Enterprise Security: A Look Back at 2018
Cyber criminals have continued to score “wins” with the revelation of every new corporate data breach. Data breaches have become almost-daily news items, in large part because there’s been a significant uptick in the number of incidents, and more companies are more diligently reporting them. Previously, research showed almost 80 percent of breaches went unreported, or in some cases the company that was the victim didn’t even realize that it had happened. In today’s digital age, cyber criminals continue to evolve and change tactics to secretly gain access to companies’ networks and sensitive data. It’s a 24/7/365 challenge for enterprise security professionals to keep up with the right mix and layers of technologies that can help them proactively recognize potential threats―before they happen.
As 2018 draws to a close, we want to take time to reflect on the influences that helped shape the ongoing evolution of enterprise security.
In looking back at this past year, if we wanted to sum up enterprise security in a single sentence, then it might read like this: Companies worked hard, tried hard, but just weren’t totally effective. While the fraudsters have gotten more sophisticated in their approaches, the efforts to stop them have also ramped up. However, there’s a general acknowledgement in the security world that even the best solutions, with the maximum number of layers, are still going to get pierced. Companies continue to try different technologies and protocols, but will also continue searching for multiple and improved ways to stop these threats.
The key enterprise-security issues and impacts from 2018 worth noting were:
- What Was Old Was Still New, Just Sharper with More Sophistication―It’s the same old stuff: data breaches, compromised credentials and ransomware. Fraudsters repurposed their strategies, but honed their tactics to further evade security measures. Their ultimate intents were still the same whether it was to steal information, access money, damage a company’s reputation, or just impede an organization’s ability to do business.
- Hackers Weren’t Bored Teenage Kids, But Organized Crime Rings―Cyber criminals weren’t just teenage kids sitting in their basements on mom and dad’s computer trying to hack into bank accounts to get $100 or $1,000 at a time. There were a number of indications that many hackers were part of organized crime rings who, if they could gain access to 1,000 credit card numbers or 1,000 names and social security numbers, could easily monetize that information in the Dark Web environment― sometimes at higher values than fraudulent financial transactions. Cyber theft turned into big, big business―and very organized business at that.
- Banks and Financial Institutions Were No Longer the Big Targets―As stated above, criminals realized the value of credentials on the Dark Web, and they didn’t seem to be fussy about where they came from. Five years ago, when you heard that banks, financial institutions and, in turn retailers, were compromised, you could understand the logic in these attacks. However, insurance companies, airlines, restaurants and social networks have become targets as well―giving new meaning to brand trust and loyalty.
In 2018, we saw encouraging signs that companies across the industry spectrum are devoting more time and resources to shoring up their enterprise security. We expect that diligence to continue into the new year. In our next blog post, we’ll help security professionals and corporate leadership prepare as much as possible with our perspective on what trends lie ahead in 2019.