Cyber crime is costing businesses, and not just in terms of the bottom line. Compliance infringement is hugely expensive, made doubly so by the fact that compliance is hard to achieve, as many data breaches can be due to third party blunders. It is also quite a juggling act to keep up with regulatory and compliance requirements on a local, regional and industry level.
In addition, should a breach occur, an organisation’s reputation can suffer serious damage. It is hard to quantify the cost of damage – it could be in the share price taking a knock, loss of trust among customers, or a decline in new business.
Actual monetary loss comes in many forms too, with the average cost of a breach in the millions, not to mention the cost of mitigation and investigation of the breach.
Businesses need to be a step ahead of cyber criminals, and a step ahead of attacks and breaches. They need to be agile, prepared and ready to react quickly to the risks to avoid these losses.
Unfortunately, avoiding a breach is highly difficult, if not impossible. Businesses rely on technology and connectivity to function, and to share information – the currency of the new economy. The world is constantly changing and evolving, and businesses must too, or they will get left behind.
However, as business evolves, so does cyber crime. These criminals are ever more sophisticated and cunning, and adapt their schemes to the prevailing trends, to widen their nets.
John Mc Loughlin, MD of J2 Software, discusses some of these trends, and how they are driving new thinking around traditional security protocols.
‘Always on’ connectivity has become essential to doing business today, he says.
“However, in a world that relies on the ‘Internet of things’ in which everyone and everything are connected, companies are exposed to a lot of risk. Security for today’s entities goes way beyond worms and viruses. Threats are far more advanced, sophisticated, and employ a myriad attack vectors that weren’t even considered an option a few years ago. They are also unpredictable, and security practitioners know it is impossible to secure everything.”
In addition, issues such as consumerisation and BYOD, cloud, social media, and advanced threats, are driving the need for solutions that address the flood of new vulnerabilities that come hand in hand with these issues, he points out.
Moreover, the challenges faced by security professionals in dealing with these issues are complex. All these issues require decisions that have an associated risk – all business decisions carry risk, and businesses need to make decisions based on an understanding of that risk, and the associated potentials and consequences.
“Think of the tidal wave of personal devices that are entering the workplace – many of which are used to perform business tasks, and store business information. How does IT now control network access, permissions, identity – and security, of these devices? This is far more difficult than in the past, where a distinct line was drawn between business and personal devices, and most employees were office bound,” says Mc Loughlin.
Now, he explains, many employees are working from home, and on the go, while they are away on business trips, or out of the country. With their mobility, data too, becomes more mobile than ever before, and therefore harder to control. It’s become a question of securing data across a multitude of devices, in many different locations. This is a tall order by any standards.
Cloud is another issue that must be addressed. The benefits are numerous and well publicised. Cost savings, ease of use, pay for what you use, reduced capital outlays – all of these benefits have made cloud an attractive proposition, and a must-have on some level for all organisations. However, there are huge risks too. These vary with public, private and hybrid cloud – but issues of data residency, privacy, transaction integrity – all of these issues affect the company itself, and the cloud provider, and their supply chain.
Social media is also proving a hotbed of security issues, says Mc Loughlin.
“The amount of personal data that people share willingly, alongside the social network’s ability to aggregate that data, makes the unintentional exposure of sensitive data far easier. It has also given rise to social engineering, phishing and spear phishing, which are the means by which many successful breaches have succeeded. Only businesses who understand these trends, and the associated threats and risks will be able to effectively address them.”