Cybersecurity in Crisis: How to Combat the $10.5 Trillion Cybercrime Surge
October marks Cybersecurity Awareness Month, a timely reminder for businesses and individuals to revisit their digital defenses. In 2024, the stakes have never been higher. With global cybercrime costs projected to reach $10.5 trillion annually by 2025, according to Cybersecurity Ventures, organizations across industries are feeling the pressure to stay ahead of evolving threats.
This year alone, we’ve seen a staggering 57% increase in ransomware attacks, with threat actors employing more sophisticated methods to breach systems, hold data hostage, and disrupt business operations.
Perhaps most alarming is the rise of AI-enhanced cyberattacks, where malicious actors are leveraging machine learning to automate attacks, making them faster, more effective, and harder to detect. Meanwhile, the challenge of securing remote workforces continues to dominate discussions, with 43% of businesses still struggling to protect endpoints as employees access sensitive data from personal devices.
This article will share key insights from the experts helping to shape the cybersecurity landscape this year, with POVs on the most pressing challenges and forward-looking strategies to fortify defenses in 2024 and beyond.
The Impact of Outdated Metrics on Cybersecurity Strategies
"A truly comprehensive cybersecurity strategy must address both cutting-edge technologies and legacy systems. It is imperative that we do not neglect older systems and devices, as attacks often exploit overlooked legacy components. To effectively communicate this holistic approach, cybersecurity teams should focus on translating technical information into clear, concise narratives.
Rather than relying solely on industry-standard metrics like TTD, TTA, TTM, and TTR, teams should develop measurable standards that effectively highlight both the successes and resource needs of their Incident Response programs, including efforts to address tech debt and fortify legacy systems. This will ensure that organizations are better prepared to face the full spectrum of cyber threats." –Chris Gibson, CEO, FIRST
Major Companies Impacted by Data Breaches
Cybersecurity Awareness Month brings the financial impact of data breaches into sharp focus. In 2024, the average cost of a data breach soared to $4.88 million. However, companies that invested heavily in security AI and automation were able to significantly reduce their losses, saving up to $2.22 million in prevention costs.
Recognizing the immense financial burden of breaches, experts at Indusface, an application security SaaS company, set out to identify the most severe and costly data breaches that affected major organizations. Their analysis focused on the number of users impacted and tracked shifts in public interest by monitoring search trends following these incidents.
Top 10 Major Companies Impacted by the Largest Data Breaches
| Rank | Company | Industry | Users affected |
| 1 | Yahoo | Technology | 3,000,000,000 |
| 2 | Social Media | 509,458,528 | |
| 3 | Social Media | 164,611,595 | |
| 4 | Adobe | Software | 152,445,165 |
| 5 | Dropbox | Cloud Storage | 68,648,009 |
| 6 | Tumblr | Social Media | 65,469,298 |
| 7 | Trello | Project Management | 15,111,945 |
| 8 | Social Media | 6,682,453 | |
| 9 | Kickstarter | Crowdfunding / Finance | 5,176,463 |
| 10 | Snapchat | Social Media | 4,609,615 |
Venky Sundar, Founder and President of Indusface, shares must-know tips to shield your business from data leaks and breaches:
- Encrypt sensitive data: Ensure that all sensitive data, both in transit and at rest, is encrypted to prevent unauthorized access.
- Implement strong access controls: Limit access to sensitive information based on roles and enforce multi-factor authentication for added security.
- Regularly update software: Keep operating systems, applications, and security tools updated to patch vulnerabilities that could lead to data breaches. If a software update breaks systems, deploy virtual patches on the web application firewall as an emergency measure. After that you could prioritize software updates in later dev cycles.
- Conduct employee training: Educate employees on data security best practices, phishing threats, and the importance of handling sensitive information properly.
- Monitor network activity: Use intrusion detection and prevention systems to monitor network traffic and alert you of any suspicious activity.
- Backup data regularly: Maintain secure, encrypted backups of critical data to minimize damage in the event of a breach or ransomware attack.
- Enforce strong password policies: Require complex passwords and regular updates to reduce the risk of unauthorized access.
- Conduct regular security audits: Perform internal and external audits to identify and address any security gaps or vulnerabilities in your systems.
- Monitor zero-day threats: Every month hundreds of new SQLi vulnerabilities are found. Monitor these and deploy the patches. If patching needs to be delayed, deploy application specific virtual patches on the WAF layer.
- Create a mobile device action plan: To safeguard sensitive data on mobiles, require users to set strong passwords, encrypt data, and install security apps. Additionally, implement clear reporting procedures for lost or stolen devices.
- Secure Wi-Fi networks: Ensure your workplace Wi-Fi is secure, encrypted, and hidden. Disable SSID broadcasting and password-protect the router for added security.
Strengthening the Human Factor in Cyber Defense
"With 74% of all breaches in 2023 involving the human element, it's crucial to effectively teach employees how to mitigate human factors in cyber-attacks. This requires understanding two key concepts about how criminals operate: the social engineering attack cycle (information gathering, establishing relationships and rapport, exploitation, and execution) and the impact of AI on threat actors. As AI becomes widely available and social engineering increases, professionally targeted campaigns are becoming automated and even more difficult to detect, making employee education more important than ever." –Katja Dörlemann, Human Factors SIG Chair, FIRST, and Security Awareness & Communications Expert, Switch
Need expert help selecting the right tool?
