Prevention, response, and recovery are the key to mitigating ransom threats in our daily lives.
Cyber attacks put everyone at risk by compromising the data that runs the world and cost companies millions of dollars. Simon Taylor, founder and CEO, HYCU, shares how organizations can take steps to prepare, react and recover from a breach without paying a ransom. Ransomware is the most significant cyber threatOpens a new window faced by private and government organizations. These organizations manage crucial data, from healthcare to education to infrastructure. Cybercriminals accessing and holding that data for ransom threaten our everyday activities and potentially our lives. The key to mitigating that threat is prevention, response and recovery. Data is our most valuable and exploitable asset. Our society relies on it to survive, and losing data costs money and reduces global security. Each company plays a role in the endeavor to secure this vital asset. How much damage do cyber attacks cause? Take a look at these statistics. Each time an organization pays a ransom, it emboldens cybercriminals. Being prepared to recover data in case of attack prevents the need for payments and removes the financial incentive for the hackers. See More: Five Cybersecurity Misconceptions Putting Organizations At Risk Hacking has become incredibly easy. Ransomware as a service means people don’t have to write code to execute an attack. With more bad actors out there, taking immediate precautions to protect your data is imperative. Organizations can take these steps to help prevent a breach: Training employees may be the most vital step. Stanford University research Opens a new window found that employee mistakes cause 88% of data breaches. Company leaders must take the time to educate their staff about phishing and other security threats and implement best practices to prevent them. With the current state of cybercrime, anti-intrusion measures matter. But don’t stop there. Prepare your organization to respond in the inevitable event of a breach. Breaches are expensive – the longer your system is down, the more it costs your organization in time, lost revenue and resources – not to mention the risk of being unable to access crucial data. But you can keep criminals from accessing your most valuable assets and set yourself up to recover and restore your data quickly with the right backup and recovery strategies. Let’s look at the necessary steps: Under the cloud shared responsibility model, in an enterprise that runs and manages its own IT infrastructure on-premise, IT staff is responsible for the security, as well as the applications and data that run on it. That means your cloud service stores your data but places the responsibility on you to protect it. Bringing in a third party to look after your data can ensure you have the proper steps and policies in place to recover lost data. When backing up your data, you need to understand where it is backed up and if you have immutable storage where no one can access it. One standard to adopt is the 3-2-1 rule: your data should be backed up three times on two different media (on an appliance and in the cloud, for example) with at least one backup offsite. You should also periodically check to ensure your critical information is, in fact, stored. Many companies may be surprised to learn they can’t recover their data, even if it is backed up. A backup system is only as strong as the recovery plan. Your data may be lost without one. If you are hacked and decide to pay the ransom, should the hacker actually return access, there is a significant amount of cleanup required, including removing hacked files and inspecting databases in addition to restoring the data. That process can cause extensive system downtime and drive up the costs of the attack. If you don’t pay a hacker, rebuilding your network from backups is not a quick operation without a restoration process. This process requires a pre-planned step-by-step procedure to retrieve and restore your data. This strategy significantly cuts the time needed to get your system up and running. You might consider three restoration infrastructures: software, appliance, or Backup as a Service (BaaS). Using software involves in-house deployment of backup software. Third-party appliances combine the software and hardware components necessary to back up data within one device. Backup as a Service provides automated, no-maintenance backups. Each infrastructure has its pros and cons, but Backup as a Service can make a recovery from offsite backups faster and simpler than the other solutions. It also reduces the amount of regular backup maintenance required from your organization’s IT department. Your disaster recovery process is not a set-it-and-forget-it strategy. You need to write out the plan. Set a schedule to update the process based on business needs and IT environment changes. Don’t forget to test it to ensure you can execute the plan during a worst-case scenario. For the cyber ecosystem to work together to stop global cybercrime, organizations need to focus on quantifying what steps they can and should take to avoid paying a ransom. There are multiple free services available to evaluate your company’s readiness to respond to an attack, that identify gaps in backup and recovery processes so you can address them. We are all in this fight together. Ensuring you can recover your data without paying a ransom saves you significant time and money and removes the incentive for criminals to continue their attacks. It will take all of us to end the global scourge of ransomware and make the world a safer place for everyone. How are you upgrading your cyber attack response strategy? Tell us on FacebookOpens a new window , TwitterOpens a new window , and LinkedInOpens a new window .
Kids, it’s time to have “the talk” with your parents and grandparents. Cybercrime cost Americans over 50 nearly $3 billion last year, a whopping 62% increase from 2020, according to the FBI’s 2021 Elder Fraud Report. In fact, the number of victims could be much higher, as seniors are also less likely to report fraud, says the FBI. This is supported by figures from the FTC, which show that while 44% of younger people in their 20’s reported losing money to fraud, only 20% of those in their 70’s did the same. The risks are wide-ranging, from fraudulent phone calls to phishing attempts via email, texts to social media messages, or shopping scams designed to dupe seniors out of their savings. The pandemic played a role here, too, believes Michael Jabbara, Visa’s vice president and global head of fraud services. “It’s no surprise we’ve seen a massive shift over the years towards digital transactions, but with this shift there’s also an increase focus from fraudsters,” says Jabbara. “This is especially true for elder individuals who may be a target because of a lack of technical sophistication and because they don’t always report these crimes to authorities.” Jabbara says “grandparent scams” are still a popular attack method. “This is where a fraudster spoofs a relative’s phone number and sends a message asking for money due to a medical emergency or text books, or whatever the case may be,” he said Jabbara says Visa has invested more than $9 billion in anti-fraud measures over the over the last five years, including the use of artificial intelligence and advanced data analytics, “to ensure we’re keeping our network safe and secure across the globe.” “Fraudsters are able to glean those personal details the grandparent posted pictures on Facebook or Instagram, allowing them to craft a very believable message,” Jabbara said. “Or in other cases, a family member’s account is hacked and a fraudster gets access to their email, they’ll target an elder family member with a similar plea for money or help. They play on their emotions.” Seniors also pay out more. Disturbing data published by cybersecurity company Comparitech shows that while the average loss from those in their ‘was $324, it jumps to $426 for victims in their 60’s, $635 among 70-somethings, and