Latest News

The Cybersecurity Squeeze: Mitigating cyber risk during challenging economic times

Written by Niall Mackey, Commercial Director of  Topsec

We’re in a Catch-22 when it comes to cybercrime.

It’s a massively growing “industry”. Data breaches and hacking cause enormous economic and reputational damage to any business. But with the pressure of the current economic climate, businesses are having to scale back on an already underinvested cybersecurity infrastructure.

A security breach could cost a company significantly (best case), or destroy it completely. But budgeting for security feels like a grudge-buy. It’s a what-if purchase. A non-tangible resource for a possible eventuality. And in these belt-tightening times, who can spend money on what-ifs? Perhaps we should rather ask, who can afford not to?

But alarmism aside, how much of a problem is cybercrime really?

Well, cybercrime now competes with the world’s biggest economies. It is, in fact, the world’s third largest economy after the US and China, according to the World Economic Forum (WEF). It’s a much bigger money-spinner than the illegal drug trade, counterfeiting, and human trafficking combined. It’s projected to cost the world $8 trillion in 2023 and $10.5 trillion by 2025, according to Cybersecurity Ventures’ data.

So yes, it’s a really big problem.

Data is the new gold.

Almost ten years ago, IBM’s then-chief Ginni Rometty, said that data is “the world’s new natural resource. It is the new basis of competitive advantage, and it is transforming every profession and industry. If all of this is true – even inevitable – then cybercrime by definition, is the greatest threat to every profession, every industry, every company in the world.”

This remains truer than ever. It’s overtaken the terror of nuclear warfare. It’s the number one thing that people fear most.

And technology advancements are fighting – and enabling – cybercrime.

Technologies such as AI are making it easier and more effective to be a cybercriminal, while also aiding to combat it. There are packages available on the dark web that provide ransomware-as-a-service (RaaS), with warranties, customer service, and all the bells and whistles of a well-run business. This is organised crime at scale, and it’s moved into the domain of politics, as we’ve seen in the Russia-Ukraine conflict. Cybercrime could bring the world to its knees.

And data is growing at compound rates. This is one ‘natural resource’ we’re not depleting. In 2010, we created 2 zettabytes (one zettabyte is equal to a trillion gigabytes). We generated 120 zettabytes in 2023, with a forecast of 181 zettabytes in 2025.

These challenging economic times are also fertile ground for cybercriminals, posing risks where unexplained downsizing potentially turns employees rogue, increasing the risk of insider threats and data breaches. Even in cases where ex-employees no longer have access to systems, they often have access to remaining colleagues, who are susceptible to social engineering. Unfortunately, us humans are fallible to manipulation and lies, and we then provide access to private information, systems, or valuables. And even savvy users fall victim to clever scams. (The folk in IT departments tend to be the most successfully targeted, believe it or not.)

Human error is the greatest threat to any organisation and the most successful entry into a company, remains email. It is the vehicle responsible for the most cybercrime attacks, as highlighted by a report by Deloitte which reveals that 91% of threats are via this medium.

 

So what are the answers?

There is no single, simple solution to staying ahead of cybercriminals. Rather, it requires a proactive multi-pronged approach that includes technology, education, and company culture.

 

Preventative technology investment

  • Ideally, email threats should be halted proactively before even reaching inboxes. Protection is most effective at the organisation’s entry point, with real-time detection and adaptive response mechanisms.
  • Ensure DMARC and DKIM protocols are correctly configured and that emails are authenticated at their source. These tools are imperative in maintaining integrity in email communications.
  • Email gateway checks are a critical layer of defence. Incoming and outgoing emails are scrutinised for potential threats, including malware, phishing attempts, impersonation attempts, and other malicious activities.

 

Perhaps the key message here is that it’s essential for technology to enable a proactive and comprehensive strategy, at the source and/or entry point of an email. Sensible investment in technology is a small price to pay for protection against the colossal scale of financial risk posed by a successful attack.

 

Education and company culture.

Awareness is the first line of defence against phishing attacks. This is an ever-evolving menace, making it imperative for each individual to recognise and mitigate against the latest tactics used by cybercriminals. Training programmes are one thing – vital, in fact – but it’s also about instilling a culture of awareness into every employee.

Nobody is exempt from cybercrime, and it should be everybody’s responsibility to guard against it.

Legislation around this is also growing, putting pressure on organisations to protect not only themselves, but their employees and customers. We’ve seen massive fines imposed on organisations who have been negligent with their security.

 

Employees are no longer ring fenced on a company network like they were pre-Covid days. The risks of staff working from outside – possibly unsecured – networks have increased massively. Work and personal devices have merged for many users increasing the risk for organisations.

Economically, there’s little indication that the squeeze is slowing. And we have the added threat of the real and growing endeavours of cybercriminals. The implications are far-reaching, and complex. Traditional approaches are no longer sufficient, and organisations must take a proactive and comprehensive approach to protect against the sophisticated threats that are present on a daily basis.

This is not the time to cut security budgets, but it is important to review how budgets can be optimised and spent on the right tools and strategies.

About the author

Niall Mackey is the  Commercial Director of Topsec. His team excels in enhancing email security for firms, safeguarding sensitive data against cyber threats.