With one-on-one help, we guide you to your top software options. Narrow down your software search & make a confident choice.
Vendor Risk Management
"With 54% of organizations experiencing data breaches due to third-party vendors, robust vendor risk management is essential. Organizations must conduct thorough due diligence, enforce strict security requirements in vendor contracts, and regularly audit partners' security practices. Protecting your data and systems from third-party vulnerabilities is a necessity, not an option." –Shrav Mehta, CEO, Secureframe
Mitigate Cybersecurity Risks
“As with any new technology, AI systems also bring forth new types of vulnerabilities, creating the potential for misuse by threat actors targeting companies. The design, development, and deployment of secure AI systems will play a crucial role as regulations continue to increase trust in the technology. Compliance programs are essential to minimize overall risk and safeguard inputs against threats, such as prompt injection. Additionally, they help secure the model against theft, protect data from training data poisoning, and prevent sensitive information disclosure in the outputs. Incorrect application of these measures can result in unintended consequences, including data breaches, misinformation, and overall economic losses.” –Patrick Grau, AI Security SIG Co-Chair, FIRST
Continuous Vigilance and Control Monitoring
"Proactive threat mitigation is critical, particularly for industries handling sensitive data. Organizations need a clear understanding of their risk profile and systems for quick remediation of issues. Continuous control monitoring, as emphasized by NIST, allows for timely access to security-related information, empowering leadership to make informed decisions and ensuring comprehensive coverage through a combination of automated and manual processes." –Shrav Mehta, CEO, Secureframe
Stay Ahead of Evolving Cyber Threats
"To effectively combat evolving cyber threats, we must take a multi-faceted approach: enhance threat intelligence sharing across borders, foster collaboration among organizations, and implement strategies like the CACAO method.
We also face the challenge of bad actors outpacing us in AI adoption, underscoring the need for strict adherence to ethical, moral, and legal standards. This requires rigorous testing, regulatory approvals, and a dedicated investment in understanding the ethical implications of AI to ensure responsible use.” –Chris Gibson, CEO, FIRST
Reducing Fatigue and Enhancing Compliance
To combat the overwhelming number of security alerts and reduce compliance fatigue, organizations are turning to automation and more strategic approaches. Enhancing compliance while reducing burnout among security teams is a growing priority, as consistent monitoring and enforcement of protocols can often feel relentless.
What is the importance of balancing these pressures?
"In a world where every second counts, minimizing unnecessary burdens on your team is crucial for improving security posture. Compliance automation significantly boosts efficiency by streamlining manual tasks like evidence collection and centralizing data, reducing the risk of 'audit fatigue' among employees. By automating repetitive tasks, organizations can strengthen their security posture and enable staff to focus on core responsibilities, leading to improved overall cybersecurity outcomes." –Shrav Mehta, CEO, Secureframe
Engage With Immersive Cybersecurity Training
"Cybersecurity education is most effective when it employs serious immersive games, such as Piece of Cake, which use role-play and simulations to engage participants with manipulative tactics in various security scenarios. This experiential learning approach, focusing on the human factors involved in cyberattacks, facilitates better retention and practical application of security knowledge. By addressing security challenges in a playful yet interactive manner, these methods surpass traditional, passive learning models, ensuring that cybersecurity training truly sticks in participants' minds." –Katja Dörlemann, Human Factors SIG Chair, FIRST, and Security Awareness & Communications Expert, Switch
The High Cost of SQL Injection Attacks
Ranked as the third most critical security risk by OWASP’s Top 10, SQL injection attacks pose a serious threat to an organization's data security. These attacks enable hackers to gain unauthorized access to databases, manipulate records, and extract sensitive information, which can then be sold on the dark web. The financial fallout from such breaches is substantial, with costs including regulatory fines, lost revenue, and damage to a company’s reputation.
Beyond data theft, attackers can manipulate data to disrupt business operations or even launch extortion schemes, where they threaten further damage unless a ransom is paid. The ability to alter crucial data can undermine business continuity, leading to operational delays and eroding customer trust. For companies of all sizes, the ripple effects of SQL injection attacks make them a top cybersecurity concern in 2024.
According to Venky Sundar, Founder and President of Indusface,“There are many ways to effectively prevent an SQL attack. Securing all inputs and server-side processes is the most essential. While it does help to have client-side validation, it is not sufficient against determined attackers. Here’s an 8-step comprehensive approach to prevent and mitigate SQL injection attacks:
1. Implement input validation and proper error handling to secure database interactions.
By validating user input, applications can restrict the data to expected formats and standards, reducing the risk of malicious SQL commands being executed within SQL queries and ensuring that it adheres to predefined criteria such as format, length, and range. Sanitization is different, it removes or encodes potentially harmful characters from the input.
