As we consider what’s to come in 2021 we take a look back at some of the top industry publications released from 2020 to get a thorough understanding about the current state of cyber security across the globe.
The Verizon DBIR report published each year is the gold standard in assessing the nature of breaches globally and distilling it down to the main trends. In 2020 they found that:
The European Union Agency for Cyber Security (ENISA) combined with the European Commission, and EU Member States published their 8th annual ENISA Threat Landscape report, spotlighting the top cyber threats between January 2019 and April 2020. What did they have to say? Here are the top 15 cyber threats out there now:
Between 2019 and 2020, the biggest change was, of course, the COVID-19 pandemic, and the resulting continuous increasing trend in advanced adversary capabilities of threat actors including nation-state sponsored actors, cyber offenders, and cybercriminals, which means increased importance in secure and reliable cyberspace, security automation, and more investment in preparedness.
After extensive analysis of 524 recent breaches spanning 17 geographic locations and 17 industries, this report shared the sky-high cost of data breaches, which have far-reaching consequences. These data breaches not only lead to serious financial losses, but also affect their operations and compliance in the short term, and a damaged reputation in the long term, leading to lost business and a disadvantage compared to competitors.
The most costly data breaches happened in the healthcare industry and without question, protecting digital assets and managing threats is essential to combatting attacks and misconfigurations.
ISACA chalks up a lot of cyber security issues to one major issue: the cyber security skills gap that’s been plaguing enterprises for years, with little progress made from year to year, even as cyberattacks increase during our current work-from-home environment. Additionally, they believe that cyberattacks aren’t just continuing to increase, they are going unreported, too.
ISACA’s annual report is a survey of more than 2,000 information security professionals from more than 17 industries. Upon examining the full threat landscape and the key trends and themes in security, they’ve determined that many of the security issues organisations experience boil down to two major themes: understaffing and lack of progress.
Why is this happening? In ISACA’s 2020 State of Cyber Security report, there’s conclusive evidence to show that cyber security teams are short-staffed, resulting in employees who are stretched thin and struggling to keep up with the sheer volume of attacks and vulnerabilities.
Since the cloud computing market is evolving so rapidly, Flexera shared the importance of identifying emerging trends in their State of the Cloud Report. Knowing these trends can be helpful when looking for which strategies can be most helpful for organisations to implement.
The report looks at spend allocation, adoption statistics, usage, trends, and other strategies and examines the effect COVID-19 is having on organisations in the public, private, and multi-cloud markets, looking at existing and future cloud strategies.
Some important takeaways?
The global average cost of a data breach is $3.86 million USD, with customer personally identifiable information ranking as the most expensive kind of record to restore following a breach.
Noting that remote work was one of the leading causes of data breaches, the Cost of a Data Breach Report also shared that the average time to find and stop a data breach was 280 days in 2020 and that those caused by malicious attacks are by far the most costly of data breaches.
According to the report, the most important thing that organisations can do is have an incident response team and plan in place. In fact, just having an incident response team can help save as much as $2 million USD per breach in the unfortunate event that one does happen. These teams can and should implement security automation solutions like AI, analytics, and orchestrations, as well as formulating incident response plans and testing them for effectiveness. Organisations without Incident Response technical capability should either build it or retain an expert provider to supply it under SLA when required.
The most damaging factors for organisations experiencing data breaches are a shortage of security skills and a complicated security framework, while having an AI security platform, incident response testing, and red team testing are the best practices companies can do to keep their enterprise protected.
If you have concerns around any of the areas highlighted in the above reports please contact us to arrange a meeting with some of our expert team to discuss further.