Organisations across the globe, whether small, medium or large, will lose over 146 billion records between 2018 and 2023 as a result of static cyber-security spending and slow adoption of AI and predictive analytics, mostly by small businesses who form 99 percent of all organisations.
A study by Juniper Research shows that the arrival of strict data security regulations such as the GDPR and PSD2 will do little to stem the rise in the loss of data records by companies. Despite governments introducing large fines and regulatory pressure to pressurise businesses to strengthen their cyber-security protocols, the number of data records lost per annum will increase steadily every year between now and 2013.
According to the study, which is based on a survey of 48 leading cyber security companies, the number of data records lost per annum will rise from 12 billion records in 2018 to 33 billion in 2023. The bulk of data records will be lost by small businesses whose cyber-security spending will only make up 13 percent of the overall cyber-security market in 2018.
A major reason why more and more businesses are now vulnerable to newer forms of malware is that many of them are using consumer-grade products and are spending no more than £392 (US$500) per year on cyber-security products and solutions. Experts have regularly warned that mere endpoint protection cannot defend against all kinds of threats, yet low spending on cyber-security coupled with the astronomical rise in digitisation of data records by companies is making them more vulnerable than before.
"Juniper’s strategic analysis of 48 leading cyber-security companies shows that AI and predictive analytics are now table stakes for this market. These technologies need to be made available to all businesses, regardless of size," said James Moar, research author at Juniper.
The beauty of predictive analytics software is that they help organisations predict cyber-events that are most likely to occur in the near future and also to predict defensive cyber-actions which can help them repel future attacks in a hostile cyber-environment.
Predictive analysis solutions can be curated and fine-tuned as per an organisations's specific requirements to recognise patterns in the cyber-environment that are not time-based, but sequence-based, and such solutions can monitor the health of an enterprise's IT system at all times.
However, a summary document released by the Defence and Security Accelerator (DASA) recently revealed that organisations are making limited effort on predicting events related to a cyber-attack, that most cyber-defence solutions are reactive in nature, and that very few fully-developed and deployable tools exist with predictive capability.
DASA has launched a new competition to enable security firms to create new predictive cyber security solutions and has promised a £1 million to fund proof-of-concept technologies above Technology Readiness Level (TRL) 2. It hopes that the fund will enable the arrival of new predictive solutions that will bolster the cyber security of defence and security services.
Stressing on the need for organisations to adopt new measures to prevent data breaches in future, Tim Helming, director of product management at DomainTools, told SC Magazine UK that the loss of data records is just one step in the round of criminal activity.
"PII (Personally identifiable information) can be used to mount spear phishing campaigns, financial crime and fraud, including the most serious kinds such as identity theft. With this many records predicted to be available for this kind of nefarious activity, it’s of crucial importance that both organisations and individuals do their utmost in order to remain vigilant; organisations need to take every possible measure to ensure that data is protected, and consumers need to be aware of the tell-tale signs of cyber-crime should these protective measures at an enterprise level fail," he said.
Andy Norton, director of threat intelligence at Lastline, said that 146 billion data records, which are predicted to be lost by businesses between 2018 and 2023, represents about 50 percent of the people on the internet and makes it clear that everyone will be a victim of a data breach at some point. Therefore, people should follow pro-active and reactive practices at all times either to prevent a breach or to negate its after-effects.
"Whether it be a set of credentials from a social media database, credit card data from a POS infection or full-scale identity theft from a government system, we should assume that some of our data, has been or will be lost and have proactive and reactive best practices in place," he said.