Security Magazine logo
search
cart
facebook twitter linkedin youtube
  • Sign In
  • Create Account
  • Sign Out
  • My Account
Security Magazine logo
  • NEWS
    • Security Newswire
    • Technologies & Solutions
  • MANAGEMENT
    • Leadership Management
    • Enterprise Services
    • Security Education & Training
    • Logical Security
    • Security & Business Resilience
    • Profiles in Excellence
  • PHYSICAL
    • Access Management
    • Fire & Life Safety
    • Identity Management
    • Physical Security
    • Video Surveillance
    • Case Studies (Physical)
  • CYBER
    • Cybersecurity News
    • More
  • BLOG
  • COLUMNS
    • Cyber Tactics
    • Leadership & Management
    • Security Talk
    • Career Intelligence
    • Leader to Leader
    • Cybersecurity Education & Training
  • EXCLUSIVES
    • Annual Guarding Report
    • Most Influential People in Security
    • The Security Benchmark Report
    • Top Guard and Security Officer Companies
    • Top Cybersecurity Leaders
    • Women in Security
  • SECTORS
    • Arenas / Stadiums / Leagues / Entertainment
    • Banking/Finance/Insurance
    • Construction, Real Estate, Property Management
    • Education: K-12
    • Education: University
    • Government: Federal, State and Local
    • Hospitality & Casinos
    • Hospitals & Medical Centers
    • Infrastructure:Electric,Gas & Water
    • Ports: Sea, Land, & Air
    • Retail/Restaurants/Convenience
    • Transportation/Logistics/Supply Chain/Distribution/ Warehousing
  • EVENTS
    • Industry Events
    • Webinars
    • Solutions by Sector
    • Security 500 Conference
  • MEDIA
    • Videos
      • Cybersecurity & Geopolitical Discussion
      • Ask Me Anything (AMA) Series
    • Podcasts
    • Polls
    • Photo Galleries
  • MORE
    • Call for Entries
    • Classifieds & Job Listings
    • Continuing Education
    • Newsletter
    • Sponsor Insights
    • Store
    • White Papers
  • EMAG
    • eMagazine
    • This Month's Content
    • Advertise
  • SIGN UP!
CybersecurityManagementSecurity NewswireSecurity Enterprise ServicesSecurity Leadership and ManagementLogical SecuritySecurity & Business ResilienceSecurity Education & TrainingCybersecurity News

Cybercrime: A clear and present danger

By Sanjaya Kumar
org-security-freepik1170x658.jpg
March 3, 2022

Over the past three decades, cybercrime has evolved from, ‘I don’t think this will happen to me,’ to, ‘I can’t believe anyone would fall for it,’ to back page mentions, to headline news. 


For many of us in the over-40 crowd, exposure to cybercrime first came in the form of unbelievable Nigerian prince emails. Another wave arrived as DoS (denial of service) attacks, which occasionally caused minor web access issues but weren’t seen as a significant threat to most people. 


Cybercrime awareness ticked up sharply last year when America experienced the high-profile Colonial Pipeline ransomware attack. Now, American infrastructure is exposed and vulnerable to risk. A new awareness that cybercrime can impact daily living is a game-changer for many.


Today, there is an escalating clear and present danger from sophisticated cyber exploits orchestrated by organized crime and adversarial governmental agencies. This poses a significant business risk for almost every organization, and many are vastly unprepared. It is no longer a matter of if you will be a victim; instead, it’s when.


Business Risk

Today all significant businesses in all industries depend on technology and data systems. Recent shifts to cloud-based environments, interoperability, data sharing, and the use of multiple apps to conduct daily business, impose an inherent risk of cybersecurity issues such as active threats, data theft, data loss and ransomware demands. 


The risk has been compounded by the pandemic, exposing vulnerabilities associated with migration to remote working environments.


Last year, cybercrime became more expensive. Data breach costs increased from $3.86M in 2020 to $4.24M in 2021 per organization breached. COVID-19 had a negative impact too; the average cost of a breach was $1.07M higher when remote work was a root factor, compared to when it wasn’t.


When attacks involve healthcare, the result may not just be financial, but could result in loss of life. 


This has already happened. Last September, a female patient died when ransomware disrupted emergency care at Dusseldorf University Hospital in Germany. 


Are cybercriminals only targeting large businesses? Certainly not. According to cybersecurity expert Leia Shilobod, “Don’t kid yourself. Smaller businesses are low-hanging fruit because they don’t believe they are a target, and therefore have very loose or no security systems and protocols in place and hackers know this.” In a recent poll of small to medium-sized businesses, more than 75% have security issues, making them vulnerable to hackers, monetary loss, and a blackeye to goodwill.


Government Risk

Cyberespionage, cyberterrorism and cyberwarfare are different types of threats involving attacks against governmental institutions and contractors. Over the years, the concept of attacking via computer has migrated from fictional movie fodder to a highly credible threat today. A decade ago, Leon Panetta, then U.S. Secretary of Defense, said, “a cyber-attack perpetrated by nation-states or violent extremist groups could be as destructive as the terrorist attack of 9/11.” 