a staggering median loss of $1,300 among those in their 80’s. Daniel Markuson, digital privacy expert with NordVPN, a leading Virtual Private Network (VPN) provider, see below, says its recent survey found that 84% of Americans have experienced a form of “social engineering,” where fraudsters attempt to fool you into divulging confidential or personal information. “Phishing scams are one of the most common tactics among cybercriminals, designed to trick people into clicking on links that download malicious files often containing a virus,” explains Markuson. “So, one of the main tips we have for seniors is to be cautious and question everything they receive from unknown senders.” Markus says often there are grammar mistakes in the email you received, a sense of urgency to confirm your details, or a strange-looking email domain. When it comes to protecting our loved ones, letting them know about these risk plays a big role. Jabbara says one of the best practices to fight back is to have a “tech check-in” with aging relatives, to go over these assorted tips. Share with care: Limit how much personal information you share online. Set your social media profiles to private. If someone asks to connect with you on social media, only accept their request if you know them. Be wary of “emergencies”: Your family or friends can easily be hacked to send out emails or text messages claiming to be urgently in need of cash or gift cards, scamming you out of money or gift cards. When in doubt, just ask: If you really think it could be your daughter or grandson reaching out, don’t confirm by replying to the message you received. Instead, reach out in another fashion, such as calling them. Chances are, it’s fake. Block and report the fraudulent message. Lock your devices: Use a passcode or fingerprint to lock your phone or tablet. If you have a computer, use a strong password that’s at least 12 characters long. Shop safer: Always use a secure Internet connection when making a purchase. Reputable websites use technologies such as SSL (Secure Socket Layer) that encrypt data during transmission. You will see a little padlock icon in your browser(and usually “https” at the front of your address bar to confirm it’s a secure connection. Only shop on sites that take secure payment methods, such as credit cards. Enable multifactor authentication: When it comes to logging into your online accounts, add a second layer of defense by enabling multifactor authentication, sometimes referred to as “two-factor authentication.” This means you not only need a password or passcode (or biometrics logon, like a fingerprint of facial scan) to confirm it’s you, but also a one-time code you’ll receive on your mobile phone to type in. Install good cybersecurity software: Just as you wouldn’t leave the front door to your home unlocked, you shouldn’t let your tech be vulnerable to attacks, whether it’s a virus or other malicious software, called “malware,” that sneaks onto your device or caused by being tricked into giving out sensitive information. Good antimalware that’s updated often can identify, quarantine, delete and report any suspicious activity coming into your computer or flag sensitive info going out. “Seniors have more important things to do than worry about than being protected online,” says Gagan Singh, executive vice president and chief product an revenue officer for cybersecurity company McAfee. A just-announced tool called McAfee+, from $49.99/first year, then $139.99/year after that, was created to make it easy for everyone to confidently live life online no matter how much or little they know about technology and online threats including identity theft. “Our new product lineup includes tools that help people prevent identity theft and credit fraud, including credit monitoring, credit lock, removing their personal data online, identity monitoring, and website safety notifications,” says Singh. Resist free wireless Internet at, say, a coffee shop or in an airport. It’s best to wait until you’re on a secured Internet connection at home, or use your smartphone as a personal hotspot, which is safer than public Wi-Fi. If you must use a hotspot, never conduct any financial transactions – like online banking, trading or shopping – as you never know if your information is being tracked and logged. A VPN conceals your online identity by using encryption technology, therefore what you do and where you go online cannot be seen by your service provider, the government, search engine, browser company, social media sites, advertisers and malicious types. “VPN is an easy-to-use tool that helps users to make sure their network is secure at all times,” confirms Markuson. “For seniors, who sometimes find it hard to keep up with latest technology and cybersecurity trends, it is a perfect solution [as] VPN not only helps to stay safe while using public Wi-Fi, it also make sure user’s private data is safe from snooping.” NordVPN can be purchased starting at $3.69/month with a two-year subscription that includes three months for free. Follow Marc on Twitter for his “Tech Tip of the Day” posts: @marc_saltzman. Email him or subscribe to his Tech It Out podcast. The views and opinions expressed in this column are the author’s and do not necessarily reflect those of USA TODAY.
Expert insights, analysis and smart data help you cut through the noise to spot trends, risks and opportunities. Join over 300,000 Finance professionals who already subscribe to the FT. OR BEST VALUE – SAVE 20% Then ₹5,667 every 3 months Sign in Check if your university has an FT membership to read for free. We use cookies and other data for a number of reasons, such as keeping FT Sites reliable and secure, personalising content and ads, providing social media features and to analyse how our Sites are used. International Edition
Blockbuster hacks are no longer the norm – causing problems for companies trying to track down small-scale crime Cybercrime is often thought of on a relatively large scale. Massive breaches lead to painful financial losses, bankrupting companies and causing untold embarrassment, splashed across the front pages of news websites worldwide. That’s unsurprising: cyber events typically cost businesses around $200,000, according to cybersecurity firm the Cyentia Institute. One in 10 of those victims suffer losses of more than $20 million, with some reaching $100 million or more. That’s big money – but there’s plenty of loot out there for cybercriminals willing to aim lower. In 2021, the Internet Crime Complaint Center (IC3) received 847,376 complaints– reports by cybercrime victims – totaling losses of $6.9 billion. Averaged out, each victim lost $8,143. Many identity thefts and online scams, however, net perpetrators even less: just a few hundred dollars. For just $25, cybercriminals can purchase a cloned VISA or Mastercard, plus its PIN. That card data opens a treasure trove for criminals, including locally purchasing gift cards, or other fencible commodities such as electronics and jewelry sold off at a discount. “Criminals have two primary goals: making money and staying out of harm’s way,” says Nick Biasini, head of outreach at Cisco Talos. Cybercrime provides an attractive avenue for both. “The inherent risk associated with committing cybercrime-fueled fraud is far lower than selling drugs or other types of crime. Additionally, the margins are far better. A criminal can turn a small investment into big profits simply from buying stolen information and using it to commit some form of fraud. During the pandemic unemployment fraud has been a lucrative favorite of criminals. Plus by keeping the monetary values lower they are less likely to draw the attention of state and federal authorities.”
A growing problem for local law enforcement
Cyber criminals can attack virtually anyone from virtually anywhere, and cybercrime as a service, where the non-technically minded can hire tools to hack accounts without any specialist knowledge, has become commonplace. Even organized crime syndicates in Spain and Italy are getting into the game.
