March 10, 2022 – The risk of cybercrime to organizations of all sizes is escalating, with significant costs, and can no longer be ignored by business leaders. The Russian invasion of Ukraine, experts predict, will soon reach far beyond that country’s borders, and affect us far more than at the gas pump. The Department of Homeland Security is warning citizens and businesses across the U.S. to be on high alert for cyberattacks from Russia. Cybersecurity Ventures, a leading researcher and online resource for the global cyber economy, projects global cybercrime costs to increase by 15 percent per year, reaching $10.5 trillion annually by 2025. And according to global cybersecurity leader Trend Micro Inc., in its Cyber Risk Index Report – an annual survey of 2,800 IT managers and practitioners from the U.S., Europe, and Asia-Pacific – 26 percent of global corporations fell victim to seven or more cyberattacks in the past year, and over 80 percent of these expect such attacks to be “somewhat” or “very likely” to succeed.
Since the onset of COVID-19, the demand for enhanced cybersecurity – and cyber talent – across industries has increased exponentially, with specific needs to address the new realities of a world in pandemic mode. According to a new report by executive search network IMSA Search Global Partners, “As companies shut down and employees worked from home in unprecedented numbers, chief information security officers (CISOs) had to create secure connections for this extensive new remote workforce.” The surge in online commerce during the pandemic also required significant systems upgrades. “CISOs had to reallocate budgets to cover COVID-related costs, putting planned security improvements on hold and possibly exacerbating already identified risks and existing threats,” said the report.
Increasingly, organizations of all sizes are awakening to the perils posed by cyberattacks. In the latest deal facilitated by Hunt Scanlon Ventures, Diversified Search Group has acquired Alta Associates, a search firm specializing in cybersecurity, IT risk management, and data privacy and Executive Women’s Forum, a professional membership organization for women in cybersecurity, risk management, and privacy. Let’s go inside the latest deal.
“Cybersecurity is the biggest threat facing companies today,” said Scott A. Scanlon, CEO of Hunt Scanlon Ventures. “But the biggest risk these organizations are now confronting is finding enough talent to put on their front lines of defense. This transaction will help them close that talent gap.” Read more.
“Prior to 2021, cybersecurity was increasingly a pressing topic in most board rooms,” said Steve Martano, a partner in the cyber practice at Artico Search, a leader in the cybersecurity talent space. “The advanced attacks and costly public breaches and ransomware events over the last 12 to 18 months have increased the frequency and depth of those discussions. COVID-19 and the work-from-home trend have accelerated the visibility of the CISO and the security apparatus, as endpoint security and vulnerability management became front and center due to the prevalence of remote work,” he noted.
That has made competition for top chief information security officers fierce as companies seek to protect themselves from potentially crippling cyberattacks. Newly released compensation data from IANS Research and Artico Search shows a wide pay gap, from small companies with nascent cyber programs to multinationals with well-established cybersecurity teams. Notably, female CISOs are out earning their male counterparts.
Identifying Vulnerabilities, Understanding Consequences
The first step in defending against cybercrime is understanding risks and identifying where your systems are susceptible. Trend Micro’s Cyber Risk Index says that the top cyber threats include:
- Ransomware (malware that cryptically blocks access unless a ransom is paid).
- Social engineering/phishing (techniques to trick people into providing personal data).
- Clickjacking (concealed hyperlinks trick people into unintended actions revealing personal data and allowing control of one’s computer).
- Fileless attacks (tools built into software that allow attack and leave no code, file, or traceable footprint).
- Botnets (unsuspecting network of computers infected by malware and controlled by a hacker).
- Man-in-the-middle attacks (attacker intercepts communications between users, able to “eavesdrop” or alter the communications).
IMSA notes that certain situations present particular vulnerabilities: In automated buildings, every system and device are unique yet connected, each with its own unique cyber risks; and connected devices are easy to infiltrate. Healthcare facilities are high-value targets, with hackers launching constant attacks; medical records are “best sellers,” fetching up to $1,000 per record on the dark web, according to Forbes.
When developing a cyber defense plan, IMSA says that organizations should also consider potential problems, which could include:
- Loss of confidential employee and customer data.
- Access to intellectual property and financial information.
- Customer churn/loss of existing customers.
- Interruption of operations.
- Damage to critical infrastructure.
- Stolen or damaged equipment.
Ransomware Makes for Expensive Holidays
Ransomware, the most common form of cybercrime, is expensive. It encrypts files, locks out users, potentially corrupts data, and can cost companies millions in ransom payouts. Attacks have tripled since 2013, according to The Economist.
The Hunt for Cyber Technology Leaders Heats Up as Risks Multiply
With technology has come the insatiable – and merciless – need for talent. Having the right leaders and teams in place is now more critical than ever. Cyber technology leaders appear in various forms: chief information security officer (CISO), chief information risk officer, chief security officer (CSO), VP information security, chief trust officer, chief information officer (CIO), chief technology officer (CTO) and many others.
These executives are vital, front line leaders facing down increasingly numerous and sophisticated threats. Their job is to secure both the enterprise and its external products and solutions. They report to boards of directors and management committees on a regular basis, are considered strategic assets to be leveraged, and increasingly give organizations their competitive advantage. The cost of hiring one is rising – and that is good news to the scores of executive recruiters who hunt them down for clients around the globe. Read now >>
Companies should be particularly vigilant during holidays, when IT staff is reduced, systems are more vulnerable, and protective responses delayed, according to Fortune. IMSA points to the Kaseya hack that occurred last July, affecting nearly 1,500 businesses, and last year’s SolarWinds hack that occurred just before Christmas, attacking private companies, think tanks, and branches of the U.S. military.
Employee Training and Cybersecurity Policy
An essential component of a good cybersecurity plan is an up-to-date, readily available cybersecurity policy. “All employees, from entry level to the C-suite, should understand the policy and be trained to recognize and avoid security risks,” said Mitch Berger, managing partner of IMSA Search Global Partners USA and an IMSA board member.
“Many of our clients in the C-suite and HR departments have told us that cybersecurity is now a prominent part of employee onboarding, with hands-on training about online information sharing, passwords and security questions, two-factor authentication for account access, and what to look for in emails and other communications which would signal a cyber threat,” he said.
Prevention is the Best Policy
The effects of any cyberattack can be catastrophic, resulting in business disruption, harm to company or brand image, customer loss, data theft, and in some rare cases, loss of life, according to the IMSA report. The costs can be catastrophic as well. Experts recommend companies get ahead of the problem, addressing vulnerabilities before cyberattacks occur, by implementing the following preventive measures:
- Identify and assess risk areas across applications, devices, and people.
- Implement the ability to automate responses to abnormal activity.
- Adapt systems to remotely resolve issues.
- Create policies and action plans for quick and effective response in the face of an attack
- Empower CISOs with appropriate budgetary and human resources to provide proper planning, training, and continual monitoring and upgrading of systems.
Contributed by Scott A. Scanlon, Editor-in-Chief; Dale M. Zupsansky, Managing Editor; and Stephen Sawicki, Managing Editor – Hunt Scanlon Media