According to a new report released by cybersecurity analyst Canalys, 2020 saw more data breaches than the past 15 years combined, even as businesses increased their overall security spending by 10%. At first glance, that may seem confusing. After all, if companies invested record amounts in cybersecurity, wouldn’t one expect fewer attacks?
Ordinarily, yes.
The problem isn’t that businesses aren’t investing in security. It’s that they aren’t investing enough. Because of the widespread digital transformation that resulted from COVID-19, businesses increased their technology spending almost across the board. Per Canalys:
- Spending on cloud infrastructure services increased by 33%.
- Spending on cloud software services increased by 20%.
- Notebook PC shipments increased by 17%.
- Sales of home WiFi routers increased by more than 40%.
In other words, even though businesses did put a bit more of their budgets into security, their true priorities were elsewhere. And that’s an enormous problem. Even though 2020 did see record-breaking growth in the cybercrime space, the pandemic didn’t impact that growth as much people seem to think.
“Every year marks another ‘worst year ever’ for cyberattacks around the world,” reads a piece published in BBC Storyworks. “The reality is that many executives just don’t understand what they’re up against.”
For context, that article was published in 2017. Four years ago. And almost nothing has changed since then.
Business leaders still aren’t taking security seriously enough. Executives still don’t fully grasp the risks their organizations face. And critical data — everything from healthcare information to proprietary blueprints — is still under threat from every angle.
Even companies like Microsoft, which are meant to serve as an example to the rest of us, seem to treat cybersecurity with a “do it later” attitude. We’ll stress again that the company knew about the catastrophic security vulnerabilities in Microsoft Exchange for months before it even revealed the issue to the public. That scenario recently went from bad to worse.
As reported by Ars Technica, ransomware distributors are now targeting Microsoft Exchange in record volumes. And Bleeping Computer further notes that WannaCry has experienced a resurgence over the past year, with several new variants in the wild that lack the old version’s kill switch. And amidst all this, a black hat has misappropriated the name of analyst Krebs On Security, creating a new breed of malware.
The message is clear as day. Criminals are ramping up their efforts and putting more time and money into executing successful attacks. Unless businesses start at least attempting to keep pace, there’s a very good chance that 2021 will be even worse than 2020.
We are living in a digital world. Maybe back in the nineties, businesses could get away with slacking on network security. But today, they no longer have that luxury.
Cybersecurity needs to be a priority — because the alternative is a world none of us wants to live in.