TRENDS

Cybercrime: a relentless growth

In recent years, the economy digitalisation opened new growth drivers for business with systems and processes increasingly faster, smarter and more connected. In the meantime, the emergence of new fields, e.g., the Internet of things, the transformation of the traditional industries exposed companies to new risks.

Are you fully prepared for this new revolution?

Whatever your goal, enhance your customer experience, optimise your supply chain with automated services, or efficiently manage your facilities with advanced sensors, whatever your activity field, whatever your position in the value chain, your dependency level to IT systems and networks is increasingly significant. Any component, any endpoint device is a potential entry point in your information system for a cyber-attack with detrimental consequences for your business.

Access to strategic information, personal data, ransom, revenge, regardless of the cyber-attacks reasons, cybercrime is breaking records. These last years and figures confirmed this status. The damage caused by cybercrimes will increase from $3 trillion in 2015 to $6 trillion globally by 2021 according to a cyber ventures study.

STAKES

Cybersecurity: a complex issue for businesses

The problem of cybersecurity is a complex one. Each company with its services and products has its peculiarities and requirements forcing solutions to be tailored-made for each case individually. Due to this, current security solutions are expensive in both time and money, are highly complex and require a dedicated expert team to setup and manage. Large organisations have specifically allocated budgets to pay the price to protect them as a potential breach could have severe economic and reputational impacts. On the other hand, SMEs have limited budgets and are generally reluctant to invest in cybersecurity.

FACTS

SMEs: the new hacker’s target

Reality shows that security is not a key driver in the SMEs agendas, focusing on generating new services and products with two main objectives: time to market and cost minimisation. Even if cybersecurity is a common issue for citizens, governments and companies of any size, the level of awareness is not matched for the existing threats. Large companies represented in 2011 half of the documented cyberattacks, but this situation tends to change in the past years. This ratio has changed, and SMEs registered 53% of total cyberattacks as reported in Symantec Internet security report 2016.


SMEs are increasing as the target for hackers because of structural and behavioural features.

The phenomenon is such that a Zurich Insurance report on November 2016 underlined that ”a decreasing percentage of SMEs feel safe when thinking about cybercrime, with theft of customer data being the most concerning effect.” Damage reputation and business disruption are also common fears in the European SMEs. Security refers to a subjective notion, but figures also confirmed the trend.

THREATS

New threats: cybersecurity risks ranking

Critical and frequent threats to information technology systems. Knowledge is a powerful tool to minimize risks. A quick overview of main risks for your company:

Distributed Denial of Service (DDoS)

An attacker controls many computers that overload a server. Impact: the server is slow or shuts down completely.

Using Known Vulnerable Components

An attacker scans a system for well-known vulnerabilities of legacy components. Impact: arbitrary code may be executed.

Broken Access Control

An attacker obtains passwords or sessions. Impact: access to only one or a few accounts may compromise a system.

Security Misconfiguration

An attacker accesses default accounts, unused pages, or unprotected files. Impact: unauthorized access to data or functionality.

Injection

An attacker sends hostile data to an interpreter (SQL, LDAP, etc.). Impact: data loss, corruption, or disclosure.

Cross Site Scripting (XSS)

An attacker lets another user execute malicious code, e.g. with a fishing mail. Impact: stolen credentials, sessions, or delivered malware.

Sensitive Data Exposure

An attacker steals keys or data, e.g. because the data or keys were not sufficiently encrypted. Impact: compromised data.

Garbage Data

An attacker enters or sends irrelevant or objectionable content ("Spam"). Impact: burden for filtering the relevant data.

Internal Threats (Malicious Insiders)

Privileged users, third-parties, and terminated employees may inadvertently or maliciously use data for personal gain, revenge, or competition.

Insecure Direct Object References

An attacker alters the parameter value to have direct access to a system object or resource. Impact: compromised data.