Such attacks have become more common in the last two years, prompting the U.S. government to mandate enhanced compliance and security practices to remediate key known vulnerabilities.


Whether targeting businesses or governments, cyberattacks represent a clear and present danger to our economy and national security. It will get worse, as evidenced by sophisticated, well-orchestrated 2021 attacks against iconic targets like Acer, JBS Foods, Kaseya, CNA Financial, Facebook, Instagram, and LinkedIn, each defined by sheer chutzpah. Successful attacks of the future will lead to many millions of dollars of economic destruction and can cripple daily life for large swaths of people. Some estimates peg the cost of cybercrime to be in the trillions of dollars by 2025.


Cybercrime and Cyberthreat Prevention

While cybercriminals quickly pounce on security lapses, many businesses, especially healthcare institutions and governmental organizations, have been slow to implement best-of-breed risk mitigation strategies and techniques. Organizations seldom prioritize cybersecurity as much as day-to-day business interests, and while borderline understandable, inaction is a mistake analogous to playing high stakes roulette with a loaded gun. No one believes that disaster will happen to them until it happens, and then it’s too late.


Cyber hygiene is a daunting, never-ending project. Establishing a proper security posture requires resources you may not have in your budget. But you have no choice. For long-term success in either a business or governmental environment, organizations must implement a comprehensive, effective cybersecurity plan. Think of it this way: cybersecurity is like air; we all need a lungful at frequent, regular intervals.


Desmond Tutu once said, there is only one way to eat an elephant: a bite at a time. Improving your overall security posture won’t happen overnight, but your IT professionals must embrace urgency because waiting for tomorrow represents an unacceptable risk.


Operational Security Risk Exposure for Organizations

To reduce cybersecurity risk, every organization needs its IT department to assess overall systems security and search for:


  • Inadequate vulnerability management
  • Compliance gaps in standard operating protocols, procedures, and policies
  • Lack of adequate data protection with network devices and/or endpoints to mitigate data loss
  • Exposure from email and web downloads through phishing exploits inadequate risk mitigation plans. 


Nine Suggestions for Defending Your Organization against Cybercrime or Cyberwarfare

1. Adhere to compliance guidelines for your industry: Following a broad set of compliance standards helps mitigate the risk that could be incurred by employees, vendors, processes, or technology. These guidelines hold organizations accountable, and it is vital to adhere to compliance guidelines. If there are no mandated compliance guidelines for your industry, your best option is to implement Center for Internet Security (CIS) Controls. The CIS Controls (formerly known as Critical Security Controls) are a recommended set of actions for cyber defense that provide specific and actionable ways to stop today’s most pervasive and dangerous attacks.


2. Monitor 24/7/365 to proactively detect and protect against cyberthreats: Since you can’t predict when and where breaches will occur, your attack surface and those of your third-party vendors need continuous monitoring. It is no longer sufficient to run vulnerability scans annually or even quarterly. Your organization needs to continuously monitor system vulnerabilities and employee, contractor, and vendor behavior.


3. Use automated tools to identify potential threats: As the COVID-19 pandemic continues to impact how and where people work, your IT processes, technology and staff must use automated tools to detect misconfigured software and open ports, identify the vulnerabilities that need immediate patching, and quickly remediate all high-risk threats.


4. Minimize human error: People make mistakes. They click on links and download files they shouldn’t. No matter how many steps an organization takes to mitigate risk, employees need continual education to reduce the likelihood of an incident occurring by accident or oversight. People need to be made aware of security controls in place and be trained to operate safely within the current threat landscape.


5. Minimize transfer of data: As employees work from home, the perceived need to transfer CUI (controlled unclassified information) or PHI (protected health information) data from person-to-person and device-to-device increases. Personal devices and unsecure networks may expose your sensitive data to hackers. Use software specifically designed to determine where data resides on system endpoints and track it when in motion between devices.


6. Monitor the Dark Web: Compromised proprietary data can be financially and reputationally damaging. Saving sensitive information on unsecured devices, transmitting data over unsecured internet connections, and sharing data with non-compliant vendors can result in data breaches. Constantly monitor the Dark Web to detect your data for sale and immediately undertake appropriate remediation steps when identified. Software that monitors where your data lies will lower the risk of data exfiltration.


7. Use strong passwords: As simple as it may seem, using strong passwords is a foundation of good cyber hygiene. Studies show that 62% of internal data breaches are caused by compromised credentials. Mandate regular password changes and train your employees never to write them down or share them with others.


8. Conduct regular security audits: Put measures in place to review and assess your company’s security posture. Ensure that your current security, compliance, and integrity systems are working effectively to identify and remediate vulnerabilities. Regular audits and scans will give you peace of mind knowing your company’s data is safe.


9. Encrypt your data: Never send sensitive data unencrypted. Additionally, to protect against hackers, the data you store in databases and on servers also needs to be encrypted.


