber Security Issues?
If this article has raised questions about your business cyber security needs, talk to our in-house experts at NSP: call 0508 010 101 or talk to one of our security experts in a complimentary 1-Hour consultation, where we will discuss,
- Your current security concerns
- The best ways to get the most of your current security investments
- What a security roadmap might look like
- The new privacy law and its impact on NZ business
FREE 1-HOUR SECURITY CONSULTATION
