Cyber security by the numbers
More than half a million businesses were victims of a cyber attack last year. Scarier still, just one of your employees need to be deceived by a hacker to gain access to the entirety of your business’ data. Join us as we look at the latest data on cyber attacks.
We’ll begin with a brief trip down memory lane, to the case of shopping giant Target being targeted by hackers. Unauthorised hackers gained access to the data of seventy-million Target customers, including credit card details. Target took a $890-million hit the day that the news went public, paid $20-million in fines and spent another $100-million on IT improvements to make sure something like that never happened again. All in all, Target took a near $1-billion hit to its bottom line in the aftermath of a cyber attack, and we simply can’t stand the thought of that happening to your business.
In light of this, we’re going to take you through some of the numbers of cyber crime, and address some of the things you can do to make sure your business is better positioning itself in the fight against hackers, rather than painting a bullseye for hackers.
The most commonly-attacked and targeted industries of cyber crime remain service, retail, financial, wholesale and communication industries; a fairly wide scope. According to a recent study large institutions are often targeted most, in spite of the fact they have more resources to combat cyber attacks. The study also found that firms that had previously implemented a management committee to oversee security efforts were less likely to be targeted. Through analysing data breaches spanning 2005-2014, the study also says the average equity value lost in the days immediately after an attack stood at an eye-watering $600-million.
Firms - regardless of their size - saw an immediate drop in their sales and growth following an attack, the result of the loss of customer trust toward their brand.
In the context of smaller-to-medium-sized enterprise, cyber-security giant Norton published a study that shows a growth in the rate of cyber crime in the Australian context. “One-in-four Australian small businesses have fallen victim to cyber crime… up from one-in-five in 2016”. This is particularly ominous when you consider the fact that, according to Norton: “More than a third of business operators (37%) don’t think they would last one week without access to critical information… Australian small businesses backing up their data was at 26% in 2016, and while it increased to 32% in 2017, this is still too low, and can lead to unnecessary financial loss and downtime required to recover.”
That same Norton report tells a worrying tale of the state of cyber security in the Australian context. “In 2017, one in ten business operators had been affected by a ransomware attack, and 16% of those affected by the ransomware attack had paid the ransom.”
We’ll put their major findings below:
The amount of downtime for a server stands at around 25-hours in the aftermath of an attack. How would your company deal without access to a server for 25 hours?
The average cost to a medium-sized enterprise if hit by a cyber attack stands at $1.9-million
516,380 small businesses were targeted by hacks in 2017
The average ransom demanded by hackers in 2017 was $46,770.
The fine for non-compliance with recently-enacted data breach laws can be up to $1.8-million.
The poignant thing about all of this is that management and decision-makers in a business realise this too late in the process, and sadly these changes can’t be made retrospectively. As we know, hindsight is 20:20, but considering both the frequency and severity of cyber attacks in our day and age of operating is the closest you’ll get to near perfect vision in the realm of security.
Too often, we’re told that the guiding principles and requirements of ISO 27001 are exactly what could have saved that business from financial ruination. It’s an impossible task to get in front of the hackers; as Tim Cook explained in a recent interview with CNN’s Christianne Amanpour, “hackers used to be the guy in the basement, you know, doing some stuff. Now, hackers are sophisticated enterprises.” These ‘sophisticated enterprises’ are often specifically targeting businesses that are lacking modern, secure technical infrastructure as an easy target; a sitting duck.
Our goal, alongside the outcomes ISO 27001 has been designed to achieve are one of the best methods you can employ in your business to ensure you don’t become one of those sitting ducks, so get in contact with us today to find out how working with Best Practice Certification can benefit the integrity of your systems as you move into a more efficient, profitable future.