Smart Security on Demand
Organized crime syndicates are reaping billions of dollars in revenue committing highly organized, coordinated attacks against businesses of all shapes and sizes. In fact, organized crime now gains more revenue from cybercrime than from the illegal drug trade and is on pace to eclipse all its other forms of illegal activities combined within a few years.
Combine that with the global shortage of experienced security professionals and the forecast calls for very rough weather ahead.
Experts now say that the global cost of cybercrime for reported and unreported breaches likely exceeds one trillion dollars.
Source: Multiple reports
While most estimates vary considerably, the actual reported losses in 2015 were more than $500 billion, with experts agreeing that the number of unreported losses greatly exceed that number. That puts the global cost of the cybercrime epidemic at over one trillion dollars and climbing rapidly.
Sources for advanced attack software and even technical support has become a cottage industry within the cybercriminal underworld.
Source: Trustwave SpiderLabs
Everything needed to carry out advanced attacks is available for rent somewhere on the dark web. This includes licensed exploit software, botnet command-and-control infrastructures, customized malware and evasion payload programs to help bypass perimeter security systems and attack endpoints. "Hacking-as-a-Service" is enabling criminals to go after even more lucrative targets.
Health care, retail and small business (yes, small business) are leading the way in breach activity due to weak security practices.
Source: Ponemon Institute, 2015
There is nothing new here about organized crime tactics. They prey upon the weakest and have developed highly automated tools that make targeting these businesses trivial. The notion that your business is too small to become a target is outdated and dangerous.
The average number of days that attackers are present within a network before detection.
Source: Microsoft Advanced Threat Analytics
This reflects just how poorly the majority of companies are at detecting malicious activity within their networks. This kind of latency allows attackers to move laterally throughout your network and compromise critical servers, such as domain controllers, where user credentials are captured and then used to steal sensitive data. Once that happens, it’s too late to stop them.
Ransomware-as-a-Service is rapidly emerging as a key exploit used against businesses.
Source: 2016 Trustwave Global Security Report
An unprecedented trend has emerged in which cybercriminals don't need to steal credit card data or other sensitive information. Instead they simply encrypt or otherwise co-opt a target company's data and systems, demanding payment to regain control. In 2015 an organization had its data center fully compromised and eventually paid out nearly one million dollars to the attackers.
The worldwide shortage of trained security professionals is now estimated to be at one million positions and growing.
Source: Cisco, labor statistics
By 2020, most estimates are that the global shortage of trained security personnel will be close to 1.5 million. Clearly, there has to be another approach to solving this issue, and managed security services are quickly emerging as the only effective way to get a handle on this growing problem.
2016 Trustwave Global Security Report
Trustwave Security Survival Guide for Growing Businesses
Trustwave Managed Security Services