As 2018 draws to a close, cybersecurity breaches continued unabated to make headlines and causing widespread damages to enterprises. The truth is that the nature of the threat from cyber-criminals is changing, becoming increasingly invisible, menacing and the attack surface broadening by the day, making it difficult to identify and protect from potential threats. From some recent attacks, we saw medium to large scale disruption to enterprise’s infrastructure, integrity compromise and loss of trust of its data. Cryptocurrency mining malware was one of the most prominent in exploiting human weaknesses. The modus operandi was to establish relationships with the target and then eventually execute the malware. It led to customer loss, legal actions and shareholder revolt. There are still gaps and attack vectors continue to elude traditional defenses.
Do we still think cybersecurity is the sole responsibility of the Security team in an organization and it is their responsibility to assure that a released product has addressed all the security issues? Do we think it is secure to release the product into the competitive market at first and then to think about its security part?
In order to survive in today's competitive world, IT companies have to come up with new and innovative products at a very faster pace. Adoption of DevOps has helped most organizations to compete more effectively in the market and to better serve their customers. But, for being a best-in-class technology company and to earn customer trust, is this enough?
Will 2019 be better or worse than 2018? Traditional business structures will continue to get disrupted over the next two to five years. The digital age has created unprecedented opportunities to do business and deliver services using new technologies. Organizations are rapidly embracing social media, mobility and cloud computing technology and transforming their ICT operations. The fast advancement in above technologies is being driven by the economics of value and advantage created by this competitive change. While this opens up exciting new opportunities, improves efficiency, it also exposes businesses to larger attack surface and associated multiplicative risks of cyber-attacks of adopting such emerging technologies, increased network bandwidth, and interconnected devices.
2017 saw an unprecedented rise in the list of cyber breaches and attacks. The data breach at Equifax resulted in hackers accessing Social Security numbers, driver’s licenses details of million Americans. The recent in the list of incidents is social media giant, Facebook, whose shares plunged by over $60 b$ in first two days, on account of misuse of personal data of 50 million Facebookers by British data analytics firm 'Cambridge Analytica’. In 2017, we saw an alarming level rise in Ransomware attacks and ransom payments hitting over $2 b$. WannaCry, NotPetya, Bad Rabbit Ransomware hit more than 500,000 machines globally necessitating some businesses to even suspend operations, or paying ransomware cases with cryptocurrencies being unavoidable in situations. The WannaCry infections were so bad that Microsoft had to release a patch overnight for Windows systems that it had long stopped supporting.