Enterprises are at risk now more than ever because it seems they keep falling behind on infrastructure security, while hackers are more vigilant and sophisticated in their schemes. Researchers can’t really put their finger on what it is exactly that causes more damage –insider threats, targeted attacks or plain old outdated software, but one thing is certain: by 2023, more than 146 billion records will be leaked following security breaches, according to Juniper Research.
Even though gloomy estimations say that the number of breaches per year will almost triple in the next five years, companies plan on increasing their yearly cybersecurity budgets by only 9%. This is an alarmingly low investment, considering new legislation demands companies take serious security measures to protect not only the personal data of their customers, but also their proprietary information and infrastructure.
“Over 33 billion records will be stolen by cybercriminals in 2023 alone, an increase of 175% over the 12 billion records expected to be compromised in 2018, resulting in cumulative loss of over 146 billion records for the whole period,” reads the report.
The current global digitization of processes and business operations fosters the growth of the threat environment through sophisticated malware attacks, raising mitigation costs. As the report states, in the past year, hackers have improved their methods, switching from traditional ransomware attacks to cryptojacking attacks because they’re more likely to make money from them.
So far experience has shown that not all companies are willing to pay ransom to retrieve access to their data, while with cryptojacking “the pay-off is more predictable.” Cryptocurrency mining through botnets on enterprise infrastructure is the latest profitable trend among cybercriminals.
Non-malware attacks are also gaining ground. Take for example fileless attacks when hackers exploit in-built Windows applications already installed on endpoints. These are used to carry out attacks without having to actually download malware on a device.
The most exposed to risk will remain small businesses that lack the proper budgets to secure their networks and train employees. Juniper Research found that “spend by small businesses in 2018 will only make up 13% of the overall cybersecurity market in 2018,” with a breach cost forecast to surpass millions in financial damage.
By not making proper investments in cybersecurity, small companies are left vulnerable to new, more aggressive malware families that is beyond traditional endpoint security and can only be fought back with multi-layered security.
“Juniper’s strategic analysis of 48 leading cybersecurity companies shows that AI and predictive analytics are now table stakes for this market”, said research author James Moar. “These technologies need to be made available to all businesses, regardless of size.”