Federal authorities, usually alerted by IC3, put their scarce resources toward solving large-scale crimes. They work with financial institutions or corporations most impacted by specific breaches. This means the majority of crimes – with their far smaller paydays – tend to fly under the radar.
A look at the data
But some companies are tracking the rise of small-scale cybercrime. Cisco Talos analyzes data to spot trends that help its incident response team alert customers to potential cybersecurity attacks, and then respond and recover to breaches rapidly.
It has found while drug felonies over the last eight years dropped drastically, before stabilizing during the pandemic, cybercrime has shot up. From 2015 to 2021, the number of reported cybercrimes nearly tripled, and losses soared nearly fivefold.
“Criminals today have a far better technical understanding then they did five or ten years ago,” says Biasini. “Additionally, it shows how they really understand inherent risk, it’s just safer to commit fraud and cybercrime than it is to sell drugs. As an added bonus, they also have become proficient in cryptocurrencies, providing alternative avenues for purchasing illicit goods and money laundering.”
Source: New York Police Department
Source: IC3 2021 Internet Crime Report
An evolving challenge
If this trend continues, the emerging wave of cybercrime will look less like epic breaches and more like scamming citizens out of their tax return or signing them up for fraudulent unemployment benefits. Those two crimes already rank in the top five of identity theft types for 2021, with unemployment scams leading the pack.
How, then, can we expect local law enforcement to possibly keep up? After all, they’re already busy policing and prosecuting what most people consider ‘real world’ crimes. Cybercrime is an entirely different problem. It requires pouring over data both from the criminal themselves and the victims they target with their fraud, trying to somehow build a solid, forensically sound case.
“Cisco Talos has always worked closely with local, state, and federal law enforcement organizations to help them succeed in their tasks,” says Biasini. “We are always willing and able partners to help take cybercriminals off the streets. We provide law enforcement with information we uncover during our investigations and oftentimes lend our people, processes, and technologies to help investigations already underway.”
One solution is for local law enforcement to identify staffers in their ranks with an aptitude for online sleuthing. Cybercrime units are perfect for people who have a research bent, because digital detective work is a big part of the job.
Another alternative forces are pursuing is recruiting young people from computer science programs, or tasking high schools with helping train up a new generation of defenders with the mentality and skills to turn what today is a sideline for police into a mainline function. It’s already happening worldwide: in the UK, a $7 million government program led to the creation of cybercrime units in every police force in England and Wales.
And we’re seeing it here too in the United States. Several organizations have stepped up as resources for law enforcement. Every state has at least one agency devoted to helping police fight cybercrime. And the National Computer Forensics Institute offers courses, both in-person and virtual, to train basic and advanced examiners, first responders, and prosecutors and judges.
It’s all in the aim of trying to crack down on small time cybercrime, preventing the small leaks that turn into a torrent of losses that we know about from thousands of years of history.
People have been swindled since before man created monetary systems. These aren’t new crimes; just new ways to commit them. But as cybercrime increasingly goes small-time, those on the front lines will need new and more effective ways to fight it.
Read the detailed blog on the shifting trends in small time cybercrime in Nick’s blog here. Click here to get to know Cisco Talos, the industry-leading threat intelligence group fighting the good fight.
A growing problem for local law enforcement Cyber criminals can attack virtually anyone from virtually anywhere, and cybercrime as a service, where the non-technically minded can hire tools to hack accounts without any specialist knowledge, has become commonplace. Even organized crime syndicates in Spain and Italy are getting into the game. Federal authorities, usually alerted by IC3, put their scarce resources toward solving large-scale crimes. They work with financial institutions or corporations most impacted by specific breaches. This means the majority of crimes – with their far smaller paydays – tend to fly under the radar. A look at the data But some companies are tracking the rise of small-scale cybercrime. Cisco Talos analyzes data to spot trends that help its incident response team alert customers to potential cybersecurity attacks, and then respond and recover to breaches rapidly. It has found while drug felonies over the last eight years dropped drastically, before stabilizing during the pandemic, cybercrime has shot up. From 2015 to 2021, the number of reported cybercrimes nearly tripled, and losses soared nearly fivefold. “Criminals today have a far better technical understanding then they did five or ten years ago,” says Biasini. “Additionally, it shows how they really understand inherent risk, it’s just safer to commit fraud and cybercrime than it is to sell drugs. As an added bonus, they also have become proficient in cryptocurrencies, providing alternative avenues for purchasing illicit goods and money laundering.” Source: New York Police Department Source: IC3 2021 Internet Crime Report An evolving challenge If this trend continues, the emerging wave of cybercrime will look less like epic breaches and more like scamming citizens out of their tax return or signing them up for fraudulent unemployment benefits. Those two crimes already rank in the top five of identity theft types for 2021, with unemployment scams leading the pack. How, then, can we expect local law enforcement to possibly keep up? After all, they’re already busy policing and prosecuting what most people consider ‘real world’ crimes. Cybercrime is an entirely different problem. It requires pouring over data both from the criminal themselves and the victims they target with their fraud, trying to somehow build a solid, forensically sound case. “Cisco Talos has always worked closely with local, state, and federal law enforcement organizations to help them succeed in their tasks,” says Biasini. “We are always willing and able partners to help take cybercriminals off the streets. We provide law enforcement with information we uncover during our investigations and oftentimes lend our people, processes, and technologies to help investigations already underway.” One solution is for local law enforcement to identify staffers in their ranks with an aptitude for online sleuthing. Cybercrime units are perfect for people who have a research bent, because digital detective work is a big part of the job. Another alternative forces are pursuing is recruiting young people from computer science programs, or tasking high schools with helping train up a new generation of defenders with the mentality and skills to turn what today is a sideline for police into a mainline function. It’s already happening worldwide: in the UK, a $7 million government program led to the creation of cybercrime units in every police force in England and Wales. And we’re seeing it here too in the United States. Several organizations have stepped up as resources for law enforcement. Every state has at least one agency devoted to helping police fight cybercrime. And the National Computer Forensics Institute offers courses, both in-person and virtual, to train basic and advanced examiners, first responders, and prosecutors and judges. It’s all in the aim of trying to crack down on small time cybercrime, preventing the small leaks that turn into a torrent of losses that we know about from thousands of years of history. People have been swindled since before man created monetary systems. These aren’t new crimes; just new ways to commit them. But as cybercrime increasingly goes small-time, those on the front lines will need new and more effective ways to fight it. Read the detailed blog on the shifting trends in small time cybercrime in Nick’s blog here. Click here to get to know Cisco Talos, the industry-leading threat intelligence group fighting the good fight. Chris Stokel-Walker is a freelance technology and culture journalist and author of “YouTubers: How YouTube Shook Up TV and Created a New Generation of Stars.” His work has been published in The New York Times, The Guardian and Wired. To give you the best possible experience, this site uses cookies. If you continue browsing. you accept our use of cookies. You can review our privacy policy to find out more about the cookies we use.
