With the new year underway, it's a great time for business leaders to evaluate their goals and what they need to focus on in order to ensure their organizations succeed in 2019. Cybersecurity is still a huge point of concern for companies of all sizes and across all industries worldwide. The wave of cybercrime that has gained momentum in recent years shows no signs of slowing down.
In fact, the number of records breached is expected to skyrocket during the next 5 years, according to a 2018 report by Juniper Research. The report predicts cybercriminals will steal more than 33 billion records in 2023 alone, a 175 percent increase from an estimated 12 billion records in 2018.
As hackers continue to find new ways to thwart IT security measures and gain access to sensitive information, it's imperative that businesses work proactively to update their cybersecurity strategies to stay one step ahead of malicious actors.
As you consider how to revise and update your security strategy for 2019, here are some of the top concerns you should be sure to keep in mind, according to our IT security experts and other leaders in the cybersecurity space.
- 1. Phishing and spear phishing are still the most common ways data breaches occur. Just about half (49 percent) of non-point-of-sale malware gets installed via malicious emails, according to Verizon's 2018 Data Breach Investigations Report. This trend will likely continue in 2019 and beyond as cybercriminals continue to practice phishing (i.e., sending emails that mimic legitimate messages to bait the recipient into disclosing login credentials or other personal info) and spear phishing (phishing attempts that target a specific person or business). Email filtering solutions and security awareness training are key to reduce your team members' chances of taking the bait.
- 2. Cybercrime as a service makes it easy to join the bad guys. It's easier than ever before for newcomers to get started in the world of cybercrime, according to Kaspersky Labs. A wide range of hacking tools, all kinds of frameworks, and leaked exploits have become accessible via the Dark Web, a sub-layer of the internet where users can remain anonymous. Aspiring hackers can now simply purchase the tools they need to send out ransomware and commit other types of cybercrime.
- 3. There's a growing shortage of cybersecurity expertise. As the cybercrime world expands, with newcomers flooding in and tactics and tools changing rapidly, there's an alarming shortage of IT security experts available to fight back against emerging and evolving threats. The majority (two-thirds) of the cybersecurity professionals surveyed for the 2017 Global Information Security Workforce Study reported that there weren't enough IT security workers at their organizations to tackle the challenges they faced. By 2022, the gap between the actual amount of cybersecurity professionals and the number needed to effectively combat IT security threats is expected to hit 1.8 million, according to the study.
Investing in cybersecurity research, giving IT teams more resources, and planning carefully for the future can help compensate for this IT security talent shortage, according to Malwarebytes Labs. Ensuring that cybersecurity experts and IT staff communicate and collaborate with each other as well as everyone else on staff can also make a significant difference. - 4. Mobile malware continues to be a threat. As the number of people who own mobile devices has grown, cybercriminals have found ways to reach mobile users and access their data. In 2017, for example, Symantec reported a 54 percent increase in new mobile malware variants. In 2019, Kaspersky predicts "continuous activity by advanced attackers aimed at finding ways to access their targets' devices" in the mobile realm.
- 5. The status quo for security is no longer enough and puts your business at risk. The rapidly changing nature of the IT security threat landscape means that basic antivirus, firewall, and spam filtering solutions are no longer enough to effectively safeguard your organization's data.
Next-generation solutions and services are necessary to adequately protect your business from cyberattacks and minimize your data breach risk. A fundamental bundle to help you build a comprehensive security strategy includes the following:
- Security awareness training
- Antivirus with advanced threat protection
- Advanced spam filtering
- Cloud-based web threat intelligence
Additionally, if your organization uses or is planning to implement Microsoft Office 365, there are a few features available for this solution that can increase your IT security level. Turning on the following settings/policies increases email security and boosts the Office 365 platform's security score.
- Office 365 ATP Anti-Phishing Policy is part of Office 365 Advanced Threat Protection and safeguards your organization against phishing attacks.
- Office 365 External Forwarding Block stops cybercriminals from leveraging client-side forwarding to surreptitiously send out information to external recipients. Data exfiltration is an increasingly popular strategy among cyberattackers.
Contact your account manager today to learn more about crafting and maintaining a comprehensive cybersecurity strategy for your organization. Our IT security experts are available to assist you in finding solutions and services that meet your specific business needs and will help you achieve the highest possible level of protection.