The art of war in the cybersecurity era

Image of padlock against circuit board/cybersecurity background
(Image credit: Future)

The view that a hacker is nothing more than a hoodie-wearing teenager with too much time on their hands is woefully outdated. Today, hackers are much more likely to be highly sophisticated cybercriminals that work within large, well-funded (and increasingly state-funded) operations. This has shifted the motivation for an attack from simple mischief making to financial. In fact, research shows that almost two-thirds (63%) of all data breaches now intend to extort money from companies and individuals.

About the author

Jake Moore is a cyber security specialist at ESET UK.

As they become increasingly financially motivated, cyberattacks on businesses have become near inevitable. It is no longer a case of if, but when. With attackers all over the world working on this professionally 24/7, it would be naïve for the leader of any business, large or small, to believe they will not be hit with a targeted attack at some time.

With the average cost of a data breach now reaching an eye-watering all-time high of $4.24 million, executives need to take the threat seriously and start treating the financial fall-out – ransom payments, fines, data loss, and insurance – as a cost of doing business and allocate funds accordingly.

The sums still need to be done on the other side of the balance sheet too, though. Our recent survey found that just 42% of businesses factor in the total cost of ownership (TCO) when purchasing security solutions. In addition to the upfront cost of the solution, many were not factoring in costs such as energy usage, performance efficiencies, cost of downtime, maintenance, upgrades and replacements.

Knowing the enemy

“If you know the enemy and know yourself, you need not fear the result of a hundred battles. If you know yourself but not the enemy, for every victory gained you will also suffer a defeat. If you know neither the enemy nor yourself, you will succumb in every battle.” Sun Tzu, The Art of War.

This may be a quote from the 5th century BC, but it still resonates today. It is time to get ahead of the problem and know the enemy.

The risk of a cyberattack and the financial ramifications are now higher than ever; since the General Data Protection Regulation came into force in 2018, corporations face fines of up to 4% cent of their annual global revenues if they fall victim to a data breach. This can lead to major punishments for businesses – in 2020, British Airways were slapped with a £20 million fine for a breach involving 400,000 customers, and the ICO issued a £18.4 million penalty to Marriott Hotels in the same year following a similar incident.

To stay one step ahead, Threat Intelligence should be used as an integral part of the cybersecurity armory brought in by organizations to help protect them from attacks. In order to manage risks, organizations need more than just information about what's happening on their own network. The latest information on the threat landscape helps better prevent attacks, even before they strike. However, it can be difficult for organizations – who access information only within their own networks – to detect the increasingly sophisticated cyberattacks of today.

Luckily, Threat Intelligence reports and feeds are available from respected cybersecurity companies, who by their very nature, have access to thousands of sources. It is a case of safety in numbers. You can lean upon their ability to provide in-depth, up-to-date global knowledge about specific threats and changing attack vectors.

Being properly prepared

Unfortunately, cybercrime is becoming a fact of life. It is a highly lucrative enterprise, and as criminals continue to force ransoms out of victims, the business cycle continues, meaning more companies will inevitably be attacked. Ignorance is not a strong enough argument in 2022 and more must be done to protect data.

Having access to the latest information on the threat landscape helps organizations better prevent attacks, even before they strike. This can help reduce the attack surface and reduce the likelihood of a successful breach.

By treating cybersecurity as a cost center and investing in intelligence, organizations can avoid far more costly remediation costs and reputational damage downstream. The more time and money invested into the protection of data here and now, the smaller the risk and the fines should a company be attacked down the line.

As Benjamin Franklin famously said: “Fail to prepare, prepare to fail”. By better understanding their enemy, companies can create robust systems that help protect, mitigate and investigate security problems, so that business continuity remains unaffected.

At TechRadar, we've featured the best business VPN.

Jake Moore

Jake Moore is a cyber security specialist at ESET UK. He is also a well respected industry expert who regularly comments on a range of cyber stories in publications such as The Guardian, The BBC, The Independent and Forbes. He is usually asked to give his opinion, advice and analysis on stories featuring a security or technology angle.