Most Popular You’re asked about the biggest cybersecurity threats faced by business – which ones spring to mind first? Maybe it’s relentless ransomware attacks, with cyber criminals encrypting networks and demanding vast sums for a decryption key – even from hospitals. Or maybe it’s a sneaky malware attack, which lets hackers hide inside the network for months on end, stealing everything from usernames and passwords to bank details. Both of these are on the list, for sure. These are awful attacks to experience and can cause terrible damage. But there’s another much simpler form of cyber crime that makes scammers the most money by far – and doesn’t get much attention. The scale of business email compromise (BEC) attacks is clear: according to the FBI, the combined total lost to BEC attacks is $43 billion and counting, with attacks reported in at least 177 countries. SEE: The next big security threat is staring us in the face. Tackling it is going to be tough What makes BEC such a rich opportunity for scammers is there’s rarely a need to be a highly skilled hacker. All someone really needs is a laptop, an internet connection, a bit of patience – and some nefarious intent. At the most basic level, all scammers need to do is find out who the boss of a company is and set up a spoofed, fake email address. From here, they send a request to an employee saying they need a financial transaction to be carried out quickly – and quietly. It’s a very basic social-engineering attack, but often, it works. An employee keen to do as their boss demands could be quick to approve the transfer, which could be tens of thousands of dollars or more – particularly if they think they’ll be chastised for delaying an important transaction. In more advanced cases, the attackers will break into the email of a colleague, your boss or a client and use their actual email address to request a transfer. Not only are staff more inclined to believe something that really does come from the account of someone they know, scammers can watch inboxes, wait for a real financial transaction to be requested, then send an email from the hacked account that contains their own bank details. By the time the victim realises something is wrong, the scammers have made off with the money and are long gone. What’s most challenging about BEC attacks is that while it’s a cyber crime that is based around abusing technology, there’s actually very little that technology or software can do to help stop attacks because it’s fundamentally a human issue. Anti-virus software and a good email spam filter can prevent emails containing malicious links or malware from arriving in your inbox. But if a legitimate hacked account is being used to send out requests to victims using messages in emails, that’s a problem – because as far as the software is concerned, there’s nothing nefarious to detect, and it’s just another email from your boss or your colleague. And the money isn’t stolen by clicking a link or using malware to drain an account – it’s transferred by the victim to an account they’ve been told is legitimate. No wonder it’s so hard for people to realise they’re making a mistake. SEE: Brazen crooks are now posing as cybersecurity companies to trick you into installing malware But victim blaming isn’t the answer and isn’t going to help – if anything, it will make the problem worse. What’s important in the battle against BEC attacks is ensuring that people understand what these attacks are and to have processes in place that can prevent money being transferred. It should be explained that it’s very unlikely that your boss will email you out of the blue asking for a very urgent transfer to be made with no questions asked. And if you do have concerns, ask a colleague – or even talk to your boss to ask if the request is legitimate or not. It might seem counterintuitive, but it’s better to be safe than sorry. Businesses should also have procedures in place around financial transactions, particularly large ones. Should a single employee be able to authorise a business transaction valued at tens of thousands of dollars? Probably not. Businesses should ensure multiple people have to approve the process – yes, it might mean transferring finances takes a little longer, but it will help ensure that money isn’t being sent to scammers and cyber criminals. That business deal can wait a few more minutes. Technology can help to a certain extent, but the reality is these attacks exploit human nature. ZDNet’s Monday Opener is our opening take on the week in tech, written by members of our editorial team.
| Source: ReportLinkerReportLinker Lyon, FRANCE New York, Feb. 23, 2023 (GLOBE NEWSWIRE) — Reportlinker.com announces the release of the report “Global Defense Cyber Security Market Size, Share & Industry Trends Analysis Report By Deployment, By Type, By Offering, By Application, By Regional Outlook and Forecast, 2022 – 2028” – https://www.reportlinker.com/p06422353/?utm_source=GNW
Presently, cyber threats are more persistent, smarter and concentrated on high-value assets, which have increased the demand for a strong and high-tech cyber security system for defense industry. Furthermore, the growing risk of the cyber threat to critical infrastructures by criminal organizations and the technological enhancement in the cyber security industry is the major driving factor in its increased utilization throughout defense organizations.
A more connected defense & intelligence world would ensure that the soldiers get information with precision and in less time. But increased connectivity also means more ways for cyberattacks, data leaks, and other breaches in IT (information & technology) security. This remains the issue at the crux of modern cybersecurity problems. However, technological developments would give organizations more techniques and tools to protect themselves from any significant cyberattack on their networks. Various cybersecurity companies are introducing new and enhanced products which can aid cybersecurity professionals in defending legacy and cloud networks, which can help the defense forces to work soundly while keeping their networks safe.
COVID-19 Impact
Organizations are speeding up their digital transformation and cyber security as much of the work starts to get online. With this, the operational, legal, reputational, and compliance implications would be significant if the cybersecurity risk is neglected. Out of these organizations, defense is among the top most sector to adopt cyber security solutions to safeguard their confidential data from cyberattacks. Many governments have increased funding for adopting cyber security in the military, which aids the government & military in blocking any upcoming threats and sharing intelligence about the cyber activity. The defense’s increasing adoption of cyber security to secure their database and information has propelled the market growth during the pandemic.
Market Growth Factors
Rising IT expenditure for defense
Defense IT expenses are on the surge across many developed nations. The growth of IT software, hardware, and services has implemented several changes in the defense sector, including live combat surveillance, superiority in air & space, smart weapons and battlefield management in network-centric environments, and force multipliers-related software. In addition, implementing IT solutions has become significant in defense operations due to the increasing evolution in the type and occurrence of attacks globally.
