As originally published in Legal Management May 2021
The Evolution of Cybersecurity
by Heinan Landa | Optimal Networks, Inc.
Last year we saw cybercriminals seizing a massive business opportunity. Our rapid shift to working from home due to COVID-19, plus heightened financial, political, social and emotional stressors, presented a perfect storm:
- The consumer-grade routers and electronics we use at home are inherently less secure than the centrally managed commercial-grade devices at our offices.
- Many home networks are already compromised. In April 2020, BitSight found that 45% of companies had malware originating from an employee’s home network.
- Social engineering hacks like phishing, vishing and smishing thrive when victims are preoccupied or fearful.
Our organizations became very vulnerable suddenly, and bad actors did not hesitate to cash in. In March alone, scammers ramped up COVID-19-related phishing scams 667%. Overall, the FBI’s Internet Crime Complaint Center (IC3) saw a 400% increase in reported cyberattacks in 2020.
While the events of last year presented a unique scenario for all of us, the swift and aggressive response from bad actors is indicative of a trend that will, unfortunately, persist. Cybercriminals have organized themselves into a successful enterprise that continues to innovate and evolve for maximum profit.
And that profit is sizable. According to a March 2020 study by Atlas VPN, cybercriminals bring in over $1.5 trillion per year in revenue — more than Facebook, Walmart, Apple, Tesla and Microsoft combined.
Why does it matter?
Our only option when it comes to mitigating (not eliminating) the risk of a breach is to match ever-evolving threats with ever-evolving security strategy. Cyber defenses cannot be “set and forget” anymore; while antivirus software, firewalls and active monitoring tools are essential components of that defense, they are no substitute for human vigilance.
Not only that, but our concept of vigilance must recognize the potential for highly sophisticated cyberbreaches that span weeks or even months. Instead of snatching valuable data in discrete intrusions, cybercriminals are siphoning it off via prolonged, methodical interactions with victims. One popular scam works like this: