The State of Cybercrime: How CIOs Can Protect Their Organization from Rising Threats in 2022

November 3, 2021

The cybercrimes in 2020 marked history, and reinforced the importance of cybersecurity for enterprises. Threats like malware, phishing DDoS, among others, spiked as the workforce shifted remote. While cybersecurity has always been one of the biggest concerns for IT teams, what’s more alarming is the evolving sophistication of these crimes.

For example, one of the many crimes that made it to the headline was the SolarWind attack, a major US IT company. The attack went on months before anyone noticed it, and it affected clients of SolarWind that include Fortune 500 and agencies in the US government.

Crimes like these mirror the state of cybersecurity and show that attacks are manifesting in ways never imagined before. It makes identifying and mitigating risks complex.

However, with the right strategies and preventive measures, CIOs and IT leaders can identify and mitigate risks readily.

So in this blog, we’re going to discuss:

  • The state of cybercrime
  • What measures CIOs can take to prevent their organization from rising crimes.

So let’s dive in.

The State of Cybercrime

The overnight turn of fate exposed many vulnerabilities and the weak security posture, sweetening the deal for hackers to exploit networks and data.

In general, the state of cybersecurity isn’t getting any better as seen in a study by CompTIA. In 2020, 80% of the participants felt the state of cybersecurity is improving. However, in 2021, only 69% still felt the same.

The accelerated digital transformation, uncertainty, and the pandemic’s ripple effects have led to pessimistic sentiment.

Furthermore, a report by ISACA and HCL Technologies on The 2021 State of Cybersecurity showed that:

“62% stated that threat actors took advantage of the pandemic to disrupt organizational activity.”

So, how are companies coping with this dynamic cybersecurity environment and constantly evolving demands to adapt and protect?

By increasing the budgets, to begin with. For example, the same report by ISACA and HCL Technologies shows that 41% report an increase in their organization’s cybersecurity budget for the following year.

And 51% of the financial services organizations increased spending on security technology.

Finally, 48% of respondents from pharma, healthcare, and medical organizations reported adopting SASE or zero-trust strategy due to the pandemic.

So without further ado, let’s take a look at some of the ways CIOs can strengthen their organizations’ security parameters and protect them from rising cybercrimes.

How to Protect Your Organization from Rising Cybercrimes?

The state of cybercrime and pandemic has shown us that crimes are at an all-time high. New approaches, strategies, and solutions are needed to cope with these changes and demands. So let’s see some of these ways.

1. Back to Basics: Importance of Strong Passwords

The importance of strong passwords is stressed time and again. Why? Simply because it’s one of the easiest doorways for hackers to infiltrate a system. Most common passwords are based on personal information like anniversaries or birthdays, easily found on the internet. That’s why a 10-character password that’s a mix of symbols, numbers, and names is a smarter choice.

However, remembering such intricate passwords is unrealistic. Whether it’s business or individuals, defaulting to setting an easy-to-remember password that includes some personal information or recognizable pattern is easy. That’s why you should use password managers. It securely stores your unique password, making it easy to manage passwords for different accounts.

Multi-factor authentication (MFA) takes password management to the next level. It requires users to go through 2 walls of security instead of just one, strengthening the security of the account.

For example, while the first layer is the password, the second layer could be fingerprint touch, one-time password, or other such methods.

It’s especially important in a hybrid working environment. MFA is not only useful for employees working from different locations but also for those interested in bringing their own devices. MFA lets your people work from any device securely.

One thing to avoid in MFA is the set-it and forget-it approach. Instead, keep checking in regularly with your employees to ensure it’s working.

2. Automate Data Backup, Your Most Valuable Asset

Ransomware continues to be one of the top cybercrimes. Hackers encrypt the company data and usually demand a handsome fee to give it back to them. Despite giving in to hackers’ demands, it takes days, if not weeks, to retrieve the information. Thus, data backup is of utmost importance.

Next, air gapping your backup is another strategy to prevent hackers from exploiting backed-up files as they’re stored in locations other than the company premise. It could be an off-site location or cloud environment.

One of the things CIOs must do is a periodic check-up of the policies. This ensures backups are being done regularly. If any changes are needed, they could be implemented—moreover, reviewing guidelines for backed-up locations, including cloud backup and off-site backups ensure healthy implementation of backup policies.

Finally, one size does not fit all when it comes to data backups. Test, iterate, and plan what works best for your organization.

3. SSL VPN: Secured Pathway for Network Traffic

Working from various locations like in a hybrid workspace means using public WiFi or unsecured network lines. This could possess threats like man-in-the-middle attacks where malicious third parties can capture sensitive information like credit card numbers, passwords, or even usernames and passwords for accessing bank accounts.

This calls for a robust security solution like SSL VPN. A virtual private network (VPN) keeps your data encrypted. Furthermore, it hides your internet activities and also secures business data.

SSL VPN protects against all such crimes and provides end-to-end data security by encrypting your data as it travels to its final destination. In addition, SSL VPN eliminates the threat of network eavesdropping, tracking, or extracting sensitive information.

Basically, with SSL VPN, your network traffic travels through a secured tunnel to reach secured or confidential resources. This way, your company’s data can remain secure regardless of where your employees work from. SSL VPN is easy to set up, less complex, and requires less technical monitoring.

4. Web Application Firewalls: Barrier for Hackers

Your web applications are one of the most valuable assets for your business. And also one of the most exposed ones. Websites are the primary target for hackers to intrude on an organization’s systems. Some web application attacks are DDoS, cross-site scripting (XSS), zero-day attacks, and SQL injection. Web application firewalls block this traffic by identifying malicious traffic and suspicious activity like ping floods.

Firewalls act as the first line of defense and as a barrier for hackers. It stops the traffic from entering the premises and prevents it from further intruding by blocking it.

5. Create a Risk Management Plan

Identifying and mitigating the potential threat can save your company from a huge setback of financial resources, data assets, and reputation.

To create a risk management plan, assess all your data touchpoints, prioritize your most valuable assets and understand where vulnerabilities are and the best possible strategies to seal the gap. Creating a plan also ensures your company knows the response to any unforeseen incident. Any event that can negatively impact the business operation should be included in the risk management plan and its response plan.

Key Takeaways to Protect your Organization from Cybercrime

Cybercrimes are rising at an alarming rate. With the advent of digital transformation, hybrid working workspaces, and rise in use of IoT devices, hackers continue to evolve and operate more complex hacks. So if you wish to strengthen your company’s security posture, it’s high time to understand how cybersecurity can affect your reputation, the risk it possesses and take adequate measures.

Thus, staying on top of cybersecurity trends and understanding which security technology is best for your organization helps in maintaining a healthy security posture.

Shibu Paul

Mr. Paul has 25 years of experience in the field of Digital transformation – IT, IS and telecom – having worked with Sify Ltd, British Telecom Global services (India) and BT Americas in various roles. He was part of the team that launched the first IP network, first private ISP and first Certifying Authority in India. He joined Array in 2009 as country sales head and progressed to leadership positions including Country Manager and Regional Director-APAC.