In the world of Cybersecurity, there is one thing that I have noticed: There are a lot vendors, MSPs, MSSPs, and who else who live to cite numbers in order to put a fear factor into the eyes of their customers and prospects. The ultimate goal of this is to get them more prone to purchase their products and services. In the end, nobody really questions who got what statistic, it sounds impressive enough.
This can even be extended to the various technojargons that
are thrown out there, and the two that drive me the craziest are “Risk” and “AI”. Every Cyber vendor on this planet talks about
these two things, but nobody defines what it really means to the products and
services that they are trying to sell to you.
The latter is the worst. Vendors
keep pumping that their solutions have AI in them, but what kind of AI is being
used? How is it helping to protect the customer? These are key questions to be asked, but yet
nobody asks them.
When I write a blog and cite any kind of number or stat, I
try to provide the source and the link from where it came from. But I feel that I need to perhaps put more scarier
stats into mine, in an effort to educate you more about the realisms of just
how dangerous Cyber threats can be. Important
note here:
The numbers and stats presented in this blog come from here,
at least initially:
https://www.darkreading.com/vulnerabilities-threats/cybersecurity-risks-and-stats-this-spooky-season
Here we go:
1)
Ransomware is coming back, yet once again:
Although this threat vector is
never going to go away per se, 2022 was actually a relatively quiet year, when
compared to 2021, when all hell broke lose.
One of the most notorious hacking groups in this regard is known as “Revil”. It led the infamous supply chain attack on
Kaseya, which impacted well over 1,500+ organizations on a global basis. After this heist, the Ransomware group disappeared,
but now announced just recently it is going to make a comeback, on a scale that
has never been seen before.
2)
The Emergence of the Remote Workforce:
Ok, this is a subject that has been
beaten up to death ever since the COVID-19 pandemic hit. While the concept of working remotely is
really nothing new, COVID-19 made the unthinkable a reality. For example, the notion of the Metaverse, Web
3.0, and a 99% Remote Workforce were things that everybody thought would happen
in the middle of this decade. But, it is
happening RIGHT NOW. Nobody was really
ever ready to have everybody WFH. Of
course, there were a ton of problems, with one of the biggest ones that of the meshing
of the home networks with the business networks, leaving a lot of exposure for the
Cyberattacker to penetrate into. It seems like that (IMHO) most of these problems
have been resolved, some 66% of CISOs polled claim that new problems are always
cropping up, and that this cycle will never seem to end. Plus, the IoT has not helped the situation much
either. If people are WFH, why not make it more comfy by connecting everything together?
3)
The internal threat is going to rise:
This is something to really worry
about. We all are so worried about the
threats that are inbound from the external environment, that we are failing
quickly to pay attention to the internal threats. By this, I mean the possibilities of Insider
Attacks. We would like to think that all of our employees are honest and good,
after all they probably passed a pretty exhaustive check, right? Well, keep in mind that background checks are
just a “double check” on an employee at one point in time. There could always be a rogue employee in
your company, or the beginnings of one starting up. Unfortunately, these kinds of potential
security breaches are very difficult to find and confirm, and in fact, 84% of
CISOs polled claimed that this is going to be a top concern going into 2023
(but why isn’t it now – what’s the point of waiting until the start of next
year???).
4)
The shutdown of Critical Infrastructure:
This kind of attack has always been
there, with the most notable one being the Colonial Gas Pipeline attack. The fear so far that with war in the Ukraine
still going on, we could see a barrage of attacks that will lead to the ultimate
shutdown of our Critical Infrastructure here in the United States. Luckily nothing has happened yet, but this
could be a real problem even going into next year. My fear is that multiple US cities could be
hit, in a simultaneous attack. The
effects here will be like a nuclear war, but without the radiation being
present.
My Thoughts On This:
Well, here you have it, some Cyberattacks with their threat
variants backed up with some sort of stat just to prove how dangerous the situation
has become. Who knows when and if they
will happen at all, but if it does, I sure hope that we can recover fairly
quickly, as the effects will be nuclear like.
No comments:
Post a Comment