The rapidly increasing usage of autonomous aircraft
The rising number of artificial intelligence applications in aircraft may require reliable and high-tech defence cyber security solutions. New technological advancements like the maintenance capability are used to defend the aircraft’s onboard systems from cyber-attacks. These new systems aid in increasing the aircraft defence against cyber threats and give the flight-critical abilities to verify and install multiple software and mission data files onto the aircraft. This development of autonomous aircraft to protect them from cyberattack and ensures their proper operation while being efficient by the military is expected to boost the defence cybersecurity market’s growth.
Market Restraining Factors
Less awareness regarding cybersecurity
Against any intrusion by offenders, criminals, or antagonistic countries, the government workforce is the first line of defence. The internet has made it easier for the antagonist to attack any department, municipality, agency, or department of any nation. Nations with IT technology are easily targeted for malware infections or ransomware attacks. That is why attacker targets under-prepared government bureaucrats with malware, email phishing scams, or stolen passwords to enter and steal confidential government data or lock up critical systems needed for the services and operations. For instance, phishing scams utilize fake emails or text messages to lure individuals into clicking on sketchy website links to steal personal information.
Deployment Outlook
By deployment, the defense cyber security market is classified into on-premise and cloud. The cloud segment projected a prominent growth rate in the defense cybersecurity market in 2021. This is because cloud-based technology operates on remote system servers over the internet, which don’t require any dedicated server specialist for maintenance. The cloud-managed services are generally available as SaaS (security as a service) models with annual or monthly charges. These charges cover the monitoring, supervision of network servers, cloud storage for all data, backup recovery, system optimization, etc.
Type Outlook
On the basis of type, the defense cyber security market is divided into endpoint security, network security and content security. The endpoint security segment held the highest revenue share in the defense cyber security market in 2021. The growth is due to the increasing usage of behavioral and automation analysis for threat detection. These solutions are considered to be an essential asset of the defense sector. Also, many key players have started to invest heavily in these solutions. Hence, the rising investments, with the growing amount of data across different verticals within the defense sector have surged the segment’s market expansion in the forecasted period.
Offering Outlook
Based on offering, the defense cyber security market is bifurcated into solutions and services. The services segment held the highest revenue share in the defense cyber security market in 2021. This is due to their assistance in identifying vulnerabilities, ensuring security, and closing protection gaps, which work efficiently to prevent any cyber breach. With cyber security, organizations attain a synergistic balance from all three facets of defense in depth strategy, which are operation, people, and technology. This would support the market expansion in this segment.
Application Outlook
Based on application, the defense cyber security market is segmented into military, public utilities, communication networks and others. The military segment dominated the defense cyber security market with the maximum revenue share in 2021. This is because various defense groups can only operate efficiently if the information is shared securely. Using cyber security systems, the military can send messages, media, reports, and broadcasts while also being able to make secure calls. As a result, security officers may access needed information securely.
Regional Outlook
Region-wise, the defense cybersecurity market is analyzed across North America, Europe, Asia Pacific, and LAMEA. The North America region held the highest revenue share in the defense cyber security market in 2021. This is due to the robust presence of various market incumbents, combined with the region’s recent threats. The defense sector in many nations across the region are increasing their spending, which has surged the requirement for defense cyber security. As many developed countries depend on the internet for their daily work and various other operations, cybersecurity applications have increased and thereby boosted the market growth in the region.
The major strategies followed by the market participants are Partnerships. Based on the Analysis presented in the Cardinal matrix; AT&T, Inc., Intel Corporation and Cisco Systems, Inc. are the forerunners in the Defense Cyber Security Market. Companies such as Thales Group S.A., BAE Systems PLC, and IBM Corporation are some of the key innovators in Defense Cyber Security Market.
The market research report covers the analysis of key stake holders of the market. Key companies profiled in the report include Intel Corporation, AT&T Inc., IBM Corporation, BAE Systems plc, Thales Group S.A., DXC Technology Company, Cisco Systems, Inc., Raytheon Technologies, Corporation (Collins Aerospace), Lockheed Martin Corporation, Northrop Grumman Corporation.
Recent Strategies Deployed in Defense Cyber Security Market
Partnerships, Collaborations and Agreements:
Nov-2022: Raytheon Technologies came into collaboration with Microsoft, a global IT technology company. This collaboration would aim to upgrade the aerospace and defense businesses employees with cloud-based tools, technologies, and platforms to increase collaboration, enhance operations and discover insights that propel larger value for customers.
Nov-2022: Lockheed Martin signed an agreement with Microsoft, a global Information technology company. This agreement would aim to help power the next generation of technology for the Department of Defense. The agreement would operate in four critical areas that include Classified Cloud Innovations, 5G.MIL Programs, and Digital Transformation.
Oct-2022: Cisco announced a partnership with DGC, a company engaged in offering cybersecurity solutions. Under this partnership, the latest cybersecurity package consists of a subset of managed security services that had been created to deliver critical data protection and risk detection abilities with the potential of coping with emerging complex cyber threats in the region.
Oct-2022: Thales announced a partnership with Monaco Cyber Sécurité, the security player in the principality. Through this partnership, Thales would bring cyber incident feedback to customers in the zone and beyond.
Jun-2022: BAE Systems teamed up with Clavister, a Europe-based cyber security specialist. This collaboration would aim to enhance the cyber security of its CV90 IFV solution. Additionally, BAE Systems and Clavister integrated its battle-proven technology and years of specialization in cyber security with the new European research and developments in AI technology.
Mar-2022: Lockheed Martin teamed up with SpiderOak Mission Systems, a U.S.-based software company that creates cybersecurity products and solutions. In this collaboration, both collaborations are developing and testing a zero-trust cybersecurity platform to secure data in the space data supply chain.
Feb-2022: Northrop Grumman Corporation came into an agreement with Echodyne, the radar platform company. In this Agreement, the companies would work to determinate additional applications for Echodyne’s line of commercially advanced radars.
Jan-2022: IBM partnered with the Cybersecurity and Infrastructure Security Agency (CISA). In this partnership, IBM would participate as an Alliance partner in the Joint Cyber Defense Collaborative and its critical mission to build a coordinated and collective defense against cybercrime.
