Cybercriminals love a crisis. They are opportunists by trade and often strike when we’re most vulnerable. With the business world forced to come to terms with a global pandemic, many companies have never been more exposed. It should come as no surprise to learn that innumerable forms of crime, particularly data breaches, continue to occur with alarming regularity.
In the rush to digitize their operations in order to augment and, in many cases, replace their physical footprint, the size of a business’s attack surface continues to grow exponentially. While digitization is the key to surviving and thriving in uncertain times, it also provides new pathways for criminals to exploit.
While executives are forced to reimagine the future of the businesses they lead, there’s also an unrelenting stream of attacks from cybercriminals with the tools and expertise to overcome all but the most sophisticated defenses.
To underscore the severity of the threats facing businesses, the Verizon Business Data Breach Investigations Report (DBIR) notes that organized crime remains firmly focused on exploiting the pandemic for personal gain. While 30 percent of breaches involved internal actors, external actors perpetrated 70 percent of data breaches, with 55 percent of those involving organized crime groups.
A more recent report, published by Verizon Business in August 2020, focuses on the COVID-19 data breach landscape in particular. The report covers 510 breaches that took place between March and June 2020.
Furthermore, the report finds that cybercriminals have continued to exploit many of the tactics and shortcomings of cybersecurity and data privacy programs highlighted in the DBIR, including increases in human error, the use of stolen or brute-forced credentials, an increase in ransomware, and phishing emails with COVID-19-related terms to trick users into opening them.
The Primary Barrier to Transformation
While there’s a great deal of uncertainty, which creates confusion and increases the chances of a company inadvertently exposing themselves to an attack, digitally mature businesses are well attuned to the risks by now.
According to the Dell Technologies Digital Transformation Index (DT Index), data privacy and security concerns are the number-one barrier to digital transformation for the 4,300 business leaders from 18 countries who participated in the survey. It’s also the area they’re investing in the most, with 82 percent investing this year, of which 60 percent have fully completed their latest investment efforts or are in the mature stages of doing so.
However, depending on its digital maturity, a business might hold differing views on the need for investment.
For example, mature digital businesses recognize that data privacy and cybersecurity deserve proper consideration. Digital leaders and adopters are more likely to cite data privacy and security concerns as a major barrier to transformation, which suggests a level of awareness that other, less digitally mature businesses lack.
Staying in the Fight
While many companies agree that cybersecurity and data privacy form the foundation of an effort to pursue digital transformation, not everyone holds that view.
According to the DT Index, some businesses plan to reduce their investments over the next one to three years, with 43 percent planning to invest in cybersecurity, compared to the 58 percent that identified cybersecurity for future investment back in 2018.
If businesses are to stand a chance in mitigating the effects of crime, cybersecurity needs to be an ongoing effort, as cybercriminals are always evolving their techniques. Cybercrime tends to flourish when companies become complacent or divert investment elsewhere.
For data-first digital businesses to prosper, they must have cyber resilience, which is the ability to anticipate, withstand, and recover from an attack. Without these capabilities, businesses may struggle to digitize their operations without inviting attacks from determined cybercriminals.
Countless businesses have made significant changes to their operations within a relatively short period. While there’s much to celebrate, doing so too soon could have severe and lasting repercussions. In the fight against cybercrime, there’s no finish line. If there’s a potential for financial reward for criminals who attack the corporate sector, they’ll continue to do so.
Most executives are aware of the threats their companies face. This realization must trigger action and a sustained investment in foundational technologies that ensure cybersecurity and data privacy. Having accomplished so much to transform their operations and meet the needs of their employees and customers, now is not the time to pull back on the investment needed to overcome the barriers to digitization.