There’s much talk about how automation and gamification are changing trucking. But could those two trends also be poised to change how the freight business and other industries defend themselves against cyberattacks?
That’s what cybersecurity firm McAfee thinks, based in part from the findings of a new report it compiled called Winning the Game. That study indicated that “concerted efforts” to increase job satisfaction, automation in security operations center (SOC) facilities and “gamification” in the workplace are key to beating cybercriminals at their own game.
“With cybersecurity breaches being the norm for organizations, we have to create a workplace that empowers cybersecurity responders to do their best work,” noted Grant Bourzikas, chief information security officer at McAfee. “Consider that nearly a quarter of respondents say that to do their job well, they need to increase their teams by a quarter, keeping our workforce engaged, educated and satisfied at work is critical to ensuring organizations do not increase complexity in the already high-stakes game against cybercrime.”
And the landscape for cyberthreats is growing, both in complexity and volume, noted McAfee. According to its survey of 300 senior security managers and 650 security professionals in public-sector and private-sector organizations with 500 or more employees in the U.S., U.K., Germany, France, Singapore, Australia and Japan, 46% of respondents believe that in the next year they will either struggle to deal with the increase of cyberthreats or that it will be impossible to defend against them.
Further complicating the dynamics of the competition between security responder and cybercriminal is the cybersecurity skills crisis as respondents to McAfee’s poll believe they need to increase their information technology [IT] staff by nearly a quarter (24%) to manage the threats their organizations are currently facing, while 84% admit it is difficult to attract talent and 31% say they do not actively do anything to attract new talent.
And this isn’t about putting smiley-faces on IT workers, either, as cyberattacks are having a significant and growing financial impact on businesses worldwide. According the Cost of Cyber Crime study conducted by consulting firm Accenture and the Ponemon Institute, the average cost of cybercrime globally climbed to $11.7 million per organization, a 23% increase from $9.5 million reported in 2016, and represents a “staggering” 62% increase in the last five years, the report noted.
In comparison, companies in the U.S. incurred the highest total average cost at $21.22 million while Germany experienced the most significant increase in total cybercrime costs from $7.84 million to $11.15 million.
That study, which polled 2,182 security and IT professionals in 254 organizations worldwide, uncovered a variety of disturbing cybercrime trends:
- On average, companies suffered 130 breaches per year in 2017, a 27.4% increase over 2016 and almost double what it was five years ago. Breaches are defined as core network or enterprise system infiltrations.
- Companies in the financial services and energy sectors are the worst hit, with an average annual cost of $18.28 million and $17.2 million respectively.
- The time to resolve issues is showing similar increases. Among the most time-consuming incidents are those involving malicious insiders, which take on average 50 days to mitigate while ransomware takes an average of more than 23 days.
- Malware and Web-based attacks are the two cyberattack types that inflict the most damage, with companies spending an average of $2.4 million and $2 million respectively to recover from them.
Of the nine security technologies evaluated, the highest percentage spend was on advanced perimeter controls, yet companies deploying these security solutions only realized an operational cost savings of $1 million associated with identifying and remediating cyberattacks, suggesting possible inefficiencies in the allocation of resources.
Among the most effective categories in reducing losses from cybercrime are security intelligence systems, defined as tools that ingest intelligence from various sources that help companies identify and prioritize internal and external threats, the report found
They delivered substantial cost savings of $2.8 million, higher than all other technology types included in this study. Automation, orchestration and machine learning technologies were only deployed by 28% of organizations – the lowest of the technologies surveyed – yet provided the third highest cost savings for security technologies overall at $2.2 million.
The Accenture/Ponemon study also identified four “main impacts” on organizations from cyberattacks: business disruption, loss of information, loss of revenue and damage to equipment. The most damaging of those today is loss of information, mentioned by 43% of organizations represented in the study. In contrast, the cost of business disruption, such as business process failures following an attack, has decreased from 39% in 2015 to 33% in 2017.
“The foundation of a strong and effective security program is to identify and ‘harden’ the most-high value assets,” noted Larry Ponemon, chairman and founder of the Ponemon Institute. “While steady progress has been made in improving cyber defense, a better understanding of the cost of cybercrime could help businesses bridge the gap between their own vulnerabilities and the escalating creativity – and numbers – of threat actors.”
OK, so back to the original question: how can automation and gamification help counteract the costly growing threat posed by cybercrime?
On the automation front, by pairing human intelligence with automated tasks and putting human-machine teaming in practice, automated programs handle basic security protocols while practitioners have their time freed up to proactively address unknown threats. According to McAfee’s poll:
- 81% of IT professionals believe their organization’s cybersecurity would be safer if it implemented greater automation
- A quarter say that automation frees up time to focus on innovation and value-added work
- Nearly a third (32%) of those not investing in automation say it is due to lack of in-house skills
In terms of gamification, which is the “concept of applying elements of game-playing to non-game activities,” using exercises such as hackathons, capture-the-flag, red team-blue team or “bug bounty programs” help boost awareness of cybersecurity issues and hone skills to deal with them. are the most common, and In fact, respondents who report they are extremely satisfied with their jobs are most likely to work for an organization that runs games or competitions multiple times per year.
- More than half (57%) report that using games increases awareness and IT staff knowledge of how breaches can occur
- 43% say gamification enforces a teamwork culture needed for quick and effective cybersecurity
- Three-quarters (77%) of senior managers agree that their organization would be safer if they leveraged more gamification
- Almost all (96%) of those firms that said they use cybersecurity gamification in the workplace report seeing benefits.
To address the shortage of skilled cybersecurity workers, McAfee’s report findings suggest that gamers, those engaged and immersed in online competitions, may be the logical next step to plugging the gap. Nearly all (92%) of respondents believe that gaming affords players experience and skills critical to cybersecurity threat hunting: logic, perseverance, an understanding of how to approach adversaries and a fresh outlook compared to traditional cybersecurity hires.
Indeed, more than three quarters (78%) of respondents say the current generation entering the workforce, who have been raised playing video games, are stronger candidates for cybersecurity roles than traditional hires.
Things to consider as the cybersecurity threats facing trucking aren’t going to diminish anytime soon.