Cyber attackers are able to search for that one weak link in corporations defences whereas corporates have to create a completely strong chain of defence against every possible scenario. This asymmetrical fight would you think mean organisations would have to outspend attackers by many multiples.
However, according to software company, Carbon Black, the situation is worse than that because it appears that cyber criminals are outspending corporation! Cyber-crime is big business, and as such, cyber-criminals are spending an estimated $1 trillion each year on finding weaknesses in the cyber defences of organisations and developing new ways of attacking them, in comparison to the $96 billion spent by organisations in an attempt to secure themselves from these cyber-attacks.
Carbon Black conducted research focussed on the UK and the cyber-attacks organisations faced within the last 12 months, the results showed that:
- 92% of UK businesses have been breached, with nearly half of these reporting having fallen victim to multiple breaches within the past year (three to five times);
- 82% of respondents said that they have experienced more attacks this year than last year, with 89% of respondents from the financial services sector; 83% of government organisations and 84% of retailers agreeing;
- 28% reported having at least one malware attack attempted, this being the most common attack; and
- 4% reported having at least one ransomware attack, this being the second most common attack.
It was reported that “cyber-attacks are becoming more frequent and more sophisticated, as nation state actors and crime syndicates continue to leverage file-less attacks, lateral movement, island hopping and counter incident response in an effort to remain undetected.”
The report found that although IT leaders believe Russia and China to be the source of most cyber-attacks, it identified North America as the starting point for more attacks than those beginning in Iran and North Korea combined.
As the disparity between the resources and budgets of organisations to those of the cyber-criminals is compounded by a major talent deficit in protecting against cyber-attacks – perhaps we need to consider ways to entice the talented to defend rather than attack but sadly there is more money in crime at the moment.