Story image

Keeping up with cybercrime

01 Oct 11

Dealing with malicious attacks on IT systems has unfortunately become an unavoidable feature of today’s business environment and the importance an organisation places on combating cybercrime, more often than not, dictates how effectively it is able to respond to an attack.
The Ponemon Institute recently released research, sponsored by HP, which surveyed 41 organisations across a number of sectors on the impact of cybercrime. The results showed a 45% increase in successful attacks compared with the previous 12 months, with the annual cost to companies responding to those attacks ranging from US$1.5 million to US$36.5 million.
Even without such a survey, the recent spate of high profile attacks publicised by the media should serve as a clear warning to organisations that security must become a priority.
A snapshot from just June to July 2011 shows reports of successful attacks on such names as Sony, Citigroup, the IMF, Sega, Gannet Co, The Washington Post, Booz Allen Hamilton and NATO.
Cost saving opportunities
While the Ponemon Institute’s study found detecting and recovering from attacks were the most costly internal IT activities faced by organisations, there was something of a silver lining. The Institute also identified significant opportunities for cost-savings if organisations adopted automated detection and recovery systems through modern security technologies.
The use of Security Information and Event Management (SIEM) solutions proved an effective tool for reducing the time taken to identify and address attacks, resulting in big cost savings and improved security.
SIEM solutions log the records generated by any and every device connected to a company’s network and analyse them to detect security threats. Such solutions are becoming more advanced and are able detect many discrepancies, at which time they either signal the administrators or simply block the perceived threat from gaining access. For example, if an employee number appears on the system trying to log into the VPN from Beijing, while they are also showing up as present at the company HQ in London, red flags will go up.
This early detection has been proven to mitigate the impact of cyber attacks substantially, increasing security and reducing the (not unsubstantial) costs associated with cleaning up after a breach significantly, as breaches are picked much earlier.
There is an even greater onus on organisations to place more focus on the importance of security to provide assurance to stakeholders, partners and clients.
By acknowledging the growing risk of cyber attacks, an organisation can then take steps to further boost protection. Simple actions such as identifying where an IT system is vulnerable, or the most common methods used to breach systems, enable a company to prioritise spending in those areas requiring urgent attention, ensuring the maximum return on investment.
However, this is easier said than done as there remains a reluctance among companies to increase investment of time and money toward security issues.
Among those 41 companies who responded to the Ponemon Institute survey, 67% reported an increase of successful attacks, but just 35% said there had been an increase to their investment in combating security threats.
A further 43% said their budget was ‘inadequate’ for managing such threats, preventing investment in either technology or skilled staff.
Developments in technology have allowed more company data to be stored online than ever before and the explosion of mobile devices has lead to the creation of new ways to access this data. Organisations cannot afford to ignore the risk of cyber attacks and as the attackers grow in number and sophistication security systems must be bolstered accordingly.
Put simply, it is not a curve you want to be caught behind. 

Kiwis make waves in IoT World Cup
A New Zealand company, KotahiNet, has been named as a finalist in the IoT World Cup for its River Pollution Monitoring solution.
Can it be trusted? Huawei’s founder speaks out
Ren Zhengfei spoke candidly in a recent media roundtable about security, 5G, his daughter’s detainment, the USA, and the West’s perception of Huawei.
Oracle Java Card update boosts security for IoT devices
"Java Card 3.1 is very significant to the Internet of Things, bringing interoperability, security and flexibility to a fast-growing market currently lacking high-security and flexible edge security solutions."
How SMBs can use data to drive business outcomes
With the right technology, companies can capture consumer, sales, and expense data, and use it to evaluate and construct future plans.
Survey shows that IoT is RoI across Asia Pacific
A recent Frost & Sullivan survey across Australia, Hong Kong and Singapore shows that IoT deployment improves business metrics by around 12%.
Sophos hires ex-McAfee SVP Gavin Struther
After 16 years as the APAC senior vice president and president for McAfee, Struthers is now heading the APJ arm of Sophos.
Security platform provider Deep Instinct expands local presence
The company has made two A/NZ specific leadership hires and formed several partnerships with organisations in the region.
Half of companies unable to detect IoT device breaches
A Gemalto study also shows that the of blockchain technology to help secure IoT data, services and devices has doubled in a year.