By Craig Richardson, CEO of Wynyard Group
Craig believes there are two sorts of organisations: those that have been hacked, and those that have been hacked and don’t know it yet. Every organisation has been compromised but most don’t discover it for months. It is now a question of how to have holistic and complete management of the risks, rather than a belief that you are secure because you have updated your anti-virus software.
The internet was originally developed as a way for U.S. research scientists to communicate with each other. Almost 50 years on it is now an integral part of society, used to control critical infrastructure systems like electricity, nuclear power and hospitals all over the world.
However, alongside the huge opportunity the internet presents to us, there is also great risk attached. The cyber-threat landscape is wide, sophisticated, dynamic and growing, with criminals constantly looking for new ways to manipulate the internet and use it for illicit activity. From organised criminals targeting financial services organisations, state-sponsored theft of trade secrets, and terrorists targeting critical infrastructure, no company is immune to cyber-attacks.
Traditional IT perimeter defence is no longer sufficient to keep an organisation safe. Organisations face extremely sophisticated intruders who continually change the means by which they penetrate into, and conceal their work within networks, as well as insiders who abuse their access rights to manipulate and steal data. Cyber-crime cannot be prevented at the perimeters of today’s large, complex and global networks, and companies need to abandon the illusion of 100 per cent IT security.
If a company has something of value to the attacker, such as personal customer information or intellectual property, it is likely they have already been attacked. Just being connected to the internet makes an organisation a target, but having vulnerable systems heightens the risk considerably. The increasingly sophisticated practises of cyber-criminals have rendered traditional perimeter defences including proxy, firewall, VPN, antivirus and malware tools, inadequate to protect against attacks. These capabilities protect against known threats but today’s cyber criminals can conquer these defences in minutes. Companies now need to detect threats inside the firewall and as they develop.
The risks to governments, businesses and citizens is growing and significant. Late last year, Target Corporation, the second largest discount retailer in the U.S., suffered a huge security theft that compromised around 40 million credit/debit cards. Target’s stock fell almost 14% in a couple of months after the news surfaced. The news of a large security theft also impacted consumer sentiment, dragging profits down by 46% year-over-year in 2013. The retailer has incurred cumulative expenses of $146 million in data-breach related expenses since the news broke, reflecting total expenses of $236 million.
Could Target’s loss of reputation have been stopped with quicker detection of the breach? If the alarm had been raised earlier it would have given the company valuable time to respond, investigate any unusual activity to counter attacks and reduce the impact.
Despite the fact that cyber-threats are an ongoing problem that can never be fully eradicated, it can be successfully and effectively managed. Information-driven cyber intelligence allows organisations to assess, manage and minimise the risks of cyber-crime. By identifying cyber threats and assessing the vulnerability of critical assets and operations it puts organisations in a stronger position to identify ways to reduce those risks. In this way organisations are better prepared to plan for the consequences of an attack and can better manage and minimise the risk of this occurring.
An information-driven cyber risk approach means that threats can be identified much earlier, enabling organisations to counter attacks swiftly to preserve their data and protect customers and reputations. This is essential considering that, on average, it currently takes around 230 days before a breach is detected. By this time the damage has been done and in some cases it’s irrecoverable. If an attack was detected within the first three days, the consequences would be significantly reduced. Responding quickly when an alarm is sounded is essential to prevent the compromise or loss of critical information. It provides valuable time for an organisation to understand a situation, stop the danger from spreading and manage the outcome.
The prevalence and increasing sophistication of attacks does not mean that organisations should stop investing in multiple layers of security. But it does mean that higher and stronger fences to defend against cyber-attacks should be accompanied by smart tools inside those barriers – analytics that can detect, identify and manage cyber-risk to quickly mitigate potential threats and stop attackers early on.