Cybercrime Never Sleeps | Opinion

When the Colonial Pipeline fell victim to a ransomware attack, people across the United States were shocked to find that a single episode of cybercrime could lead to widespread delays, gas shortages and soaring prices at the pump. But disruptive ransomware attacks like these are far from rare; in fact, they are becoming more and more frequent. Cybercrime is on the rise, and our cybersecurity infrastructure desperately needs to keep up.

A quick look at the data from the last year confirms that cybercrime is a growing threat. Identity theft doubled in 2020 over 2019. Other major forms of cybercrime saw even bigger increases in frequency throughout the pandemic; according to a recent study by the cybersecurity firm Deep Instinct, malware use in 2020 increased by 358 percent, while ransomware attacks soared by 435 percent.

Yet even amidst this massive spike in cybercrime, businesses aren't doing enough to protect their cybersecurity. A McAfee survey found that 56 percent of organizations don't have a cybersecurity plan in place to prevent or respond to an incident of cybercrime. The consequences of being unprepared, however, could be catastrophic; some experts estimate that the global costs of cybercrime will surpass $10.5 trillion dollars per year by 2025.

Businesses and organizations, both small and large, must make cybersecurity a top priority in 2021 and beyond. Organizational leaders need to know the risks they face and become acquainted with the best cybersecurity solutions available to them. Cybercriminals won't wait for you to protect yourself; either you get ahead of cybercrime now, or you risk disaster later.

A big part of the problem is that too many organizational leaders don't recognize the scale of their exposure to cybercrime. In our digital economy, data is the most valuable asset. Every digital platform, app, network, device and service is fueled by massive amounts of data. And a great deal of that data is extremely sensitive; it only takes one weak password, one set of stolen employee credentials, or one compromised device for cybercriminals to take action.

Cybercriminals and hackers are hungry for your sensitive data, and they'll do just about anything to get it. Your every digital service or device is a possible point of attack. Cybercriminals have a host of tools at their disposal, from malware and ransomware to keyloggers and phishing emails. You can bet that every point of digital exposure in your business' cyber infrastructure will be identified and exploited by these thieves and hackers.

With such an active and multifaceted threat environment for cybercrime, organizations that don't take proactive steps to secure every aspect of their organization will quickly fall behind the curve. Seventy-eight percent of senior IT and IT security leaders say they aren't confident in their organization's cybersecurity protocols, in part because attack surfaces have multiplied so rapidly that many organizations simply aren't keeping up with everything they need to protect.

Inside a computer
The components of a laptop are shown. TOLGA AKMEN/AFP via Getty Images

To avoid becoming just another cybercrime statistic, organizational leaders should get realistic about their digital exposure. For the digital business of today, it's no longer a question of if you'll be hacked, but only a question of when. Businesses can't rely on a reactive approach to cybercrime; they need to start implementing the cybersecurity changes that can provide proactive, continuous and holistic protection from the most common and most likely forms of cybercrime.

For most organizations, that means addressing their number one cybersecurity vulnerability: their employees.

The most common cybercrimes involve a tactic called "social engineering." Cybercriminals often don't have to hack your digital systems directly; instead, they will manipulate, exploit and trick your employees into giving them the information they need.

Social engineering regularly takes the form of spear phishing attacks, where a cybercriminal will pretend to be a company supervisor, administrator, or other authority figure and try to get employees to relinquish sensitive login credentials or click on email links containing malicious software like malware or ransomware.

Cisco estimates that spear phishing attacks account for 95 percent of cybersecurity breaches to enterprise networks and systems. The fact is that social engineering and phishing attacks work far more often than you might think. Forty-three percent of employees say they have made a mistake at work that likely compromised their employer's cybersecurity. Several major incidents of cybercrime were the result of simple human error; Equifax and Capital One both had their networks hacked because of employee mistakes.

For all of these reasons, the number one thing organizations can do to improve their cybersecurity is to educate and empower their employees to better identify cyber threats, while also taking steps to ensure that their employees are adequately protected. Employee training and clear cybersecurity guidelines can be a good start. But building strategic partnerships with reputable cybersecurity firms, providing enhanced cybersecurity benefits to employees and securing some of the systems most commonly used by employees can help make sure your organization is safe.

Cybercrime isn't going away anytime soon, and no one can afford to skimp on their cybersecurity protections. While the cybercrime threat landscape is complex, providing the best cybersecurity training and protections for your employees is the best place to begin.

Tom Kelly is president and CEO of IDX, a Portland, Oregon-based provider of data breach and consumer privacy services such as IDX Privacy. He is a Silicon Valley serial entrepreneur and an expert in cybersecurity technologies.

The views expressed in this article are the writer's own.