If it seems like every week brings another high-profile corporate data breach, like the one that's plaguing Sony Pictures, there's a reason for it. Cyberattacks are on the increase, and the security pros whose job it is to lock down customer information and other sensitive data at major corporations and government agencies are becoming overwhelmed by the sophistication of the hacks.
Almost 60 percent of chief information security officers surveyed by IBM for a study published Tuesday said that their current security tools and techniques are no match for increasingly complex, multipronged intrusions. “The attackers are becoming smarter; they are using multitudes of attacks to breach perimeters,” said Jaime Giroux, head of information security at Reston, Virginia-based Maximus, which provides technology services to businesses and government agencies.
The upshot: expect more data breaches like the 2013 event that compromised about 12 million customer accounts at Target and the attack earlier this spring that put the personal data of eBay’s 145 million users at risk. According to data released Tuesday by security software vendor Malwarebytes, 82 percent of all companies have experience at least one online attack in the past year.
Research firm Gartner paints an even scarier picture. “All large enterprises are currently infected with malware,” the firm said in a recent report.
The breaches can take a big toll, both on the economy and on the individuals who have had their information stolen. Cybercrime costs the global economy $445 billion annually, according to security firm McAfee. Meanwhile, victims of identity theft often must spend months, if not years, and hundreds of dollars on undoing the damage.
Part of the problem is that carrying out cyberwarfare is getting cheaper. Hackers develop malware and, for a few bucks, can log on to the dark Web and hire testers to test it “against all known defenses,” Kris Lovejoy, general manager of IBM Security Services, said. “It has become a commodity.” Hackers have even learned to create malware that adapts in real-time to overcome defenses. “They are polymorphic in nature; they have the ability to adapt,” Lovejoy said.
Add that to the fact that enterprise networks have so many new entry points -- from social media networks to mobile devices -- that some level of vulnerability is a given. “It’s always a constant threat; it’s something we’re facing every day,” Giroux said.
The news isn’t all bad. More and more businesses are moving their tech operations into the cloud, which is essentially a collection of servers that host corporate applications and data. Cloud environments tend to be simpler to manage than the legacy systems that the cloud is replacing. And simplicity can mean better security. “The cloud offers huge hope from a security standpoint,” Lovejoy said.
But security vulnerabilities will always remain, and the consequences can be devastating. Lovejoy said consumers could lose confidence in retailers’ ability to protect their data, which could cause a big hit to the economy. But that’s the least of her worries. “I’m worried about civil disruption, which is what you would get if we ever see a major hit on the electrical grid, nuclear power plants or other critical infrastructure.”