Put cyber-security risk on the agenda before it becomes the agenda
Scott Bartlett says it's time for Kiwi companies to get cyber-security on the agenda, before a breach puts it there by default.
It’s not difficult to find facts and figures that show just how risky it is doing business in the digital age.
It’s also not difficult to find examples of companies that have failed to take action on cyber-security threats, and have not put in place appropriate safeguards to protect their systems and information – and in many cases, the information of their customers.
It is for these reasons that the issue of cyber-security is rapidly becoming a boardroom issue. It’s time for Kiwi companies to get cyber-security on the agenda, before a breach puts it there by default.
The automation of attacks, the global nature of hacking and the ability of hackers to make cold hard cash out of their activities combine to make every business a target.
The fact of New Zealand’s geographic isolation, which has always been a factor for local business, is no protection from cybercrime. With more being done online than ever before, the possibility of falling victim to the multiplicity of threats presented by the internet is only increasing.
It is therefore necessary for every company to prioritise information security and take reasonable measures to ensure safety.
The 2014 TrustWave report reviewed 574 breaches across 15 countries and not only showed the low level of security in place, but also the high level of motivation for hackers.
The report revealed that despite the hype around information security, companies today are still lackadaisical in their approach.
Ninety-eight percent of applications tested had ‘serious vulnerabilities’ and 28 per cent of breaches were due to weak passwords – it’s a figure that goes up to 94 percent in point-of-sales breaches.
The value of data itself, which is routinely on-sold by hackers on the ‘dark net’, is apparent, with 50 percent of breaches involving the theft of personal or cardholder information.
What also stands out is the returns hackers earn through their activities. Estimates are they make some 1,425 percent on their ‘investment’. That’s an exceptionally powerful motivator which keeps hackers busy and targeted on their selected companies or organisations.
The automation that makes manufacturing, farming and services businesses in New Zealand highly competitive is just as popular in the clandestine world of professional hackers.
The work of the hacker is made infinitely more efficient with automated attacks, with bots crawling the web looking for vulnerabilities which they can exploit – and those vulnerabilities can be anywhere on the internet.
However, putting appropriate security measures in place doesn’t require the employment of highly trained specialists. Instead, companies concerned about their security posture – and would like to know just how well prepared they are to withstand an attack – can do so by engaging with a specialist managed services provider.
With penetration testing, information security is physically and virtually tested, including through the use of social engineering techniques.
By knowing where the weak points are, companies can improve their security posture to get the confidence of doing business online knowing that reasonable precautions are in place to mitigate the risks.
Companies that plan ahead are making information security a priority before it has the opportunity to turn in to a disaster.
Scott Bartlett is CEO of specialist telecommunications and media business Kordia New Zealand, which recently entered the specialist security consulting industry with the purchase of Aura Information Security.
April 6, 2016