A golden age for hackers?

Strategy
GOLDEN AGES have always been synonymous with great wealth, inexhaustible sources of money and carefree times. Are we living in a golden age? Many companies are enjoying full order books, yet hackers are also experiencing a golden age at the moment. Thanks to the ever-increasing degree of interconnectedness and the IoT. Digitisation is enabling cyber attacks to grow ever larger, more numerous and more dangerous. How can a stop be put to the golden age for cyber criminals? How vulnerable are companies and are there strategies in place to stop the digital raids?

Hacking itself dates back to 1982

The “414s” were a group of hackers who had broken into several computer systems in America. The “business model” of hacking really began to gain traction, however, from mid-2000 and has been growing exponentially ever since. Anonymous, the Shadow Brokers, Lazarus Group, Fin7, APT28, Snake or attacks such as WannaCry, Carbanak, Moonlight Maze – these names have achieved international infamy. Within just a few days, companies today can face millions of dollars in damages – in the case of WannaCry, an affected company reported damages of USD 300 million, while, in the case of Carbanak, damages totalling USD 1 billion were purported to have been incurred by the affected banks. The “gold”, i.e. the financial benefits from these attacks, end up in unknown hands.

On a time line, we are therefore already at an advanced stage in the “golden age”. There is, however, an additional problem: we continue to offer new possibilities for hackers thanks to the high degree of digitisation in all areas of life. Is there an end in sight to the golden age? Quite the opposite – wealth and inexhaustible sources of money are enticing, leading to attacks that are increasingly diverse, complex and comprehensive. This fact has also been confirmed recently, among other things, by a study of the World Economic Forum: cyber security risks are steadily growing, both in terms of likelihood and potential for disruption, according to experts. The Allianz Risk Barometer also reflects this view: of the top 10 global business risks in 2018, cyber-related incidents such as cyber crime, system failure, and privacy violations rank second.

Cyber attacks and IT security management in 2025

If you ask IT security experts, as happened in a recent RadarServices Future Study, the trend is presented clearly in numbers: on average, the number of cyber attacks is expected to increase by 300 percent annually. 72 percent of experts also say that companies today are not yet adequately prepared for future challenges.

Will we see a rise in cyber-attacks until 2025?
How well prepared are companies for the future?

Radar Global Risk Score

The Radar Global Risk Score provides an overview of the current security situation in Europe’s economy and government landscape. It is calculated every day for each customer of RadarServices, therefore ensuring it is based on real figures. Factors such as the number of newly discovered vulnerabilities, unauthorised accesses and other security issues are included here. As the company’s customers come from almost every sector and from different countries, the anonymised risk score can be understood as a comprehensive picture of the current situation. Why is such a risk score important? It creates transparency and comparability. Only if you know exactly what threats currently exist can you take targeted countermeasures. And the success of the measures and investments made becomes visible when compared to peers.

Radar Global Risk Score – calculation

The Radar Global Risk Score is calculated using the Incident Score, the Vulnerability Score and the Throughput Score.

  • The Throughput Score measures whether a greater or smaller number of new incidents in the IT security department of an organisation are known than were closed during the same period of time.
  • The Incident Score gives the average of the weighted risk scores of all open incidents (for example, detected by log management or network flow analysis). This does not include incidents that are detected by the vulnerability analysis.
  • The Vulnerability Score indicates the weighted average of all open incidents detected during a continuous vulnerability analysis.
Radar Global Risk Score trend by industry (all countries)
Radar Global Risk Score trends by country and company size

Specifically, the risk value can range between 0 (no risk) and 10 (very high risk). The fact that the risk situation is consistently fraught in practice can be recognised by the fact that neither a country nor an industry has an average risk score of less than five. The trend lines show a clear direction across all countries and sectors: upwards. The risk scores of industrial companies, banks and insurance companies have been experiencing the biggest increase for one and a half years. The trend line for public authorities has meanwhile increased only slightly, yet it was at a very high level from the very beginning.

As an example for the countries of Germany, Austria and Switzerland, the risk score for companies with more and less than 500 employees is shown. The risk for large German companies is particularly high and rising. Another striking feature is the high risk increase among large Swiss companies. The risk development of Austrian companies is at a consistently high level.

And the future?

Growing concern is expressed in particular by the IT security experts interviewed in the RadarServices Future Study in respect of attacks on the IoT, especially the IIoT (Industrial IoT), and targeted cyber attacks on critical infrastructure that not only cost money but potentially also human lives.

This is also in line with the repeated warnings made by EU law enforcement officials that security must be taken into account when developing and implementing new systems, applications and devices. This is the case, for example, in the EU GDPR and in the current Threat Landscape Report of ENISA. How far has practice progressed in the era of IoT? It varies.

Expert survey regarding future IT security trends: IoT and critical infrastrucutre in the focus of cyber attacks

Finally, a frightening number regarding security of the modern working world: according to estimates by Lloyd’s of London, a three-day outage of several large cloud providers in the US alone could cost as much as USD 19 billion. If companies still think today that they are immune to this, they will be jolted, in the course of attacks on a cloud provider, into realising that everything is now networked with everything, and they will also experience the consequences firsthand.