Modern cyber threats are growing in scope, cost and complexity. Hackers are continuously evolving their tactics to execute breaches, hold businesses at ransom and steal intellectual property. Globally, cybercrime is estimated to cost $10.5 trillion annually by 2025. To put things in perspective, the combined revenue of the world’s largest tech companies, Apple, Amazon, Alphabet and Facebook, is close to about $800 billion. What is fueling cybercrime? Let’s understand the top five trends in 2021:
1. Organized Crime Goes Digital
Research has revealed that post-Covid-19, organized crime syndicates that traditionally relied on a brick-and-mortar business model, are now increasingly turning to cybercrime. This is because cybercrime can be easily executed from anywhere in the world and is more lucrative than drug trafficking. The emergence of cryptocurrencies and their untraceability is fueling further growth. The emergence of a cybercrime-as-a-service model is commoditizing cybercrime by helping non-technical, crime-bent individuals execute cyberattacks.
2. Rapidly Expanding Threat Surface
With the rise of remote working, IT departments are increasingly shifting their workloads to the cloud. Corporate devices, applications and intellectual property that were once traditionally behind the corporate perimeter are now accessible from the internet. Indiscriminate use of shadow IT for remote working is also increasing data breach risk. Inadequate security measures in the supply chain is making the entire supply chain vulnerable. Finally, the introduction of smart and IoT devices (lights, air conditioning, security cameras, alarm systems, etc.) is dramatically altering the cyber risk landscape.
3. Widening Skills Gap And High CISO Turnover
Per a recent report by (ISC)2, there are currently 4 million unfilled cybersecurity positions. Businesses are finding it difficult to hire experienced workers well versed in security skills. Cybersecurity leadership is even harder to find, given the fact that they are in high demand and difficult to retain. Estimates indicate that only 38% of Fortune 500 organizations have a CISO. The absence of credible security leadership can make businesses vulnerable to cyberattacks and breaches.
4. Limited Resources For SMBs To Fight Cybercrime
Even though more than 40% of cyberattacks are aimed at SMBs, studies reveal that many SMBs still hold a misconception that cybercriminals often target larger businesses. What they don’t realize is that many small companies are connected to larger companies, and this is why they are targeted. SMBs are usually constrained by budgets and lack sophisticated cybersecurity infrastructure and insurance. Their employees may also lack security awareness, likely making them more susceptible to social engineering scams and phishing attacks.
5. Shrinking Cybersecurity Budgets And Reassigned Priorities
For most organizations, business continuity takes precedence over cybersecurity; many businesses are still following a “lights on” approach instead of evolving their security around the changing threat landscape. Research suggests that 70% of CISOs believe their budgets will shrink this year given how many are still coping with business continuity amidst hiring freezes and staffing cuts. Attackers are aware of this crisis and are quick to take advantage.
When In Doubt, Consult It Out
To overcome the growing menace of cybersecurity, businesses need a cybersecurity leader that understands the evolving nature of cyber risks and gets ahead of security threats in real-time. Hiring such a leader shouldn’t break the bank. With the workplace going remote, a virtual chief information security officer (vCISO), virtual data protection officer (vDPO) or virtual chief privacy officer (vCPO) can be an extremely pragmatic and compelling value proposition. Let’s understand how outsourced cybersecurity leadership can address some of the challenges outlined above.
vCISOs, vCPOs and vDPOs are qualified cybersecurity practitioners carrying years of experience advising SMBs and mid to large companies. They are able to steer the company amidst numerous security risks and understand the language that speaks to the board. They are great for organizations that can’t devote the time needed to cementing the role.
Virtual expertise can be recruited within days, in contrast to hiring full-time leadership which requires a lot of searching and interviewing. When organizations are dealing with attrition or a security incident, a vCISO can immediately step in and fill the void in leadership. This is even true for SMBs where you cannot place full responsibility on an IT engineer with strategic cybersecurity decisions.
Flexible And Cost-Effective
Virtual leadership can be hired on a retainer. They do not come with the overhead associated with a full-time employee and they do not require an investment of time and money in training. They can free up time for executives in the long run.
Independent And Impartial
In the case of pressing cybersecurity or complicated data and privacy regulations, sometimes it’s wise for the business to seek an outsider’s view that is independent and free from any conflict of interest. The vCISO can be entrusted to conduct an independent review of the company’s cyber-risk posture, foster a culture of cybersecurity and can also keep the business on top of the latest developments in governance, risk and compliance (GRC).
2021 is a year of doing more with less, and this is why hiring virtual leadership is the most pragmatic path to security. With businesses facing more technological adversity than ever before, there has never been a better time to consider adding a vCISO, vDPO or vCPO to your team.
Headhunting a freelance executive might be a good place to start; however, working with your local cybersecurity services provider will probably be your best bet. Hiring out vCISO services from a provider offers scalability not found when onboarding a standalone executive. A provider offers greater access to a pool of talent and high availability since you need 24/7 availability in case of security breaches. This process also offers better governance (overseeing threats and alerts can be a daunting task) and reliability from less burnout due to shared workloads among teams.