It’s an unfortunate truth that human activity attracts pests. Farmers have been waging war against insects and rodents for almost 10,000 years. Merchants and sailors have traditionally shared quarters with fleas, weevils and rats. These days, as businesses become increasingly enmeshed in the digital economy, opportunities are created for a new breed of pests. If we gave them a scientific name, it might be Rattus cybercriminalus. Their numbers, sadly, are growing, aided by the rapid implementation of technologies that provide companies with competitive edge, and crooks with a thousand new ways to sneak into the barn. Although there are many encouraging long-term plans in place, such as the application of analytics, machine learning and artificial intelligence to security, the outlook for combating cybercrime is anything but rosy. So what can we do, in the meantime, to safeguard our precious data? How can we build and maintain secure ERP environments, given our need for agility, flexibility, and data sharing? The first step is to not bury your head in the sand. Cybercrime is highly profitable, and everyone is at risk.
2017: Ransomware – and WorseLast year was a banner year for cyber criminals, who dominated the news with attacks such as WannaCry and NotPetya. In May, WannaCry spread across the Internet at record speed – 230,000 computers in just 48 hours. The attack infected Britain’s National Health Service, diverting ambulances and forcing the cancellation of approximately 20,000 appointments and operations. This was, perhaps, the largest demonstration of real-life consequences from cybercrime to date. In June, 2017, NotPetya hit the news, spreading even faster than WannaCry, and carrying a more malicious payload. At first believed to be a ransomware attack, it was later determined that NotPetya’s ransomware functionality camouflaged its true purpose – the wholesale destruction of data. NotPetya crippled Danish shipping giant A.P. Moller-Maersk, which moves about twenty percent of the world’s freight. Tens of thousands of Maersk’s computers and servers were turned into junk. The company’s operations were impacted in four countries, creating havoc and port congestion for weeks, and contributing to a $264-million quarterly loss despite rising revenues. Maersk was not alone – well-known companies such as Merck and Fedex were similarly, if not as dramatically, compromised by NotPetya. In September of last year, a security breach at credit reporting company Equifax exposed the Social Security numbers, addresses and even credit card numbers of approximately 147 million Americans. According to Reuters, the Equifax breach could ultimately cost over $600 million – perhaps the most costly cybercrime in corporate history.
The True Cost of CybercrimeGlobally, cybercrime is predicted to be an annual six-trillion-dollar drain on the global economy by 2021 – surpassing the global profits made from all illegal drug sales combined. And while a $264-million loss such as Maersk sustained is enormous, it needs to be remembered that not all the damage shows up in the ledger. Although Maersk appears to have survived the storm, some businesses never recover from a data breach. Reputational damage, as well as loss of perceived value, can seriously undermine a company’s appeal to investors and partners. It can also erode the value of a brand, especially when confidential customer information is stolen. Cybercrime is not always about profit. Beyond theft, extortion and reputational damage, the motives for cybercrime may include business interruption, industrial espionage, and the infiltration of critical infrastructure.
2018 - Expanding Opportunities for CybercrimeMost experts predict that ransomware and other cybercrimes will continue to proliferate in 2018. I’m of the opinion that cybercrime is thriving for two main reasons. First off, opportunity attracts pests, and the explosive growth of networked devices – expected to grow to 20 billion in 2020 – is expanding the opportunities for cybercrime beyond our current ability to control. At the same time, competition is heating up, and companies are investing heavily – and rapidly – to stay at the top of their game. In the rush to improve, cybersecurity is sometimes taken for granted, other times forgotten, ignored, or put off till later. Matters are made worse by a growing cybersecurity skills gap. By 2019, experts project a global shortage of two-million cybersecurity professionals.
An Asymmetrical BattlefieldOne of the biggest challenges for cybersecurity is a phenomenon known as “asymmetry”. Imagine fighting a war in which you know very little about your enemy’s capabilities, but they know everything about yours. Hackers and cybercrooks have access to all the same software, technology and services that we do. They can install the same anti-virus and anti-malware software that we rely on, as well as firewalls and other layers of protection and protocol – and then pick away at them until a vulnerability is revealed. We, on the other hand, know very little about them – we are forced to guess what they’ll do next, and hope that we’re prepared.
A Silver Bullet?Sorry folks, there is no silver bullet, not yet, anyways. There are, however, ways to protect your business. To start with, it’s important to never underestimate the risks, nor over-estimate your IT team’s abilities. Keep in mind that your Cloud, mobile and IoT deployments could easily come under the cross hairs of sophisticated cyber criminals. When it comes to ransomware attacks, remember that paying the ransom is not a guarantee of retrieving your data. Make certain you have a robust plan for system and data recovery, including daily back-ups. Plan your back-up and recovery systems around business realities. If your business won’t survive 24 hours without 12 months of accessible data, make sure you can recover a year’s worth of information in the specified time. For companies making plans for the implementation of ERP (or any networked business system), make cybersecurity a primary consideration – not an afterthought. Undergoing digital transformation without sufficient attention to security is an open invitation to thieves. If you'd like more information on how to protect your business data as it relates to ERP, please contact us.