Cyber Security has risen in importance in recent years. We read every day in the media of the latest cyber exploit, and these are only the ones that are reported. It is rumoured that many ransomware attacks are quietly settled with a payment rather than live the reality of the damage to their business reputation by admitting to the successful attack.
Here are some things that you need to take into consideration when assessing your security environment.
The scale of the problem
Cybercrime will cost the world about $US 6 Trillion per year by 2021. It was $US 3 Trillion in 2015. This is greater than the trade of illegal drugs worldwide.
The direct effects include data and IP theft, theft of money and embezzlement. Indirect costs include reputational harm, loss of productivity during systems recovery and restoration and the costs of an investigation into how it happened and plugging the leak.
In 2016 alone, personal and financial information from over one billion accounts worldwide were stolen or otherwise abstracted.
It’s not just big business, over 40% of all cyber-attacks are aimed at small business. Besides, 95% of all breached personal information came from three industries; government, retail, and technology.
Some commentators further refine it to Financial Services, Healthcare, and Government.
If you operate in any of these areas, and particularly if you are a small business, you need to take security seriously.
It is commonly thought that most hacking takes place from an external source. That is patently untrue. The FBI considers that most hacks come from an internal source, either deliberately or by a user mistake. Some commentators put it as high as over 90%.
Common mistakes are responding to phishing emails or leaving unattended desktops in open areas operational and unsecured.
Having said that, large scale DDOS attacks increased by 500% in 2018.
As pointed out above, the three most likely candidates for a hacking attack are healthcare, financial services, and public services. This is now spreading to any business that offers online purchasing and which retains customer financial data.
There are some surprising places where data is stored, for example, Facebook and Google allow inline purchases and retain credit card details. Both have been hacked and data were stolen.
Security breaches by Employees
The FBI reckons that most data breaches are a result of user action or inaction. It can be inadvertent or deliberate, but the result is the same. One method is to use flash drives to copy confidential information and remove it from the site or introduce malware to the corporate network. A more recent variant is to use offline cloud storage like One-Drive and Dropbox to copy information that can be accessed from outside the organisation.
In financial services, account management is a definite area to be monitored. Wells Fargo suffered heavy losses because of insiders creating fake loan accounts for existing customers.
You need to keep your security team and all users educated on security matters and keep them up to date. You also need a policy on the use of removable media and offline storage.
Have you already been hacked?
The ideal result for a thief is to break in, steal the information and get out again without being detected. This gives them time to use the data or to sell it on to a third party.
Though it might be difficult to believe, most companies take up to six months to detect a data breach.
Take Cyber Security Seriously
Like training, cybersecurity is often an afterthought and is the first to be trimmed when the budget is under strain. This should not happen. The effects of a serious attack could kill the company.
You need a cybersecurity plan, incident response plan, and comprehensive education and training programme for all employees.
Are Cryptocurrency and Blockchain the answer?
No. Crypto crime is a booming industry. It is predicted that by 2021 over 70% of all cryptocurrency transactions will be for unlawful activity.
Currently, there is a seeming lack of emphasis on security in business and this needs to change. The IBM CEO has said that “Cybercrime is the greatest threat to every company in the world”.
Take it seriously.