The cyber risk landscape continues to evolve at an alarming rate. Cyber adversaries are leveraging new technologies to innovate powerful malware variants and new hacking techniques. On the other hand, a pervasive cybersecurity talent shortage hampers organizations’ efforts to secure their critical infrastructure and data from attacks. However, companies can mitigate the chronic shortage of knowledgeable cybersecurity professionals by prioritizing talent, expertise, and experience over the traditional hiring practices, including those that require minimum educational qualifications.

E-commerce platforms and sites are hot targets for attacks and breaches since cybercriminals consider them as treasure troves of financial, personal, and business data. Regardless of the business size, a breach of an e-commerce platform can cause huge financial losses by destroying customer trust, lawsuits, and stolen data. eCommerce businesses are mindful of the security issues facing them and have increased spending on security measures. A 2020 VMWare Carbon Black Cybersecurity Outlook Report revealed that 77% of companies included in the study have invested in new security measures, whereas 69% have hired more security personnel.

"For every lock, there is someone trying to pick it, or break it." - David Bernstein

One of the biggest problems with traditional user ID and password login is the need to maintain a password database. Whether encrypted or not, if the database is captured it provides an attacker with a source to verify their guesses at speeds limited only by their hardware resources. Given enough time, a captured password database will fall.

As processing speeds of CPUs increase, brute force attacks have become a real threat. GPGPU cracking can produce more than 500,000,000 passwords per second even on lower end gaming hardware. Depending on the software, it can take as little as 160 seconds to crack a 14-character alphanumeric password. A password database alone does not stand a chance against such methods when it is a real target of interest.

“The knock-on effect of a data breach can be devastating for a company. When customers start taking their business—and their money—elsewhere, that can be a real body blow.” – Christopher Graham

In January 2021, we witnessed the largest ransomware demand in history: the $50 million ransom demand from Acer by REvil gang. Although the actual amount paid will be considerably less then the original demand it is still extremely lucrative for cybercrimals.