The cyber world is changing leading to an effective change in the internet too. The internet is continuously creating huge interconnecting contacts resulting in massive business prospects. The increasing exchange of volume of data, personal and corporate, is creating a pool for cyber criminals and state-sponsored espionage. The higher the connectivity, the greater risk of attack vectors. Cyber threats have the potential to create panic by causing massive business disruption. They often disrupt supply chains, inflict tangible damage to the property, reputational loss, and lead to severe physical damages.
The exposure to bigger cyber threats is making industry, government, and individuals unsure of how to predict future threats and prepare to combat them before any major disruption occurs. This rising complexity is increasing the gap between scenario planning to cyber risk assessment. By collectively employing the contribution of individual and organizational measures for risk management framework, organizations can reduce the expanding cyber threat.
Cyber Industry in Context |
|
| Future of Cyber: Number of Connected Devices on the Internet | Devices connected to the internet from 2015 – 2025 (in billions) [1]
 |
| Number of Connected Devices to Every Individual | By 2020, every individual will be connected to 6.58 devices approximately. [2]
 |
|
Increase in number of devices = Increase in cyber threat risk Rise in malicious attacks, system failures and human errors |
|
| Types of Breaches |
|
| 5 Facts that you should be concerned regarding security [3] |
|
Cost of Cyberattacks |
|
| Cost of a breach | Average cost of a breach in 2020 will exceed $150 million. Juniper research suggested cybercrime will cost businesses over $2 trillion total in 2019. [4] |
| Cybersecurity global expenditure | $6 trillion is expected to be spent globally on cybersecurity [4] |
| Microsoft’s cost analysis | The potential cost of cybercrime to the global community is $500 billion
Data breach will cost $3.8 billion on an average to a company [5] |
| Ransomware attack cost | An average ransomware attack costs a company $5 million.
Organizations on average take 191 days to identify data beaches [6] |
Estimated Sector-wise Cyberattack Cost [7]
 |
|
| Calculating real cost of a cyberattack = reputational damage + online revenue loss + service level agreement fees + legal damage + compliance costs + handling bad traffic | |
Approaches to cyber attacks |
|
| Cybersecurity insurance policy |
|
| Stakeholder interests | IT – focus on technical flaws in the business
Risk managers – Will assign appropriate risk owners and build enterprise strategies C-Suite Executives – Though strategic issue, struggle to reduce the impact on balance sheet |
| Incident Response Plan |
|
Now that we have seen what the current state of cybersecurity is across the world – rising cyberthreats, types of breaches, cost of cyberattacks, and the various approaches towards the rising cyberattacks – it is important to understand and know what the best practices and methods are to combat and respond to cyberattacks to reduce the risk of loss as well as to prepare for similar future attacks.
Cyberattacks: Are You Prepared?
Assistant United States Attorney and Cybercrime Coordinator with the U.S. Attorney’s Office in the District of Delaware Ed McAndrew, and Guidance Software Director of Security Anthony Di Bello, have compiled the best practices to prepare and respond to a cyberattack, while working with law enforcement [9]
Best Practices to Preparing and Respond to a Cyberattack |
|
| Identify key assets | Identify key assets that you want to concentrate when the incident happens. Follow the guidance given in Cybersecurity Framework produced by the National Institute of Standards and Technology (NIST) on risk management policies. |
| Have an incident response plan | Create an actionable plan and procedure for dealing with cyber intrusion. A well-structured IR plan will minimize the impact of cyberattack. |
| Initial assessment of the threat | Determine whether the incident is technical glitch or a malicious act. Assessing the nature and scope of attack help in working on remedial measures. |
| Engage with law enforcement | Establish trusted relationship with pre-existing federal law enforcement officials that cultivates information sharing for the benefit of the organization. |
| Post-attack plan of action | Lay down complete realistic action plan defining the accessibility and approach towards the incident. |
| Preserve forensic findings | Forensic findings determine the type and extent of attack as well as it also helps in improvising security standards. Safeguard them from unidentified malicious insiders. |
| Minimize additional damage | To reduce spread of the attack, preventive measures like filtering of blocking DoD attack, rerouting network traffic or isolating part of the compromised network shall be implemented. |
| Maintain record | Take immediate steps to record incident related communications, affected data and network, information relating to the damage inflicted, summary of accounts, etc. for future reference. |
| Notify law enforcement | Companies are in a wrong notion that the criminal investigation by law enforcements will disrupt their businesses. FBI and U.S. Secret Service cause little disruption and co-ordinates with the news media concerning the incident.
Law enforcements conduct further investigations to uncover additional victims. |
| Stay informed about threats | Awareness on latest threats and commonly exploited vulnerabilities will help in keeping the security measures up-to-date. |
The best measure to overcome is to fill the skill gap in the cybersecurity industry, there are ample opportunities for everyone who aspires to grow to become cybersecurity leaders. A master in cybersecurity from a recognized university will brighten your career prospects and help you in gaining a specialized knowledge in the subject of your preference.
EC-Council University offers both Bachelor of Science in Cybersecurity and Master of Science in Cybersecurity which are completely online. The Master program provides the option to specialize in a stream from among the five specializations offered.
Sources:
- https://www.statista.com/statistics/471264/iot-number-of-connected-devices-worldwide/
- https://www.statista.com/statistics/678739/forecast-on-connected-devices-per-person/ https://www.forbes.com/sites/tonybradley/2018/01/27/top-5-concerns-to-focus-on-for-data-privacy-day/#4900b95a4f3c
- https://www.cybintsolutions.com/cyber-security-facts-stats/
- https://thebestvpn.com/cyber-security-statistics-2018/
- https://www.csoonline.com/article/3153707/top-cybersecurity-facts-figures-and-statistics.html
- https://blog.radware.com/security/2017/11/understanding-cost-of-cyber-attacks-on-business/
- https://www.securitymagazine.com/articles/89799-percent-of-organizations-have-an-active-cyber-insurance-policy
- https://techbeacon.com/security/30-cybersecurity-stats-matter-most
- https://www.networkworld.com/article/2945394/how-to-prepare-for-and-respond-to-a-cyber-attack.html