Dec-2021: IBM formed a partnership with Du, Emirates Integrated Telecommunications Company. Under this partnership, Du would leverage IBM’s security software and solutions across its Digital Trust portfolio and it’s Cyber Defense Centre.
Dec-2021: Thales partnered with Du, an Emirates Integrated Telecommunications Company. The team-up would make sure the DU aligns with Thales’ technology to improve the du Cybersecurity Defense Centre and Digital Trust offering. Data breaches evolving in frequency across the digital landscape and regulatory needs mandating related compliance.
Oct-2021: Raytheon Technologies collaborated with IBM, a global hybrid cloud and AI and business services provider. In this collaboration, both companies would develop artificial intelligence, quantum, and cryptographic solutions for the intelligence, defense, and aerospace industries, consisting of the federal government. Moreover, with the combined expertise of IBM’s breakthrough commercial research with Raytheon Technologies’ research plus defense and aerospace expertise, both companies would be able to solve challenges.
Jan-2021: Thales signed an agreement with TT Electronics, a provider of engineered electronics for performance-critical applications. Under this agreement, both companies would allow the future development of operational technology-based cybersecurity research and initiatives. This agreement makes sure TT delivers an additional level of security assurance for its aerospace, medical, industrial, and defense customers who rely on Thales’ to produce highly complex systems.
Feb-2020: Raytheon Company collaborated with IronNet Cybersecurity, Inc. a network security company that enables nations and enterprises to defend against emerging threats in real-time. The integrated solutions are created to be part of a combined defense portfolio for important infrastructure and national security systems and networks.
Product Launches and Expansions:
Oct-2022: BAE Systems unveiled the Viper Memory Loader Verifier II (MLV II), the latest version of maintenance ability that would decrease vulnerability to cyber-attacks for F-16 aircraft. This latest version of the product would consist of cyber-hardened aircraft mission capabilities with an open system architecture that decreases lifecycle costs.
Nov-2021: AT&T introduced a combined, controlled cybersecurity solution to help U.S. Federal agencies upgrade and secure their IT infrastructure in compliance with TIC 3.0 cybersecurity guidance. AT&T Government trusted Internet integrates and provides fiber connectivity, security capabilities, and software-defined wide area networking (SD-WAN) technology through a single provider.
Acquisitions and Mergers:
Oct-2022: Thales acquired S21sec, a European cybersecurity company based in Spain and Portugal, and Excellium, a European cybersecurity company based in Luxembourg and Belgium. Through this acquisition, Thales would add value to the company’s cyber solutions portfolio as well as make sure S21sec and Excellium customers from long-term continuity, improved high-performance solutions, and long-term continuity.
Jul-2022: Thales took over OneWelcome, a company involved in Customer Identity and Access Management. Under this acquisition, Thales would strengthen its leading place as a global cybersecurity player and a provider of trusted and secure digital identities.
Mar-2022: BAE Systems acquired Bohemia Interactive Simulations, a global software company at the forefront of simulation training solutions for military and civilian organizations. This acquisition would place BAE Systems to fulfill its customer’ evolving requirements in the quickly rising market for global military training and provide next-generation virtual systems to help the U.S. military and its allies successfully prepare for future scenarios.
Geographical Expansions:
Apr-2022: Thales expanded its business to Morocco by opening a Cyber Security Operations Center. This facility would offer real-time security against cyber-attacks in Morocco and across the African Continent. With this facility, Thales strengthen its position as a cybersecurity leader with the creation of the latest security operations center across the African continent.
Feb-2022: IBM opened a new cyber-security facility in Bengaluru, India. This expansion would address the issues of its clients across the Asia Pacific region and help enterprises plan for and manage the rising threat of cyberattacks to businesses. The Center would operate as a strategic hub for IBM’s cybersecurity activities in the region, consisting of IBM Research, IBM Garage, and IBM Consulting.
About Reportlinker ReportLinker is an award-winning market research solution. Reportlinker finds and organizes the latest industry data so you get all the market research you need – instantly, in one place.
Let Utility Dive’s free newsletter keep you informed, straight from your inbox.
Topics covered: smart grid tech, clean energy, regulation, generation, and much more. Topics covered: utility-scale storage, distributed storage, storage technologies, policy and regulations, and more. Topics covered: load mgmt, dynamic pricing, energy efficiency, and much more. In partnership with Topics covered: solar tech, business models, regulation and policy, distributed solar, utility solar. In partnership with Layered, automated, deep defenses for growing distribution system vulnerabilities will be tested by an NREL-private partnership. New utility cybersecurity strategies are needed to counter sophisticated intrusions now threatening the operations of an increasingly distributed power system’s widening attack surface, security analysts agree. There are cyber vulnerabilities in “every piece of hardware and software” being added to the power system, the September 2022 Cybersecurity and Infrastructure Security Agency, or CISA, Strategic Plan 2023-25 for U.S. cybersecurity reported. Yet 2022 saw U.S. utilities propose $29.22 billion for hardware and software-dependent modernizations, the North Carolina Clean Energy Technology Center reported Feb. 1. New hardware and software can allow malicious actors to have insider access through utilities’ firewalled internet technology to vital operations technology, cyber analysts said. “No amount of traditional security will block the insider threat to critical infrastructure,” said Erfan Ibrahim, CEO and founder of independent cybersecurity consultant The Bit Bazaar. “The mindset of trusted versus untrusted users must be replaced with a new zero trust paradigm with multiple levels of authentication and monitoring,” he added. Growing “distribution system entry points” make “keeping hackers away from operations infrastructure almost unworkable,” agreed CEO Duncan Greatwood of cybersecurity provider Xage. But distributed resources can provide “resilience” if a distributed cybersecurity architecture “mirrors” the structure of the distribution system where they are growing to “contain and isolate intrusions before they spread to operations,” he said. New multi-level cybersecurity designs can provide both rapid automated distributed protections for distributed resources and layers of protections for core assets, cybersecurity providers said. But the new strategies remain at the concept stage and many utilities remain unwilling to take on the costs and complexities of cybersecurity modernization, analysts said. Critical infrastructure is already vulnerable to insider attacks. The 2021 Colonial Pipeline shutdown started with a leaked password, according to public reports. A 2019-2020 attack known as SUNBURST and directed against U.S. online corporate and government networks went through SolarWinds and other software vendors, CISA acknowledged. And Russia’s 