Cyber Crime has been up 600% Since COVID-19. Is Your Data Secure?

 

The Covid-19 pandemic affected the world in many ways, not the least of which was a dramatic increase in cyber hacks and breached data. Cybercrime is, in fact, up nearly 600% since the pandemic started (1). Businesses of all sizes are being hurt in the process, and 43% of all data breaches involving small businesses (2) will struggle to recover. Unfortunately, many companies ’don’t have up-to-date cyber security protocols in place because they either ’don’t know how vital it is or ’don’t know how they should protect themselves. As a result, companies across all industries are at risk, not just technologically driven businesses. This article will give you the data and statistics showing how and why cybercrime has increased and what your company can do to protect its data.



What Is Cybersecurity?


Cybersecurity refers to how close to breaching your security and how able a hacker is to your organization or ’company’s data. Unfortunately, many organizations ’don’t apply security patches as they are released. Security patches are fixes to software or operating systems that can protect or safeguard against hacking or software viruses spreading. When security patches come out and are not applied, hackers can learn how vulnerable your company is and how they can hack into your system. In addition, every time a security patch comes out, it highlights all security issues it is fixing, giving the hackers even more ways to get to your data.



Background Information on Cybersecurity Statistics for 2022

 

I’ve compiled this information to show why it is essential to address your data protection and cybersecurity practices today, not tomorrow. Furthermore, you will discover that having Oracle Maximum Availability Architecture (MAA) implemented within your environment also enables you, by default, to be protected against some types of cyber threats without requiring any changes to your Oracle Databases. On top of MAA, it is also recommended to take a closer look at Oracle Maximum Security Architecture (MSA) as no single product or option fully secures your database; consequently, your data will require a combination of several technologies working together to enable you to fully secure your data (on rest and at transit).

 

5% of companies are adequately protected from cyber hacks (3), so almost everyone has something to learn. Moreover, cyber-attacks are not just violating your ’company’s information but are costly and affect your bottom line. For example, on average, when email is compromised, it costs $24,439 per case (4), and the chances are rising yearly. Below we have listed the most common cyber-attack trends and what they mean.

 

  • Ransomware  It is a form of malware that comes from crypto virology. It affects individuals and companies as they are threatened with some personal information or data being leaked or by completely cutting your access to your data (by encrypting it) unless a ransom is paid. In 2018, ransomware rose by 350% (5), a trending form of cyber-attack that continues growing year after year. The troubling truth is that this threat becomes more dangerous every year, and many companies are at risk. What makes it worse is that many organizations do not have a proper backup or high availability strategy off-premises (like the cloud) that could help recover from this situation if necessary. It is also alarming how many organizations rely on storage replication technologies and snapshots as their primary options against a possible disaster and recovery scenario. This type of replication does not protect against ransomware as it encrypts files at the storage level; all replicas and snapshots would also be encrypted, in other words, making them unusable.
  • Network and database security vulnerabilities An organization’s network vulnerability can stem from an issue with the hardware, software, or processing system. It leads to a cyber threat infiltrating a system and often results in security, software, or data breach.
  • Malware Malware is software created by a hacker to damage or gain unauthorized access to a computer system or disrupt a company. Although malware can be found in texts and other online forums, 94% of malware is sent through email (4). In addition, mobile malware is undoubtedly on the rise, increasing by 500% in 2022 within Europe (6) and steadily rising ever since.
  • Social Engineering Attacks This refers to manipulating someone through online correspondence to gain sensitive information or data. It is also called human hacking as it preys on human vulnerabilities. 98% of all cybercrimes stem from social engineering (7).
  • Phishing Attacks Phishing attacks are a type of social engineering where the hacker starts by sending messages to the victim trying to extract sensitive information. The hacker then can spread malware or software containing viruses.
  • Pandemic Covid-19 sent many employees home to work remotely, many of which remain even with the world opening back up. This puts them at risk for cyber hacks and data breaches, and even cloud breaches are increasing substantially. Cyber skills were not necessary for employees in past years. Still, when cybercrime is rising, ’it’s essential to give employees the required knowledge to protect themselves, as almost 95% of cybersecurity breaches (in general, not only during the pandemic) were caused by human error (8). If your business employs remote workers, your company must protect them and their work, especially all possible interactions within your data or your network.

