The primary targets at the moment are valuable data (that can be resold), and ransoms that block organisations access to their data until a ransom is paid. The general picture of 2016 is of increased success of cyber-attacks on businesses with greater costs to those attacked and greater profits to cyber-criminals.
We assume the cyber-attack figures also include B2B use of cyber-attacks to modify competitive advantage. Any such use of cyber-attacks in this manner as part of business competitive rivalry (in the same manner as cyber-attacks nation to nation) is not yet well documented in the research into levels of cyber-attacks.
Taking an over view, in 2016 according to Radware,
- 98% of US businesses suffered cyber-attacks in 2016
- 49% of US businesses suffered cyber-ransomware attacks
- Cyber-attacks are becoming smarter with multiple cyber-attacks packaged together and including ransomware
- Cyber attacks typically cost twice what organizations expect
- Cyber-attacks now hide in the systems that are used to provide secure business transactions (SSL, https etc)
- Cyber-attacks aimed at denial of IT services to businesses is becoming more sophisticated
Management Take Aways
- Your business will have cyber-attacks and many will be successful
- Protecting against cyber-attack paths now requires looking at cyber-attacks in terms of whole of business risk management
- Improved business response to the cyber-attack environment will require more sophistication.
- Traditional IT security is not enough to protect against smarter, targeted, or non-malware cyber-attacks
- Each successful cyber-attack will cost more than management expects
Resources
Radware's 2016–2017 Global Application & Network Security Report can be downloaded from https://www.radware.com/ert-report-2016/