The $6 trillion Cyber Crime Industry and why we should be flossing
CyberCrime is a $455bn/year industry and will be worth $6 trillion by 2201 1
If that does not worry you, then think about this… In a study last year of 1500+ NEDs and Executives, it was found that:
98% of business leaders are not confident that their organisations can monitor all devices and users at all times, 2 and worse,
40% of these business leaders did not believe that they would be responsible for the repercussions of a cyber-attack.2
Indeed, the World Economic Forum has identified data fraud/theft as the 5th most significant global risk in terms of likelihood. 3
On the IoT side, there will be some 200 billion devices (including 90% of cars4) connected by 2020, however Gartner 5 advises that 25% of identified attacks against Enterprise will involve it (IoT). Further, >85% of senior IT execs believe that 50% IoT devices will not be secure.6
So yes, data breaches and security are significant…
2 years ago, IBM’s Ginni Rommety stated that “cybercrime, by definition, is the greatest threat to every profession, every industry, every company in the world”.7 This is still true today.
Ransomware has increased by some 600% in the last 12 months (supported by a 789% rise in phishing campaigns) and the Herjavec Group estimates that this will accounted for circa $1bn paid in 2016 as ransom payments to regain access to hacked systems and data. 8
This figure is just one small piece of the puzzle and does not include the costs to identify, contain or respond to cyber-attacks — for example, the changing legislation in Europe (GDPR)9 and Australia (NDB)10 demonstrates the regulatory significance of data breaches. Nor does this include the reputation and brand damage incurred as a consequence of the breach, or the stock market / valuation drop that would come as a result.
Hopefully this paints a picture (albeit a rather dark one), of the very real risks that need to be addressed… so what can we do?
Well, this is where flossing comes in.
In their recent Cyber Security podcast 11 Chris Veltsos and Paul Ferrillo describe some of the practical tools that can be implemented to mitigate against the inevitable attack and data breach — there is a 27.7% chance that your company will have a recurring material data breach within the next 2 years.12
Cyber Hygiene is critical
Just as we all wash our hands, brush our teeth and (usually.. ahem) floss.
As Veltsos and Ferrillo said, Brush, Floss, Rinse, Repeat. A lack of basic hygiene, or doing the IT Security basics right, will lead to significant problems; This lack of hygiene underpinned much of WannaCry’s “success”.
To put it a different way: A few thousand dollars of flossing will save millions of root canal surgery
Audit and Response Planning underpinned by effective Internal Communication
In many instances, there can be a perception gap between the IT executive and the Directors of a company.
In planning, Boards need to know the right questions to ask their IT execs and the Execs need to ensure that they communicate in plain language and in numbers, about the risks and their impacts.
Clear internal communications are critical so that every employee and contractor needs to know their role and accountabilities.
Incident Response is the subject for another article, but a well-prepared and rehearsed plan is essential.
Corporate-Cultural Transformation
Companies include People, Product and Process. People come first for a reason… Cyber Security is everyone’s responsibility, but it must be led from the top and this may require Board-level education.
Corporate Culture change and alignment to the Board’s new vision for future cyber safety is not a fire and forget either, but needs reinforcement, training and regular revalidation.
As Tanium and Nasdaq reported, a corporate culture of Vigilance, Openness and Innovation are critical to longer term security in a dynamic digital environment. 2
About Growth Hack
Growth Hack helps to bring Industry and Innovation together; bridging the gap between disruptive technologies and agile leaders. www.growth-hack.com.au
We hope you enjoyed this article — we’d like to know your thoughts and comments on the above, and please feel free to share.
References:
1 — https://cybersecurityventures.com/hackerpocalypse-cybercrime-report-2016/
3 — http://reports.weforum.org/global-risks-2017/
4 — https://iot.telefonica.com/blog/90-of-new-cars-will-be-connected-by-2020
5 — http://www.gartner.com/newsroom/id/3291817
6&7 — https://www.herjavecgroup.com/wp-content/uploads/2016/08/Hackerpocalypse.pdf
10 — https://www.oaic.gov.au/engage-with-us/consultations/notifiable-data-breaches/
11 — https://soundcloud.com/securityintelligence
12 — https://www-01.ibm.com/common/ssi/cgi-bin/ssialias?htmlfid=SEL03130WWEN