2015 shutdown of Ukraine’s power system was through authenticated credentials, likely using emails, CISA also reported. In 2021, there were ransomware attacks on 14 of the 16 U.S. “critical infrastructure” sectors, including the energy sector, the FBI reported. And new vulnerabilities allowed attacks that also caused data losses, disrupted network traffic, and even denial-of-service shutdowns, according to technological and research firm Gartner. Attacks on utility OT can come through distributed solar, wind and storage installations, employee internet accounts, smart home devices, or electric vehicles, Gartner, other analysts, and the May 2021 Biden executive order requiring improved power system cybersecurity agreed. Existing Critical Infrastructure Protection, or CIP, Reliability Standards established by the North American Electric Reliability Corporation, or NERC, are inadequate, a January 2022 Notice of Proposed Rulemaking from the Federal Energy Regulatory Commission said. They focus only on defending the “security perimeter of networks,” the commission said. “Vendors or individuals with authorized access that are considered trustworthy might still introduce a cybersecurity risk,” the rulemaking said. The RM22-3-000 proceeding will provide direction on how to update CIP standards to better protect utilities, federal regulators added. The most recent Biden administration and FERC initiatives focused on the power sector, though utilities and system operators declined to reveal information about vulnerabilities or actual attacks. There were an “all-time high” 20,175 new OT vulnerabilities in U.S. networks identified by cybersecurity analysts in 2021, according to a 2022 assessment by cybersecurity provider Skybox Security. And faster and more frequent exploitation of new vulnerabilities in 2021 showed “cyber-criminals are now moving to capitalize on new weaknesses,” it added. A December 2021 CISA Emergency Directive recognized exploitation of a vulnerability in the Apache Log4j tool that records and scans almost all communications between online systems, the Wall Street Journal reported at the time. Downloaded millions of times, it could allow attackers to send and execute malicious code and is unlikely to be “fully ‘fixed’ for years,” cybersecurity specialist Wei Chieh Lim blogged in May 2022. The Log4j vulnerability “was so trivial it was first exploited by Minecraft gamers,” showing utilities could be unaware of “hundreds, if not thousands, of vulnerabilities,” said CEO Tony Turner of cybersecurity provider Opswright. A software bill of materials, or SBOM — an inventory of all system components — could be a solution to vulnerabilities like Log4j, cyber analysts said. SBOMs were mandated by the May 2021 Biden executive order. And SBOM best practices and minimum requirements were added in a July 2021 National Telecommunications and Information Administration report. But SBOMs “are only one element” in the needed cybersecurity rethinking, consultant and provider Ibrahim said. Internet technology began with firewalls and outward-facing defenses, but new distributed power systems make penetrations into the outer layers of networks almost inevitable, Ibrahim and other cybersecurity analysts said. Only a multi-faceted cybersecurity architecture throughout a utility’s operations can protect both OT’s new distributed attack surface and its vital operational core, many agreed. The most common utility cybersecurity approach is compliance with NERC CIP standards, and possibly with narrower International Society of Automation, or ISA, 62443 standards, Opswright’s Turner said. But the NERC CIP standards are being reformed and ISA standards “are narrowly focused on vulnerabilities in automation and control systems,” Turner said. A new Department of Energy “cyber-informed engineering,” initiative may offer better cybersecurity for critical infrastructure, Turner said. It proposes to “engineer out” risk “from the earliest possible phase of design” of the OT system’s cyber-defense, which is “the most optimal time to introduce both low cost and effective cybersecurity,” DOE’s paper said. Utilities need to “close the gap” between IT and OT systems, said Skybox’s Senior Technical Director David Anteliz. But the “complexity of multi-vendor technologies” and “disjointed architectures across IT and OT” increase security risk, as do increased accesses by third parties for which “less than half” of utilities have policies, a Skybox November 2021 survey found. “I can guarantee you there are people doing things in the background at utilities now,” Anteliz said. “Skybox’s answer is automation of defense-in-depth and layered architecture, which provides ongoing monitoring, visibility, understanding and response to what needs to be secured and where,” he added. Segmentation in the design can isolate utility control rooms and make them “vaults,” Skybox’s 2022 vulnerability trends paper said. And automated aggregation of data and system information from “every corner of the network” can inform automated reactions and provide “ongoing oversight” that allows utilities to move “from reaction to prevention,” it added. Other cybersecurity analysts have designed detailed zero trust and defense-in-depth conceptual architectures that can be applied to the U.S. power sector. The first of “four functional levels of security” is basic “network hygiene,” by establishing user access rules and priority lists, use cases, and necessary transactions, the Bit Bazaar’s Ibrahim said. Properly applied interactions can be limited “to those who need to transact,” he said. The second level is a “signature-based intrusion detection system,” or IDS, which automates the established priority lists to limit accesses to “authenticated users and a valid use case,” he said. The third level is a “context-based” IDS, which expands on the access limitations by “blocking or flagging” inadequately authenticated transactions, Ibrahim said. Those IDS function “in stealth mode,” unseen even by insiders, but every network session is monitored, and any “departure from normal transactions and rules” terminates the session, he said. Utility security incident and event management systems detect and analyze all transactions, and respond to and report those questioned or terminated, Ibrahim said. The fourth level, “endpoint security,” is overseen by automated “hypervisor” software and has three layers of protection, Ibrahim said. An intrusion may “corrupt” target applications, but the “endpoint hardware” will be protected by the hypervisor and a “last gasp message” may allow a network edge mesh or network core defenses to avoid a “cascading” OT network failure, he added. Mesh “is a collaborative ecosystem of tools and controls” to protect a power system’s expanding perimeter of distributed resources and vulnerable third-party devices, according to Gartner. Its “distributed security tools” offer “enhanced capabilities for detection” and “more efficient responses” to intrusions, Gartner added. Mesh cannot eliminate insiders with “legitimate credentials,” which is why utility hardware- and software-dependent system modernizations “should have multi-layer defenses and every line of new code checked,” Ibrahim said. But “if a system is compromised at its edge, like at the level of smart meters or EV chargers, mesh can respond to avoid the compromise spreading,” he said. These conceptual architectures “can increase situational awareness and control,” but most utilities are still focused on complying with NERC CIP standards to avoid fines, Opswright’s Turner said. Many utilities argue that designed cyber-defense “complexities can slow and confuse system monitoring and responses,” and that the increased security