 

Between 2020 and 2025, IT analysts who cover cyber security expect that the spending forecast will reach well over 1 trillion dollars (9) on cybersecurity and services. This may seem like a high price, but when you consider what a breach does to share costs generally falling by 7.27% on average (10), it becomes clearer why this is so important.

 

Security in the Cloud

The need for cloud compatibility starts immediately when working on the cloud. Considering that cloud security is a shared responsibility, one should always consider (when required) the many regulatory frameworks and standards related to cloud security that is available for us to use, depending on your business jurisdiction and business requirements.

 

Some examples of industry-specific cloud security standards are:

 

  • PCI-DSSPCI-DSS (Payment Card Industry Data Security Standard) is a set of security requirements for all organizations that accept or manage credit or debit card information.
  • HIPAA HIPAA (Health Insurance Portability and Accountability Act) establishes guidelines for safeguarding all ’individuals’ electronic personal health information that a covered entity creates, uses, or maintains.
  • APRAAPRA (Australian Prudential Regulation Authority) operates on the assumption of zero trust concerning any emerging technology such as cloud computing. Therefore, those that use emerging technology must demonstrate that their compliance posture aligns with industry best practices.
  • GDPR GDPR (General Data Protection Regulation) is the European ’Union’s data protection and privacy regulation law focusing on eight fundamental rights individuals have over their data.

 

In addition to the industry-specific cloud security standards mentioned above, security-centric frameworks will also be covered. Security-centric frameworks are independent of legal and financial regulations but are robust guidelines that organizations can use to meet specific regulatory requirements. Some examples of centric frameworks are:

 

  • ISO-27001/ISO 27002The International Organization for Standardization developed the most known standard regarding information security and compliance. It was created to assist organizations in protecting sensitive data by implementing best practices.
  • ISO-27017It is an extension of the ISO-27001 that includes clauses specific to information security for cloud contexts.
  • ISO-27018This ISO standard tackles the security of Personal Identifiable Information (PII) in public cloud environments.
  • SOC The System and Organization Control is a type of audit for IT ’organizations’ administrative procedures.
  • NISTThe National Institute of Standards and Technology is a federal agency in the United States that produces specific standards and metrics to improve competitiveness in the technological and scientific sectors.
  • CIS Critical Security ControlsFormerly called the SANS Critical Security Control, these open source and consensus-based guidelines were created to help organizations secure their systems.

 

Next, in part II of this security article, I will discuss how you can protect your data by using Oracle MAA (Maximum Availability Architecture) and Oracle MSA (Maximum Security Architecture). Please review the part II of this post here.

 

Want to learn more?

 

Check these amazing contents about Oracle MAA and MSA available for you:

 

 

References:

 

  1. https://abcnews.go.com/Health/wireStory/latest-india-reports-largest-single-day-virus-spike-70826542
  2. https://smallbiztrends.com/2019/05/2019-small-business-cyber-attack-statistics.html
  3. https://www.varonis.com/blog/cybersecurity-statistics
  4. https://www.verizon.com/business/resources/reports/2019-data-breach-investigations-report.pdf
  5. https://www.industryweek.com/technology-and-iiot/article/22026828/cyberattacks-skyrocketed-in-2018-are-you-ready-for-2019
  6. https://www.techrepublic.com/article/mobile-malware-is-on-the-rise-know-how-to-protect-yourself-from-a-virus-or-stolen-data/#:~:text=Mobile%20malware%2C%20as%20we%20have,in%20Europe%20(Figure%20A).&text=Image%3A%20Proofpoint.,malware%20detections%20in%20February%202022.
  7. https://www.triskelelabs.com/blog/recent-developments-in-social-engineering-attacks-you-need-to-know#:~:text=According%20to%20recent%20statistics%2C%20more,through%20various%20ransoms%20and%20threats.
  8. https://blog.threatcop.com/top-5-cyber-attacks-and-security-breaches-due-to-human-error/
  9. https://cybersecurityventures.com/top-5-cybersecurity-facts-figures-predictions-and-statistics-for-2021-to-2025/
  10. https://www.forbes.com/sites/sergeiklebnikov/2019/11/06/companies-with-security-fails-dont-see-their-stocks-drop-as-much-according-to-report/?sh=43afc0ee62e0