05 Mar 2018
In today's digital world, few issues will be as critical to business success as managing the threat of cyber attack. But, are we doing enough?
“Cyber threats are one of the fastest ways to paralyze a company today," says Tej Shah, Macquarie Capital Managing Director in the Technology, Media and Telecommunications group. “They can result in permanent damage to a company’s reputation, data, intellectual property, customers and financial health.”
In fact, a recent Accenture report found that the cost of a cybercrime varies significantly, but the average malware attack for businesses surveyed took $US2.4 million to rectify with an average web-based attack costing $US2 million.
The complexity of today's networks, connecting multiple devices and services that comprises email, websites, mobile devices and cloud data storage, makes businesses even more vulnerable to cyber attack because it provides intruders many points of entry.
Despite these risks, the rewards are also higher, including client or customer data, intellectual property, sensitive information and, in extreme cases, critical infrastructure assets.
Once they have breached a network, a cyber intruder can cause serious harm to a business, as well as nation states and governments. Because of this focus on preventing a cyber attack, Gartner projects global cyber security spending will reach $US96.3 billion in 2018.
Shah argues the number of vulnerabilities and the damage a hacker can cause means every organisation should operate under the premise that they have already been, or soon will be, compromised.
Over the past eight years there have been seven billion instances of identity theft
Symantec figures show the number of identities stolen globally reached 1.1 billion in 2016, almost double the previous year's figure of 563.8 million.
While the total number of data breaches globally has declined in recent years from 1,523 in 2014 to 1,209 in 2016, the number of breaches exposing more than 10 million identities increased from 11 to 15 over the same period, Symantec found.
“Maslow's Hierarchy establishes a basic need for safety and security among individuals. The same principle applies to corporations if they are to succeed and prosper.”
Shah says the emphasis is shifting from identifying and eliminating specific threats such as viruses, to a more holistic approach that contains and minimises the damage caused by a breach.
He argues large organisations need to build their own sophisticated cyber defence teams, particularly in sectors where the highest level of data breaches occur, such as services, finance, insurance, real estate and manufacturing.
But there is an acute labour shortage in the cyber security sector.
“The unemployment rate for cybersecurity specialists globally is zero and it will stay zero for some time," Shah says.
Shah believes automation will play an important role in guarding against cyber threats, protecting a business' assets without disrupting its operations.
“Wherever there are people involved there is lag time," he says. “Automation won't eliminate people from the cyber security process but it will act as a filter so they can be more productive. One thing I think we'll get much better at is working out whether particular behaviour warrants shutting down a whole system."
Blockchain may also be a useful tool, particularly in its ability to limit one of the greatest cyber security challenges: identity theft.
"Over the past eight years there have been seven billion instances of identity theft", Shah explains. "That's nearly the population of the entire planet."
Research and advisory company Gartner projects global cyber security spending will reach $US96.3 billion in 2018, showing businesses are more focused than ever on preventing cyber attack.
Shah says all businesses should have a comprehensive approach to cyber security that starts at the board level and flows through the entire organisation.
“It's not just having the most advanced software technologies such as AI and machine learning; it's not just training; it's not just the employees. It's not even a combination of all three," he explains.
“What it ultimately comes down to is having a strategy in place that ensures you're well placed to defend any attack and react quickly. Otherwise, your business will be under threat."