Example (using PHP and filter_var):
$username = filter_var($_POST['username'], FILTER_SANITIZE_STRING);
2. Use parameterized queries and prepared statements to prevent malicious SQL input.
Mitigating SQL injection attacks requires secure coding practices. Developers should use parameterized queries and prepared statements to ensure user inputs are never executed as SQL code.
Another effective coding practice to mitigate the risk of SQL injection is parameterized statements. These separate user inputs from the SQL query, which removes the need for manual escaping, ensuring that user inputs are treated as data, which prevents any potentially malicious code from being executed. The database system identifies placeholders, securing user inputs during execution.
Example (using Python and SQLite):
cursor.execute("SELECT * FROM users WHERE username = ? AND password = ?", (user_input, password_input))
Placeholders (?) are used instead of inserting user inputs directly into the SQL query for values provided later. The query is executed with placeholders as the initial argument and a tuple of actual values (for example, user_input and password_input) as the second. During execution, the database securely binds these inputs as data, not part of the SQL query, preventing any SQL injection attacks.
3. Maintain Applications and Databases.
SQL injection vulnerabilities in applications and databases are frequently discovered and publicly disclosed. To mitigate the risk, organizations must stay informed about vulnerability updates and vendor announcements, ensuring that patches or updates are applied promptly.
To prevent SQL injections, all elements of a web application must be regularly monitored and updated, including database servers, frameworks, libraries, plugins, APIs, and web server software. For organizations facing challenges with timely patching, investing in a patch management solution can help alleviate the workload for IT and development teams by streamlining the update process.
4. Monitor Application and Database Interactions and Communications.
Organizations should implement continuous monitoring of SQL statements in database-connected applications, focusing on activity related to accounts, prepared statements, and stored procedures. This enables the timely detection of rogue SQL statements and vulnerabilities, allowing administrators to mitigate risks by removing unnecessary components.
Integrating machine learning and behavioral analysis through tools like Privileged Access Management (PAM) and Security Incident and Event Management (SIEM) further strengthens protection against SQL injection and other database threats.
5. Deploy Web Application Firewalls (WAFs).
A Web Application Firewall (WAF) serves as a critical layer of security by monitoring and filtering incoming HTTP traffic, which helps identify and block any potential SQL injection attempts and other malicious activities. Through customizable rules, WAFs detect specific attack patterns, providing an additional safeguard for applications.
In organizations facing challenges such as outdated code, resource constraints for testing, and frequent application updates, a WAF can be especially beneficial. Immediate code fixes aren’t always feasible for organizations, so WAFs enable virtual patching, which offers temporary protection against known vulnerabilities while allowing time for proper updates.
They can also log and alert administrators to suspicious activity, providing insights into potential threats and enabling timely responses.
6. Use Stored Procedures In the Database.
Implementing stored procedures can add a layer of protection by isolating the database from direct user interaction, reducing the risk of certain exploitations. Rather than executing SQL code directly on the database, the application triggers stored procedures, which then return the results. Stored procedures also require variable binding, which further enhances security by ensuring user inputs are handled appropriately.
However, it's important to note that stored procedures are not entirely immune to SQL injection vulnerabilities, especially if dynamic SQL generation is employed within the procedure.
7. Regularly patch and update your SQL Servers.
Keeping SQL Servers up to date with the latest cumulative and security patches is essential for maintaining security and system performance. Regular updates reduce vulnerabilities and enhance system stability, but it's critical to test these updates in a non-production environment before deployment to avoid compatibility or performance issues.
Automated tools like Windows Server Update Services (WSUS) can streamline the update process, though manual testing and troubleshooting remain key practices.
If patching cannot be prioritized immediately, deploy virtual patches on the WAF. These are compensatory controls that buy time for your team until they are ready to patch on code.
By staying current with patches and addressing potential issues proactively, organizations can minimize risks and ensure the ongoing integrity of their SQL Server environments.
8. Educate employees and developers on secure coding practices and attack prevention.
To further mitigate the risks of an SQL injection on your organization, it’s essential to demonstrate to developers the potential impact of SQL injection attacks on both the database and the application. Utilizing tools such as sqlmap or sqlninja can effectively showcase how easily SQL injection vulnerabilities can be exploited to extract data, execute commands, or perform other malicious actions on a database.
Lastly, providing real-world examples of SQL injection attacks that have led to significant data breaches, financial losses, or reputational harm can further underscore the risks.”
Takeaways
As we observe Cybersecurity Awareness Month, it's evident that the landscape of digital threats continues to evolve, demanding proactive measures from businesses.
The insights shared by our experts remind us that staying ahead of cyber risks involves a blend of technology, vigilance, and collaboration. From AI-enhanced attacks to legacy vulnerabilities, the challenges are real and growing. But with the right strategies, continuous education, and a commitment to robust defenses, we can strengthen our resilience against the ever-changing tide of cyber threats.
Cybersecurity is not just an IT issue—it's a shared responsibility that requires ongoing adaptation and awareness to keep our digital environments secure.
Subscribe to The CTO Club's newsletter for more cybersecurity best practices, tips, and tools.
