© 2023 CyberNews - Latest tech news,
product reviews, and analyses.

If you purchase via links on our site, we may receive affiliate commissions.

Should the state do more to help companies protect themselves from cyberattacks?

The cyber landscape has evolved at a rapid pace during the pandemic era, with not only the volume of attacks rising enormously but the variety and type of them also changing significantly.

Much of this evolution has been driven by the wholesale transition to remote work but factors such as Covid-related stress has also played a major role.

Despite the tremendous focus on cybersecurity, this increase in attacks has delivered. A new report from cybersecurity firm Kaspersky reveals that most key decision-makers would still like to be more proactive about cybersecurity, if only they knew just how to do so.

"Companies say the biggest obstacles to ensuring an adequate cyber protection strategy are a lack of resources and expertise internally, and, externally, the number of regulations they’re required to comply with," the report says. "These issues, coupled with the fact that traditional endpoint protection is rarely enough today to detect threats early and enable us to react accordingly, mean it becomes harder to ensure the protection of critical business assets."

Responding to the threat

Being able to respond to the changing threat landscape successfully is increasingly important. Indeed, Gartner argues that by 2024, CEOs will increasingly be held personally responsible for any cybersecurity incidents in their firms. This is especially prescient as nearly 70% of decision-makers reported that they felt concerned about falling prey to cybercriminals. This concern was pretty consistent regardless of the size of the business.

This should perhaps not be that surprising, given that 82% of respondents said that they had already experienced at least one cyberattack. Interestingly, whereas historically most of the responsibility and emphasis for cyber defense has rested on the firms themselves, many of the respondents said that they thought law enforcement agencies should be doing much more to protect them.

"When we are victims of theft in real life, the police usually come to our rescue," the authors say. "This is because we are protected by laws and rules that regulate all areas of our lives, protecting both individuals and companies from crime."

However, this doesn't tend to be the case for cybercrime, with 60% of respondents saying that they didn't receive the same level of support from the police when they were victims of cybercrime as they have when they have been victims of real-life crimes.

Lack of help

While the likes of GDPR provide a degree of protection for the personal data of individuals, most of the responsibility is placed on the shoulders of the organizations that hold that data.

This creates the situation whereby cybercriminals are increasingly looking for ways to access that data, and regulations make companies responsible when they're successful.

“There’s little wonder that 56% of the business decision-makers surveyed criticized the state support for companies in their country, saying their government provides inadequate backing or assistance to organizations impacted by cybercrime," the authors explain.

The report reveals that the majority of respondents would like to see the same level of police protection, and indeed punishment, provided for cybercrimes as we see for other types of criminal activity. Similar numbers feel it is grossly unfair that they are personally responsible and liable for any cyberattacks at their own company.

This lack of societal support is largely reflected by a perceived lack of support internally as well, with around 60% of respondents saying they didn't feel they had sufficient resources to adequately protect against cyber attacks.

A global problem

Of course, the global nature of cybercrime exacerbates the problems national law enforcement agencies face when trying to get to grips with cyber attacks. INTERPOL has attempted to overcome these challenges by creating its Global Cybercrime Programme in 2015.

Last year, the agency called upon law enforcement agencies to work more effectively together to tackle the growing ransomware problem. They argued that the more effectively agencies can share information, both on possible and actual attacks, the more effectively criminals will be brought to justice.

Cybercrime is currently a hugely underreported issue, with data from the UK suggesting that just 1.7% of all estimated attacks were reported to authorities during 2020. This obviously limits the ability of the police to do anything about it, but with the Kaspersky data suggesting a lack of confidence among companies in the ability of police to do anything meaningful, it's something of a catch 22 scenario.

While efforts from the likes of INTERPOL are certainly to be welcomed, the jury remains very much out on whether these efforts will be effective or whether cybercriminals will continue to be too nimble and evasive of any attempts at detection or prevention.

Leave a Reply

Your email address will not be published. Required fields are marked