How Cyber Defenders Can Defeat Cybercriminals

February 24, 2024

The more value that people and businesses store online, the more attractive cyberattacks will become to modern criminals. And those criminals adapt fast; during the pandemic, increases in online crime were as dramatic as they were immediate. By April 2020, just a month after COVID-19 first became a household name, the FBI was already reporting a 400% rise in cybercrime.

Four years later, with new technologies in the cybercriminals’ toolkit, the threat to businesses and the public remains high. Just weeks ago, a company in Hong Kong lost US$25.6 million because one of its finance workers was successfully targeted with an AI-powered scam.

The worker had been invited to attend a video conference call, also joined (he thought) by several of his colleagues, including the Chief Financial Officer of the company. In fact, everyone else on the call was a criminal, using AI to impersonate his colleagues through deepfake technology. Because the voice and digital appearance of every other person accurately and convincingly mimicked the finance worker’s actual colleagues, he followed their instructions to transfer millions of dollars of company wealth to an external account.

This kind of story may seem unusual, but there is every reason to believe it will grow more common in the months and years to come, as deepfake and generative AI technology become more advanced and widespread.

In 2023, the global average cost of a data breach in 2023 was US$4.45 million, a 15% increase from just 3 years earlier. To remain competitive in this information age, companies will clearly need to invest not only in increased digital capability, but also in defensive measures to guard against cyber criminality.

From phishing and other online scams, to malicious URL links, to ransomware and DDoS attacks, to data-siphoning malware, to rogue employees with an axe to grind, digital security threats are both numerous and complex. But they can be dealt with successfully, by proactively taking the right approach. That approach should include the following elements:

  1. A Secure Digital Foundation

Companies should begin embedding cybersecurity protocols into software and hardware during the early development stages, rather than just adding an outer layer of security at the end of the process. By integrating safeguards at every operational stage, it becomes much easier to reduce vulnerabilities during both product development and usage.

  1. Cooperation Between Public and Private Sectors

Cyber threats are global problems that demand real expertise and resources to develop effective security solutions. Collaboration across sectors is key to addressing challenges like high costs and limited resources.

  1. The Focused Application of AI and Data

AI’s power lies in analyzing vast telemetry data, identifying small signals overlooked by humans. This results in more accurate attack pattern detection, reducing false positives. Proactive threat prediction, enabled by AI-driven analysis, can also identify potential threats, allowing for automated responses to both attempted and successful security breaches.

  1. Continuous Talent Development 

Diverse skill sets are essential for effective cybersecurity. Organizations must actively seek talent with varied perspectives, backgrounds, and experiences to improve their overall cybersecurity posture. They should also provide frequent and detailed training to all personnel who handle company data. People, as scammers have known for a long time, are the weakest link in almost every security system.

Know your limits

Businesses should be aware of their own capabilities, and where those capabilities fall short. If a company’s own internal computer network is not secure enough to protect sensitive data against a determined attacker, then it should consider either upgrading their systems or storing much of that data on cloud-based servers run by industry leaders. The company should also compartmentalize access to that data, so that the damage done by a single security breach would remain limited.

There is also an increasingly well-developed body of regulation surrounding the collection, sharing, and storage of data — particularly the personal information of visitors to company websites. Such legal initiatives go a long way toward protecting user data, and companies should follow the spirit of those regulations even for data that isn’t strictly protected by law. It is when companies begin to act complacently, and take shortcuts with their data security, that major vulnerabilities appear.

Businesses should commit to developing and maintaining healthier data protection practices in all areas. Sustained progress in such efforts requires discipline, but is rewarded over the long term by the absence of costly security breaches.

The evolving landscape of cybersecurity demands a multifaceted approach. By embracing the strategies outlined above, the business community can fortify its digital infrastructure against cyber threats, while also paving the way for a more resilient, secure, and connected world. Large and small companies alike have important roles to play in this journey — as data security is everybody’s concern, and cybercriminals will pursue opportunities wherever they can be found.

It is in everyone’s interest to create a world where crime doesn’t pay. So moving forward, let’s all put more effort into data security, on both a personal and professional level. Our goal should be the responsible use of well-designed systems, guided by an ongoing alertness to potential threats. The more secure we become, the more we all can prosper, and fulfill the true potential of this wondrous age of invention.

Share this article

Subscribe to InnoHub!

Stay updated and inspired

เรานำข้อมูลมาใช้เพื่อการส่งมอบคอนเทนต์และบริการอย่างเหมาะสม เราจะปกป้องความเป็นส่วนตัวของคุณ คุณสามารถอ่านข้อมูลเพิ่มเติมได้ที่ Privacy Policy และคลิกสมัครเพื่อดำเนินการต่อ