The need for effective cybersecurity is clear. The threat is present. The danger of cybercrime, cyberthreats and exploits is real. Businesses and government organizations simply cannot afford a lapse in vigilance. Organizations, their leaders, board of directors, and trusted advisors must achieve sustained and measurable cyber-resilience programs to actively address cyberattacks. 

When searching for IT solutions, prioritize technology that is simple to implement and significantly reduces your attack surface, minimizing repetitive laborious tasks, enabling you to establish replicable processes that can be easily deployed within your organization. Succeed in this, and you just may discover the elephant is neither as large, nor as intimidating, as previously thought.




KEYWORDS: cyber security espionage insurance ransomware risk management

Share This Story

Looking for a reprint of this article?
From high-res PDFs to custom plaques, order your copy today!

Sanjaya Kumar is CEO of SureShield, Inc., a cybersecurity company. Kumar has more than 25 years of compliance and security experience.  He can be reached at skumar@sure-shield.com.

Recommended Content

JOIN TODAY
To unlock your recommendations.

Already have an account? Sign In

  • Security's Top Cybersecurity Leaders 2024

    Security's Top Cybersecurity Leaders 2024

    Security magazine's Top Cybersecurity Leaders 2024 award...
    Cybersecurity
    By: Security Staff
  • cyber brain

    The intersection of cybersecurity and artificial intelligence

    Artificial intelligence (AI) is a valuable cybersecurity...
    Cyber Tactics Column
    By: Pam Nigro
  • artificial intelligence AI graphic

    Assessing the pros and cons of AI for cybersecurity

    Artificial intelligence (AI) has significant implications...
    Logical Security
    By: Charles Denyer
Manage My Account
  • Security eNewsletter & Other eNews Alerts
  • eMagazine Subscriptions
  • Manage My Preferences
  • Online Registration
  • Mobile App
  • Subscription Customer Service

More Videos

Sponsored Content

Sponsored Content is a special paid section where industry companies provide high quality, objective, non-commercial content around topics of interest to the Security audience. All Sponsored Content is supplied by the advertising company and any opinions expressed in this article are those of the author and not necessarily reflect the views of Security or its parent company, BNP Media. Interested in participating in our Sponsored Content section? Contact your local rep!

close
  • Sureview screen
    Sponsored bySureView Systems

    The Evolution of Automation in the Command Center

  • Crisis Response Team
    Sponsored byEverbridge

    Automate or Fall Behind – Crisis Response at the Speed of Risk

  • Perimeter security
    Sponsored byAMAROK

    Why Property Security is the New Competitive Advantage

Popular Stories

Rendered computer with keyboard

16B Login Credentials Exposed in World’s Largest Data Breach

Verizon on phone screen

61M Records Listed for Sale Online, Allegedly Belong to Verizon

Security’s 2025 Women in Security

Security’s 2025 Women in Security

Red spiderweb

From Retail to Insurance, Scattered Spider Changes Targets

blurry multicolored text on black screen

PowerSchool Education Technology Company Announces Data Breach

2025 Security Benchmark banner

Events

July 17, 2025

Tech in the Jungle: Leveraging Surveillance, Access Control, and Technology in Unique Environments

What do zebras, school groups and high-tech surveillance have in common? They're all part of a day’s work for the security team at the Toledo Zoo.

August 7, 2025

Threats to the Energy Sector: Implications for Corporate and National Security

The energy sector has found itself in the crosshairs of virtually every bad actor on the global stage.

View All Submit An Event

Products

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products

Related Articles

  • supply-chain-1170x658freepik.jpg

    Clear and present danger: SaaS supply chain attacks

    See More
  • cyber_enews

    Is Cybercrime Just a Cost of Doing Business?

    See More
  • 3 Steps for Timely Cyber Intrusion Detection

    Cybercrime on the rise: Plotting a way forward

    See More

Related Products

See More Products
  • physical security.webp

    Physical Security Assessment Handbook An Insider’s Guide to Securing a Business

  • Whitepaper-Social-Media-3.gif

    Optimizing Social Media from a B2B Perspective

  • security culture.webp

    Security Culture: A How-to Guide for Improving Security Culture and Dealing with People Risk in Your Organisation

See More Products
×

Sign-up to receive top management & result-driven techniques in the industry.

Join over 20,000+ industry leaders who receive our premium content.

SIGN UP TODAY!
  • RESOURCES
    • Advertise
    • Contact Us
    • Store
    • Want More
  • SIGN UP TODAY
    • Create Account
    • eMagazine
    • eNewsletter
    • Customer Service
    • Manage Preferences
  • SERVICES
    • Marketing Services
    • Reprints
    • Market Research
    • List Rental
    • Survey/Respondent Access
  • STAY CONNECTED
    • LinkedIn
    • Facebook
    • YouTube
    • X (Twitter)
  • PRIVACY
    • PRIVACY POLICY
    • TERMS & CONDITIONS
    • DO NOT SELL MY PERSONAL INFORMATION
    • PRIVACY REQUEST
    • ACCESSIBILITY

Copyright ©2025. All Rights Reserved BNP Media.

Design, CMS, Hosting & Web Development :: ePublishing