A spate of reports confirms what most cybersecurity professionals already suspect. The number of cyberattacks made since the start of the COVID-19 pandemic has increased exponentially.
The global volume of cyber intrusion activity globally jumped 125% in the first half of 2021 compared with the same period last year, according to a Cyber Investigations, Forensics & Response (CIFR) mid-year update from Accenture. That massive increase was driven primarily by web shell activity that employs small pieces of malicious code to gain remote access and control of IT environments as part of a ransomware attack or software supply chain intrusion, the report notes.
The report also finds three countries accounted for more than 70% of incident volume with organizations in the U.S. targeted most at 36%, followed by the United Kingdom (24%) and Australia (11%).
A separate report from Egress, a provider of platforms that employs machine learning algorithms to detect anomalous behavior, finds nearly three-quarters (73%) of organizations have suffered a data breach as the result of a phishing attack in the last year.
Based on a survey of 500 IT leaders and 3,000 employees in the U.S. and UK conducted by Arlington Research, over half of respondents (53%) said remote work increased phishing incidents. Nearly a quarter of respondents (23%) said employees who were hacked via a phishing email were fired or left voluntarily.
Similarly, a survey of 228 IT professionals conducted by SolarWinds, a provider of an IT management platform, finds 58% of respondents cited the accelerated shift to remote working as the number-one aspect within current IT environments considered to increase an organization’s risk exposure, followed closely by unknown human factors such as employee security burnout (56%).
Nearly three-quarters of respondents (73%), nevertheless said they either “agree” or “strongly agree” that their IT organization is prepared to manage, mitigate, and resolve risk factor-related issues thanks to the policies and/or procedures they already have in place. A total of 61% said they are confident or extremely confident their IT organization will continue to invest in risk management/mitigation technologies over the next three years.
The degree to which that confidence might be misplaced is debatable. The more attacks that are launched the more likely it becomes there will be a breach. The one thing that is certain is that as the cost of data breaches continues to rise the forbearance of business executives continues to run thinner. The challenge is getting business executives to understand there is no way to maintain and achieve perfect security. Cybersecurity is a continuous arms race between the forces of good and evil with the latter being to avail themselves to fund more resources as the amount of ill-gotten booty attained steadily increases month after month.
There will, of course, continue to be advances in cybersecurity that will at the very least reduce the damage a breach might inflict. It’s just those advances come at a cost that needs to be borne. The simple fact is like it or not cybersecurity is now simply a cost of doing business much like any other.
Mike Vizard has covered IT for more than 25 years and has edited or contributed to a number of tech publications including InfoWorld, eWeek, CRN, Baseline, ComputerWorld, TMCNet, and Digital Review. He currently blogs for IT Business Edge and contributes to CIOinsight, The Channel Insider, Programmableweb, and Slashdot. Mike also blogs about emerging cloud technology for SmarterMSP.