Enterprise security firm Radware released its Global Application & Network Security Report this week, and the analysis is pretty dark: More than 90 percent of companies reported having experienced a cyberattack in 2015, the research found, despite the majority considering themselves to be either extremely or very well-prepared to protect themselves against such an occurrence.
The disconnect could lie in corporates’ misunderstandings of how cyberthieves operate. That’s why PYMNTS spoke with Radware VP of Security Solutions Carl Herberger. He shed light on the corporate-minded strategies of cybercriminals in today’s digital, interconnected market.
“The thing that can be said for people who are targeting companies is that they don’t need to target the overall company; they can target just a little piece of the economic infrastructure,” explained Herberger.
It’s a strategy that points to the role of the B2B relationship in cyberattacks on corporations.
When considering this, what might first come to mind is the business email scam, a type of phishing scheme that sees a cybercriminal posing as a legitimate supplier and demanding payment for a fake invoice from a company.
“Without a doubt, it’s a very old problem,” the Radware executive said of this type of crime. “Business relationships or preferred providers are a well-known avenue for attack.”
But the concept of infiltrating a corporation via its B2B relationships is far more expansive in today’s ecosystem than just business email scams. Herberger pointed to several high-profile instances in which it appeared, from the outside, that hackers were targeting a major corporation.
Target, for example, fell victim to its infamous 2013 data breach because hackers successfully carried out an email scam on one of the retailer’s heating and ventilation vendors that had access to network credentials.
Similarly, when The New York Times website went down, also in 2013, it occurred because hackers targeted the publication’s IT supplier — not NYT's data centers themselves, said Herberger.
“The organizations receiving these attacks can’t really stop the attacks because they need this [business] relationship,” he explained. “It’s something people don’t really spend a lot of time thinking about: What would I do if I can’t use this relationship?”
The strategy of targeting B2B relationships has clearly proven effective, and according to Radware’s latest research, these crimes are not only on the rise but they’re becoming more sophisticated, too.
“It is no longer realistic to believe humans can deploy detection technologies and choreograph threat responses in real time,” the company said in a press release announcing the report earlier this week.
That’s because, as Herberger elaborated, these B2B partnerships are now going digital, too.
“What’s happened is many companies have moved online, automated, centralized and provided for quick provisioning. That, essentially, smoothes out operations,” he said. “But what they’ve essentially done is increase their requirement to be up and available, for their businesses to always be on. And, in so doing, they’ve actually inversely taken on a lot of risk.”
What that means is that businesses that are becoming more technologically advanced — automating systems, like AP and invoicing, connecting into supplier portals and using third-party accounting and banking services — are increasing their exposure to cyberthreats.
“If your economic infrastructure is all electronic, I can take you down and keep you from operating,” Herberger said.
[bctt tweet="'If your economic infrastructure is all electronic, cyberthieves can take you down.'"]
This is an issue for all industries, too. Radware found two sectors that are particularly vulnerable to cyberattacks — and for very different reasons. The education industry, Herberger explained, can be easily infiltrated because it does not often have the money and resources to protect against and prevent attacks. The hosting sector, on the other hand, often has the resources to protect against these threats; however, the industry tends to protect itself on the outside, leaving internal operations prone to hacks.
And, said Herberger, corporate cybercrime will likely continue to rise. Whether perpetrators target a business for reasons of crime, hacktivism, espionage or warfare, the strategies they are using are, unfortunately, successful.
“There is strong evidence that this stuff works,” he said. “People should expect more of what is, essentially, effective.”