Your Cyber Crime Tide Forecast

By: Dr. Gary Anderberg

June 29, 2023 — Our first posting as a VP of Data Processing goes back to 1977, so we have seen most of the major stages of IT development — including cyber crime, hacking, ransomware, and all the ways IT can be compromised for illicit gain. Cyber crime rises and falls, much like the tides. Enterprising hackers try new attacks, and IT managers respond with new defenses — back and forth.

A new report from Beazley, Defense in Depth: Cyber Security (Defence in Depth Cyber Security | beazley), from their series of Cyber Services Snapshots, brings us up to date on the present state of cyber crime. The news is not good. The tide of cyber crime is rising again:

"Cybercriminals are getting quicker at identifying security weaknesses and using them to gain entry into networks," Christian Taube, Beazley's international head of cyber services, said in a statement. "This means that organizations must work even harder to stay on top of these exposures — and to ensure that even if someone gains entry into their systems, multiple layers of defense are in place to prevent the worst outcome."

Hackers are especially targeting managed service providers now since gaining entry to one such provider can open up any number of client systems. One recent breach, the GoAnywhere exploit, used an oversight by one person at a service provider to compromise multiple client systems. Obviously, any good risk program will include the usual precautions — endpoint detection and response, rapid installation of security patches, limiting users' permissions and access, network segmentation with strict filtering rules, and having a documented and tested disaster recovery plan, among others — but the folks at Beazley suggest additional protection: the delete function.

Is all the data you collect — and now have to protect — really necessary? Further, what needs to be readily available instead of stored in air-gapped back file facilities? Back in the day, "shelf space" for data was both scarce and expensive*, so we always asked, "Is this [date, name, serial number, etc.] really needed to make our business run?" Or can we spin it off to disks or tapes and keep it out of the way? Nowadays, we revel in Big Data. We have tons of information about everything readily accessible. But the question remains — how much is really necessary?

The more you collect, the more you must protect. When was the last time you ran a thorough data inventory update and challenged the folks who "need" those reams of details to justify their retention online based on regular business processes? That kind of applied skepticism was routine back when we were still queuing up open reel tapes** to keep all that stuff.

According to the Beazley report, attacks in the most recent period came in all flavors: phishing as an attack vector accounted for 36% of all ransomware incidents***, followed by Remote Desktop Protocol at 27%, unknown vector at 21%, and software vulnerabilities at 15%. Ransomware attacks were up a bit, but the professional services sector was a "continuous target" for fraudulent instruction schemes. Other minor types of incursions dropped off by a few percentage points, but the tide is rising once more.

Perhaps the pithiest summary we have heard on this topic comes from, of all people, the tennis star Martina Navratilova: "Security used to be an inconvenience sometimes, but now it's a necessity all the time." As Beazley reminds us, the contest never ends; it just changes emphasis.

*I ran IT for a regional TPA back in 1978 using less long-term memory than I have today on one thumb drive.

**Dig this — our daily system backup in 1987 was open reel tapes in a fireproof filing cabinet. Hey, it never got hacked.

***See also Advisen's recent update on the growth in phishing attacks (Advisen Front Page News).