The World’s Third-Largest Economy Has Bad Intentions — and It’s Only Getting Bigger

Move over, Japan and Germany. The global cyber crime economy – a $9.5 trillion behemoth – represents the world’s third-largest economy by GDP, according to Cybersecurity Ventures, trailing only the US and China. Populated by bad actors, the World Economic Forum describes it as “the dark underbelly of the digital era.”

Although these cyber criminals are scattered around the globe, they form a well-oiled franchise in aggregate, with ransom money paid by victims and distributed into the recruiting, R&D, ransomware negotiations, bitcoin laundering, and malware and encrypter development that enable the next attack. Corporations are stuck in the middle of this unvirtuous circle, and the large-scale migration of workloads to the cloud has increased the surface area for attacks, compounding the risk.

Check Point’s 2023 Cloud Security Report, a survey of 1,052 cyber security professionals, found that 39% of respondents ran more than half of their workloads in the cloud; a year from now, that figure is expected to reach 58%. Multi-cloud environments are becoming more common, with 72% of respondents using at least three separate solutions to configure their cloud policies, while 26% of respondents used 20 or more security solutions.

Relying on the native security tools provided by cloud service providers (CSPs) is insufficient, as these basic solutions aren’t tailored to automatically protect a company’s critical workload across the enterprise – and patchwork, off-the-shelf systems do not deter hackers.

When workloads are dispersed across multiple clouds, and “shadow IT” teams deploy new projects without security team awareness, the difficulty of safeguarding workloads increases dramatically.

“The minute you have unknown cloud deployments creating variables that should be protected by your security program but aren’t, you’re introducing risks,” says Pete Nicoletti, Global Chief Information Security Officer, Americas, for Check Point Software. “When you don’t have awareness of an issue that should be in your risk register – with an appropriate compensating control – it makes you more vulnerable.”

The $9.5 trillion “profit” realized by cyber criminals has to come from somewhere. Nearly one-quarter (24%) of organizations surveyed for the 2023 Cloud Security Report said that they’d experienced a public cloud-related security incident in the previous 12 months. Not even governments are safe: In 2023, a China-based espionage group infiltrated multiple agencies in the US and Western Europe, forging authentication tokens to hack into email accounts. The CSP only learned of it when they were notified by a client: the US National Security Council.

Earlier this year, Microsoft revealed that the state-sponsored Russian organization Midnight Blizzard used a password spray attack to compromise email and corporate systems. Microsoft recently stated that the group has used “information initially exfiltrated from our corporate email systems to gain, or attempt to gain, unauthorized access” to source code and internal systems.

High-profile breaches like these are a reminder that the bad guys are getting better and native CSP tools are not good enough. “The minute they scan and spot something unprotected, like a default password in use or an unpatched application or OS, they’re going to attack it,” Nicoletti explains. “It can be compromised in seconds.”

Security professionals are aware of these risks, obviously, but the speed of business often leads to sloppiness. In the race to support business initiatives, security teams are often left out of the review process, leading to business units leveraging the cloud without looping in the security department.

Such shadow IT efforts result in exposed data. “You can’t deploy workloads and corporate data on the cloud that is not immediately protected,” Nicoletti says, emphasizing that “advanced tools exist to not only identify but automatically protect new workloads in seconds.”

Cloud security programs and policies are most effective when all of a company’s security systems – email, data center firewalls, endpoint protection, virtual firewalls – can be viewed on one dashboard that offers a single source of truth.

“It should easily extend the same firewall rules and policies that you use on your headquarters’ firewalls, and use the same workflow process, the same runbooks and easily support forensics,” says Nicoletti. “This also optimizes incident management.”

Security staff are more productive and make fewer errors when a single security console is used, and this approach can save the enterprise money in licensing, training and certifications while improving job satisfaction and reducing turnover. Other benefits of advanced cloud security tools include their ability to successfully manage threat feeds, and their rapid response to zero-day malware threats, against which countermeasures are automatically deployed.

A comprehensive platform, such as a cloud-native application protection platform (CNAPP), can provide visibility of an organization’s entire cloud infrastructure across multiple providers, securing applications from development to production, while providing peace of mind. Indeed, 90% of respondents surveyed by Check Point’s Cloud Security Report consider a single dashboard – a streamlined view that helps mitigate risk and identify operational efficiency – to be helpful.

“Check Point can be the backstop for all of these different vulnerable environments and products that are out there,” says Nicoletti. “You used to only need one security vendor, but in the case of vulnerable CSPs, and other vulnerable security vendors, you need to be watching the watchers and implement a prevention-first mindset.”