- Thierry Spanjaard
Always expanding cybersecurity threats
We all know the quote of Richard Clarke, former US National Coordinator for Security, Infrastructure Protection, and Counter-terrorism: “If you spend more on coffee than on IT security, you will be hacked. What’s more, you deserve to be hacked.” Nowadays, many publications about cybersecurity issues are bringing us data to substantiate this saying.
For instance, recently published statistics show that hackers attack every 39 seconds, on average 2,244 times a day (source: University of Maryland) and data breaches exposed 4.1 billion records in the first half of 2019 (source: RiskBased Security).
Detection and reaction remain a central issue, demonstrates a report published by the Ponemon institute and IBM: the average time to identify a breach in 2019 was 206 days, the average cost of a data breach was US$ 3.92 million (EUR 3.5 million) and the average lifecycle of a breach was 314 days, from the breach to containment.
When one explores the sources of cybersecurity issues, it appears that 94% of malware was delivered by email and 71% of breaches were financially motivated while 25% of breaches were motivated by the gain of strategic advantage (espionage) according to Verizon.
Thales, just published its “Thales Data Threat Report” which can be seen as an heir of the “SafeNet data breach index” and the “Gemalto breach level index.” Among the findings of this research, published in collaboration with IDC:
No one is immune: even the most sophisticated companies are getting breached; globally, 60% of respondents say they have been breached at some point in their history, with 30% have been experiencing a breach within the past year alone,
Digitization and organizational changes are at the core of the issue: while companies are rolling out new cloud-based, digitally transformative technologies, they may not have the ability to secure data across all their environments often leading to neglecting the security of both legacy apps and new cloud-based systems,
Leading cyber security threats come from cyber-criminals, cyber-terrorists and hacktivists,
As systems are increasingly open and as financial institutions are increasingly working with third parties, for instance Software-as-a-Service or even Platform-as-a-Service applications, this increases the attack surface for cybercriminals and create new opportunities for attacks.
One can look at the phenomenon from different viewpoints: either we consider data breaches are inevitably growing along with the development of modern technologies and we mourn the insecurity in which we are plunged. Or we see the development of cybersecurity issues as an immense opportunity for our secure transactions industry to develop new solutions and to deliver them to corporations.