does not justify the cost, he added. It is, however, “not clear there is a better choice,” because firewalling the coming power system’s potentially millions of distributed devices “is not practical,” he said. A hierarchical zero trust architecture with a firewalled core, a monitored middle layer of gateways protecting operations and a mesh at the network’s edge is the emerging consensus solution to comprehensive OT system security, Turner, Ibrahim and others agreed. But attacks are proliferating despite federal directives and mandates and proposed provider concepts, showing more work is needed, cyber-experts and power system stakeholders agreed. Work continues in the public and private sectors to develop zero-trust tools and technologies that will enable the conceptual architectures to better defend OT for the electric power and other sectors. The Clean Energy Cybersecurity Accelerator, or CECA, program from DOE’s National Renewable Energy Laboratory, launched in December, is a “sandbox” for innovative cybersecurity pilot projects. It will deploy and test strategies for addressing new power system vulnerabilities introduced by clean energy technologies, the CECA website said. “U.S. critical infrastructure is increasingly targeted by adversaries,” NREL Director, Cybersecurity Research Program, Jonathan White told a January 17 CECA planning webinar. Funded by the program’s utility sponsors, which include Duke Energy, Xcel Energy and Berkshire Hathaway, or BHE, solutions will be assessed using NREL’s Advanced Research on Integrated Energy Systems, “Cyber Range,” NREL scientists told the webinar. The Cyber Range is NREL’s proprietary, up-to-20 MW renewables-powered system integrated with distributed resources like electric vehicles and batteries and built for testing innovative technologies, according to NREL. First CECA demonstrations will test Xage, Blue Ridge Networks and Sierra Nevada Corp. cyber defense approaches. BHE wants to leverage NREL’s “rigorous testing,” to find “technical solutions” and effective “fast-track technologies” to improve cyber defenses, BHE Spokesperson Jessi Strawn said. CECA will allow utilities and solution providers to “stress-test disruptive security technologies,” and give “defenders” an opportunity to “get ahead of threat actors,” added a statement from BHE Director of Security and Resilience Jeffrey Baumgartner. Duke Energy is “regularly approached by vendors who have innovative technologies” and CECA is a way to “test them in a non-live environment,” said Duke spokesperson Caroline Portillo. The opportunity is especially valuable because the tests will be “at scale in a sandbox environment,” and will be followed by technical performance assessments by participating sponsor utilities, she added. Results of initial tests for authenticating and authorizing distributed energy resources integrated into OT environments “will be critical” as Duke and other utilities add those resources, Portillo said. “The point of the NREL program is to build a neutral ground for solution providers and utilities to collaborate on OT cybersecurity innovations,” said Xage CEO Greatwood. “Tech companies have been frustrated by the stately pace of change in the utility business,” he added. But if “end user utilities engage” in CECA, “tech companies will gain [an] understanding of their needs” and utilities can “obtain technical validation” of solutions, he added. “Xage already has utility customers,” but this is a chance for it to demonstrate how an automated, widely-present mesh defense like Xage Fabric works “in a zero trust cybersecurity architecture for OT environments,” Greatwood said. A system “is only as secure as its weakest link” and “the weakest link in power systems with millions of distributed resources is not very secure because it offers a lot of entry points for attackers,” he said. “Mesh architecture mirrors the distributed physical architecture” and “can recognize and isolate, or at least control,” intruders without proper authorization and authentication, Greatwood added. The power system environment “is evolving” toward “growing network, infrastructure and architectural complexity,” and “vulnerabilities will persist,” Gartner observed in January 2022. But those vulnerabilities must be addressed because limiting “access to critical systems can be the greatest impediment to cyber breaches,” Ibrahim said. Building the best protections “may take time, money and a change in management processes, but those are small costs compared to the billions that can be lost from a successful intrusion,” he added. Get the free daily newsletter read by industry experts At least $4 billion of the tax credits under the expanded Qualifying Advanced Energy Project Credit program must go to projects at closed coal mines or retired coal-fired power plants. The rules will require federally funded chargers to be built in the United States, beginning with final assembly and some manufacturing processes. Keep up with the story. Subscribe to the Utility Dive free daily newsletter Keep up with the story. Subscribe to the Utility Dive free daily newsletter Subscribe to Utility Dive for top news, trends & analysis Get the free daily newsletter read by industry experts At least $4 billion of the tax credits under the expanded Qualifying Advanced Energy Project Credit program must go to projects at closed coal mines or retired coal-fired power plants. The rules will require federally funded chargers to be built in the United States, beginning with final assembly and some manufacturing processes. The free newsletter covering the top industry headlines
Let Cybersecurity Dive’s free newsletter keep you informed, straight from your inbox.
The report highlights the growing risk cyberattacks pose to businesses across the globe, as well as the increased financial toll these attacks are having on corporate finances. Companies are spending millions of dollars to protect their data and operations against sophisticated attacks, the survey found. The insurance industry is encountering additional pressures to protect companies against increasingly expensive disruptions and data loss, which places added pressure on the industry to protect its own profitability against potentially catastrophic business claims. “Cyber risk has risen to the same strategic level as traditional financial and operational risks, thanks to a growing realization by business that the impact can be just as severe,” Alana Muir, head of cyber at Hiscox, said in a statement. “While there has been some fluctuation over the years, cyberattacks are on the rise, so the increased focus and investment from businesses to minimize damage to their brand, operations and customers is positive.” The report is based on a survey of more than 5,100 executives, IT managers, department heads and other executives across the U.K., U.S., France, Germany, Belgium, Spain, Ireland and the Netherlands. Get the free daily newsletter read by industry experts Physical keys with cryptographic protocols can deliver higher levels of assurance, but organizations shouldn’t conflate resistance with infallibility. Enterprise cybersecurity is navigating market turmoil and vendor consolidation. Here’s what experts expect to happen to the industry in 2023. Subscribe to Cybersecurity Dive for top news, trends & analysis Get the free daily newsletter read by industry experts Physical keys with cryptographic protocols can deliver higher levels of assurance, but organizations shouldn’t conflate resistance with infallibility. Enterprise cybersecurity is navigating market turmoil and vendor consolidation. Here’s what experts expect to happen to the industry in 2023. The free newsletter covering the top industry headlines
