Within the rapidly globalising and integrated global community, the evolution and rationalisation of technology has presented the real and present danger of cyber-attacks, creating a threat environment for all businesses. With malware becoming more sophisticated and capable of outsmarting traditional anti-virus technologies, business must prioritise cybersecurity and form an enterprise culture of digital awareness, fortification and resilience.
Until recently security strategies have been mainly reactive, meaning that threats have only been detected and dealt with once organisations have experienced negative consequences. The emergence of Advanced Persistent Threats (APTs) and intrusion vectors mean that the cost of waiting for a breach to occur is simply too high. APTs lurk undetected for long periods, generally on the systems of specific targets, before stealing or corrupting high quantities of data – on average, it will take the business five months to identify an intrusion and a further two months to contain. [1] Common intrusion vectors such as emails sent with malicious links and attachments, fake or manipulated websites that download viruses manipulates people, overtly or otherwise, into performing actions or divulging confidential information.
It is often easy to overlook the complex realities of a cyber-attack on an organisation, holding both tangible and intangible costs. Clearly a cyber breach will prompt an organisation into undertaking regulatory compliance, technical investigations and data breach compensation – yet there is a less visible, often costly aspect to failure to ensure cyber security. Data breaches, malware, “Trojans” and even “ransomware” invariably damage the trading name and weaken the value of an organisation’s customer relations. An attack will also result in increased insurance premiums, loss of intellectual property and will impair business operations. The extent of cyber damage is measured by the cyber resilience of the organisation and the cost of return to BAU. On average, cyber-attacks within Australia cost an organisational $2.55M. [2] In 2017, tried and true methods of prevention such as patching by software companies are inadequate when dealing with zero-day attacks, where the malware targets the software vulnerability before the software vendor is even aware of it.
Deception technology may provide some hope for addressing APTs, intrusion vectors, zero day events and other new sophisticated threats as it is more proactive than traditional anti-virus software. Deception technology automatically deploys a network of camouflaged malware traps that are intermingled with and appear identical to real data, therefore deceiving the cyber-attackers. The fake data or assets are known to all legitimate users so when they are accessed it is clear that an attacker is present in the network. The real-time automation then isolates the malware and delivers a comprehensive assessment directly to the security operations team. This technology will shift the cost of cyber-attacks, making it less rewarding for hackers, effectively changing the rules of the game entirely.
While deception technology is still in the early stages of development the research company Gartner has already predicted that 10% of enterprises will use this technology by 2018, with many actively participating in deception operations against attackers. [3]
Nevertheless, cyber resilience must evolve to form an undeniably necessary aspect of all business. This will require the business community to shift mindset of cyber safety and alter perceptions of organisation priorities. Australian Business must strive to splice expertise in commerce and IT to ensure a comprehensive understanding, and such, response to attacks. It is this vigilance for cyber threats that will determine the success and failure of business throughout the 21st Century.
Who is at risk? |
|
What are the effects? |
|
What can you do? |
|
If you need help with identifying issues for your organisation relating to cyber-attacks and data breaches, or in formulating and rolling out policies and procedures to protect against cyber-attacks and data breaches, our experts can help you. Contact us to get advice from our experienced privacy and cyber security lawyers.