The Internet of Things, brings many amazing opportunities, but also a higher risk that personal and commercial information will be misused, stolen or critical networks disrupted.
Cyber security is a matter of global significance that impacts us all. It requires CEOs to give strategic direction to safeguard the business' future.
The cyber landscape is ripe for attack – there is no doubt about it. Businesses both large and small are feeling the sting from both direct and indirect attacks by cyber criminals. Whilst the rapid adoption of technology such as social, mobile and other evolving trends is exciting, traditional perimeter security models grow weaker against an onslaught of advanced attacks.
IT teams have their hands full with resourceful cyber criminals that are growing in strength and sophistication – but, it is the role of Boards and CEOs to step up to the plate to govern technology and ensure the implemented defensive counter-measures are effective.
Let’s take a step back and compare corporate security to the security measures that protect your family home against targeted intrusion.
Whether your perimeter defence is as basic as a high fence and a guard dog, or as intricate as infrared motion sensor and alarm system the intention is consistent. These are the defences you invest time and money into, in order to secure your family and personal possessions you hold ever so dear to you. These defences protect the valuable assets those long nights at the office paid for.
These are the same foolproof defences criminals have evolved to evade and bypass over generations.
Just as the lock pick gun rendered the basic household lock useless and high-strength magnetic fields bypass door and window sensors – cyber criminals develop their own tools and exploits to bypass corporate defences. A successful attack can result in intellectual property loss, identity theft, cyber espionage and indirect losses like brand and reputation damage.
The harsh reality is – it’s not a matter of ‘if’, but ‘when’ an attack will happen.
Security perimeters can and will be breached. Even more worrying, just as leaving a spare key in a pot plant next to your front door or a window half way open for the inevitable moment you misplace your house keys; your business isn’t just susceptible to infiltration from outside your network – you are also liable to attack internally.
A recent study by Software Advice, reveals that 39% of employees open emails they “suspect are fraudulent or contain malware”, 53% of employees lack confidence in their colleague’s ability to “resist a phishing attack” and 61% don’t receive “ongoing security awareness training”.
Particularly worrying feedback considering this CIS study reveals 35% of data breaches occur due to human negligence – with the “average loss in value to the brand ranging from $184 million to more than $332 million”.
This study by Ponemon Institute reported the resulting cost of Cybercrime in Australia. A sample group of 30 organisations “experienced 47 successful attacks per week” at an annual average cost of “$4.3 million”. The average time it took to resolve a cyber-attack was “23 days” – an astounding disruption to business as usual.
The annual cost of cybercrime to the global economy is $445 billion per year.
A study recently conducted by Kaspersky, reveals a breakdown of costs absorbed by a breached enterprise. Particularly notable is downtime up to “$1.4 million”, reputation damage up to “$204,750” and lost business opportunities up to “203,000”.
We aren’t talking petty theft here – even global financial giants and their trusting customers have been heavily impacted.
Remember the global banks cybercrime scheme? A group of hackers stole an estimated $1 billion from banks in 25 different countries. How about the JP Morgan Chase debacle led by Russian Hackers that stole account data from 76 million individuals and 7 million small businesses?
Traditional defence is not enough – not against the large scale threats these bad guys are developing.
You wouldn’t give a criminal a head start to bypassing your personal security defences – why allow them access to your corporate network and customer’s data?
IT teams know it, and they’re struggling – barely able to keep their heads above water before they even get a chance to focus on “emerging threats” and targeted “social engineering exploits”, says Veracode Vice President of Research. These threats pose the “greatest danger” to organisations and require immense resources to defend all points of entry.
“Boards need to govern the enterprise – technology is no exception”.
IT industry veteran, Russell Yardley, directs blame at boards and CEOs during a recent ISACA keynote speech insisting, “Boards need to govern the enterprise – technology is no exception”.
It is the role of boards and CEOs to investigate, understand and engage with technology, just as they would with other business functions such as marketing and finance.
Boards and CEOs aren’t expected to be experts across all subjects. They do, need to govern “decisions around risky tech deployments”, question IT teams with their own unique perspective and monitor the effectiveness of counter measures for future decision making.
Your IT teams deserve strategic and informed top-down dialogue.
“In the end it is people that make things work, not technology”.
If there is any doubt about your company’s cyber security plans seek advice from a cyber security expert. There are several simple steps to begin to mitigate cyber risk that CEOs can implement that don’t required large financial outlay or even high-level IT skills.
Keep up to date on the latest security trends by subscribing to MailGuard’s weekly update or follow us on social media.