According to IBM, cybercrime continues to grow at a significant pace year-over-year (4x increase in 2019 vs. 2018) despite increasing resources and attention placed on security by companies and governments.
Key findings from the IBM annual threat intelligence report out this week include:
- Of the more than 8.5 billion breached records reported in 2019, more than 85% were due to misconfigured cloud servers and other improperly configured systems.
- Operational technology (OT) targeting increased 2000% year-over-year, with more attacks on industrial control systems (ICS) and OT infrastructure than any of the prior three years.
Financial Services is still the most targeted industry, but Retail is now the second-most targeted (up from fourth last year).
The fact that the year-over-year increase in cybercrime continued in 2019 despite increasing resources and attention placed on security points to a fundamental problem with the current approach to cybersecurity. Though the mainstream cybersecurity market may encourage companies to throw more money at the problem, results suggest that this is not the answer.
Of the notable findings from the IBM report, misconfigurations as a key contributor to breaches is evidence of the decisive importance of the management of technology rather than the technology itself. Cyberhedge research supports the fact that the management of technology is a decisive factor between good and poor cyber governance. Not surprisingly, the newly released
Instead of faulting the existing technology and purchasing new products, companies can enact a more proactive approach that focuses on improving the management of existing technology. This puts more of an onus on people, policy, and process.
Regarding the ranking of top industry targets, the rise of Retail is reflective of the way in which digital transformation has taken hold of a sector increasingly battling for market share in e-commerce. The explosion of customer data and an increasing reliance on digital assets like frictionless websites and direct-to-consumer capabilities make the sector more attractive to cybercriminals. Companies like Macy’s, struggling to manage these risks, embody the challenge facing Retail overall.