Daniel Weis, our Lead Penetration Tester and Head of Security Services was honoured to be involved in a series of cyber security vlogs for The CEO Institute. Below is the part 1 of the series titled ‘Why We Need IT Security‘.
Daniel Weis, Lead Penetration Tester and Head of Security Services at Kiandra IT
Why do we need IT security? In today’s modern world, IT security is paramount. New attacks occur every day, [and] they come from any number of different sources. We need IT security to identify the threats to our businesses and to eliminate risks, and of course to eliminate those threats as well. For compliance reasons, a lot of companies now need to comply with all sorts of different compliance requirements and of course to instil confidence for your clients, for your customers.
For availability and data security reasons – and because of the rapid growth of hacktivism and these anonymous type hacking groups as well – we face a whole bunch of challenges when it comes to IT security, like internet environment complexity and new technologies, new threats, and new exploits that seem to be coming out every single day.
There’s always a limited focus on security, generally speaking, [and] those onsite IT guys have limited security expertise. They don’t have the expertise necessary to accurately defend an organisation from attackers. Limited funding is of course another hurdle, and unreported incidents. We know a lot of companies don’t report that they’ve been hacked, because either they don’t know or because they’re scared of the effects on the company’s reputation.
If we look at some of the stats for last year, we saw around 4.2 billion breached records last year. We also saw around 4,100 reported breaches. This equates to around about 79 breaches per week being reported. We saw 1,093 breached incidents in the U.S., 44 major breaches here in Australia, and – of 52% of those breaches – the amount of those records that were compromised was unknown, which means a lot of these organisations actually have no idea how bad the hack was or is.
If you look at the Ponemon Cost of Cybercrime study, it shows us that the average cost for an Australian business who gets hacked is anywhere from around about the $900,000 mark anywhere up to $6.6 million. The average you can expect to pay if you get hacked being around the two and a half million dollar mark.
So if we look at some of the stats for this year, this year’s been one of the worst years on record when it comes to cyber attacks. Looking at the stats going up to July this year alone, we already saw 940+ reported breaches and around three billion+ breached records. We’re actually up around the seven or eight billion mark now.
We’ve also seen a massive increase in state sponsored attacks, particular China, Russia and North Korea. We also saw the WikiLeaks Vault 7 leaks that got released this year. The Vault 7 leaks were basically a collection of around about 8,700 classified CIA documents. They outlined all their details about their different hacking and spying operations; everything from the different malware and viruses and tools through to all the different extensive documentation that they had as well.
This gave birth to these new Ransomware campaigns you probably all heard about – the WannaCry and Petro Ransomware campaigns. They’ve disseminated the world. They’ve compromised around 400,000 machines, across about 150 different countries. In 2017, a company is hit with Ransomware on average every 40 seconds, with a global cost from Ransomware this year expected to exceed around the $5 billion mark.
We also know that 53% of all email globally is now spam or spear phishing related, and there’s those other big hacks that we hear about in the news, like Bupa, River City Media, Zomato, Daily Motion … there’s all these different hacks that happen and, of course, various Australian hospitals and government departments as well.
Because of the massive increase in the cyber landscape and all these new attacks coming out every single day, it’s now no longer a question of if you’ll be hacked – it’s now a question of when it’s going to happen.