The global cost of cyberattacks is forecast to reach $8 trillion over the next five years as more and more connected devices in the Internet of Things are attached to global networks. The number of records stolen by cybercriminals is expected to reach 2.8 billion this year and rise to 5 billion by 2020.
The forecasts come from a new report by Juniper Research that bases its estimates on the ongoing integration of new devices and systems with legacy networks without taking into account overall network security.
The problem is especially acute for small and medium enterprises (SMEs) that spend an average of just $4,000 annually on cybersecurity. Juniper said it expects only “marginal increases” in spending by SMEs over the next five years.
The research firm expects ransomware to develop rapidly into simple toolkits that are available to would-be crooks for a relatively small price, creating a whole new class of software it calls ransomware-as-a-service.
Due to the nearly endless variety of security solutions available, it is no surprise that they rarely play well together. That means that a high level of expertise and manpower are needed in order to manage both new systems and the products that protect those systems.
Few SMEs can afford the cost of such integration and management, raising the likelihood that threats can be unobserved, especially when these smaller businesses face a cyberattack. Jupiter noted the development of cybersecurity programs that use machine learning to monitor network and program behavior, detecting and eliminating many anomalies automatically without professional help. Such programs may soon provide better protection for SMEs at a cost the businesses can afford.
The recent WannaCry ransomware attack illustrates the issues well. The malware attacked older versions of Microsoft desktop and server systems that had not been patched to prevent the particular method of attack the ransomware used or software that was no longer supported by Microsoft. The older software was very likely still in use either because it worked well for the businesses that used it and they saw no reason to upgrade or because these businesses did not think they needed to pay for an upgrade. Put this in the “Lessons Learned” column.