One bad email link. A single unguarded endpoint. A company computing device left unattended. These are all seemingly innocuous things that can quickly lead to a company falling into the hands of sophisticated and relentless cybercriminals.
The presence of malware in the business world is undeniable, and the staggering damages wrought by breaches are only on the rise. Yet many companies would sooner ignore the potent threat posed by cybercriminals than make an investment in endpoint threat detection and response software. But for businesses that don’t protect themselves, the prospect of attack is growing ever more probable as hackers operate with enormous power.
Hackers are like a disease that can never be eradicated. But just as people get inoculated against the flu, companies can take a proactive step toward self-preservation by implementing endpoint security and control mechanisms. A look at the malware climate of today reveals that the time to do that is right now.
Cybercrime operates with the power of nation-states, report finds
According to ZDNet, the influence wielded by certain hacking collectives is tantamount to that of certain nation-states, a revelation that suggests the indisputable ascent in power that such criminals are enjoying these days.
“These groups have repeatedly shown they can overcome almost any cyberdefence. Financial crime in cyberspace now occurs at industrial scale,” according to a McAfee report cited by ZDNet.
As far as industries go, cybercrime is a uniformly profitable one, reaping more than $400 billion annually, and netting not only monetary but also reputational gains for the criminals who carry out attacks. Where attackers were once disparate they are now unified, boasting about the incursions they’ve carried out and swapping trade secrets in the darkest recesses of the Internet. But it’s not only tips that are being exchanged in cybercrime forums; the codes for malware attacks are also disseminated in these places, for a price.
“Someone who wants to infect computers with a particular type of malware would go to one of the organised crime groups and ask them – crime as a service – can you infect 20,000 computers and for that we’ll pay you so much,” said Paul Gillen, a researcher for McAfee. “They do that and they get a pay-per-infection rate. It is quite a sophisticated business model.”
With proliferation of cybercrime, it’s no surprise that breached records are high
Companies that don’t deploy robust endpoint threat detection and response measures can count on having to shell out big bucks in recovery costs, if recovery is even possible.
According to an RBS study cited in CSO, the first quarter of 2014 saw the compromising of 176 million business records from a pool of 669 reported incidents. While the number of incidents sits around the same this year as last, the number of compromised individual records in 2014 represents a 46 percent increase from the previous year. What this proves is that not only are cyberattacks common, but their virulence is actively increasing, leading businesses to experience greater losses in a single attack.
As Inga Goddijn, Managing Director of Insurance Services for RBS, pointed out, “It’s difficult to say whether security is deteriorating, bad actors are getting better or some combination of both.”
But she added that one thing is clear: The scale of attacks can be nothing short of monstrous.
“What we do know is that there have been eight events in the past six months that have involved the compromise of at least 10 million records per event and the trend is continuing with the most recent revelations at eBay,” she said.
What businesses can do
Companies cannot be lax when it comes to security, or they risk compromising the entire enterprise infrastructure. By following these guidelines, businesses can protect themselves against an attack:
- Implement strong endpoint protection software.
- Be transparent about the company’s protective systems with all employees, not just the ones in IT. After all, if a person at the front desk doesn’t know how a malicious incursion can burst into the company system, he or she could easily open a malware-laden email.
- Make security protection a priority at boardroom meetings. The moment the issue of endpoint protection falls off the company agenda, it will no longer be enforced with the stringency it requires. Therefore, make sure it is always addressed.