Search
Close this search box.

Why Australian Businesses Require Cyber Security? Here are Some Eye Opening Statistics

Share:

In just the last 5 years, business leaders have changed the tone of their cyber security conversations. It is no longer a discussion about layers of defence or the beefiness of the firewall, instead Directors now understand it’s no longer a matter of ‘if’ but instead a matter of ‘when’ you will be breached. And the smart companies have already started to shift their resources from preventative techniques to detective ones.

The fact that historical approaches to cybersecurity are no longer good enough is an indication that cyber attackers have become more intelligent, patient and the nature of the attacks are more sophisticated. In today’s digital world, this is something business leaders have come to accept.

The permitter of your network can no longer be defined and effectively controlled, instead attackers have learned to be patient and exploit lower risk vulnerabilities that are usually ignored by internal IT teams, allowing exploits to go unnoticed.

This demonstrates all the more reason Australian businesses need to take cyber security more seriously. The first step will be to focus on predicating where the next risks will be for their business and working pre-emptively to come up with solutions.

There is no better way to demonstrate the urgency of developing formal cyber security plans for your business than looking at some of the big players and the cost of their data breaches:

Case Study 1 – Target

The brand we know and love, Target was subjected to a malware based attack through a compromised point of sale system that allowed hackers to steal credit card information of customers for 3 years without detection. Target’s share prices dropped 13.7% the month of announcing the data breach, and said the cost of the breach aftermath was close to $163 million.[1]

Case Study 2 – Sony Pictures

This time hackers used more complex exploits. They utilised highly sophisticated phishing, calling employees pretending to be from internal IT teams, and ended up creating fake digital authentication certificates to bypass security systems. The breach allowed the hackers to expose the entire Sony employee email servers to the public. Sony admitted the cost of the IT repairs after the breach totalled $35 million, with the total cost of the breach coming close to $1 billion.[2]

Case Study 3 – US Office of Personnel Management

Government departments are especially vulnerable which is why the Coalition has recently introduced an Australian Government Cyber Security Strategy.[3] In the United States, however, the Office of Personnel Management had 22 million government employee records stolen by a contractor who was tasked with performing background checks. The information stolen included employee driver’s licences and passport information.

Case Study 4 – Yahoo

One of the largest breaches of customer information ever recorded, Yahoo reported in late 2016 that a breach occurred three years earlier in 2013 of over 1 billion user accounts that were compromised by hackers. The cyber criminals took and published the user records which included full names, emails, data of births, secret questions and answers and passwords. Verizon Communications reduced its original take-over bid of Yahoo by $925 million as a result of this breach,[4] with the real implicated cost of the breach not disclosed, the catastrophic effect of the breach has certainly been felt in the reputational damage Yahoo has faced in the media.[5]

So how can my company be compromised?

This is question most want answered. How can I be breached? With the premise of the question being ‘what can I do to prevent this particular breach?’ – the reality is, for close to 60% of cases, attackers will be able to compromise an unprepared organisation within minutes. [6]

Between 70-90% of malware samples were uniquely created to an organisation. This means attackers will likely evaluate your specific business, looking closely at the applications you are running to develop a unique exploit.

The prevalence of phishing is also a very high risk. Two thirds of incidents where a business was compromised included a pattern of phishing. In a recent study by the Ponemon Institute, 23% of business employees open phishing messages and 11% click on attachments within the first hour of receiving them.

What will a cyber breach cost?

Perhaps you’re not in the middle of a take-over bid, but the cost of cyber breaches will still be great. IBM interviewed 1500 organisations and found that the data breach cost per record, that is, think how many paying customers you have ever had in your company records, would amount to between $200-400 per customer.[7] And the costs are growing. You need to consider not only the IT repair and hardening costs, but the reputational damage that will inevitably occur when you are forced to publically disclose your company was breached by the Privacy Commissioner (and the cost of fines if you don’t).[8]

Where should I focus if I want to protect my business?

Start by assessing the cyber risks that apply to your business. Look at your cyber maturity and your business objectives:

  • What digital solutions are changing in line with where the business is heading?
  • Consider how you will mitigate those risks, what is your “plan b” and “failsafe” for each critical system?
  • What type of cyber awareness training might be appropriate for your employees and how regularly they should refresh their knowledge?
  • Ensure you have senior management support for good cyber practices and that is reflected through the company culture.
  • Ensure you have three lines of defence for critical systems, the first being the right configurations, second being effective and regular monitoring of those controls and configurations, and finally having an independent expert regularly audit and assess those controls to determine any weaknesses.

Cyber threats will continue to rapidly evolve in the years to come. In 2017, it is now more critical than ever to ensure you remain a step ahead of cyber criminals and your competitors to give your company the edge to grow and succeed securely.

[1] https://techcrunch.com/2015/02/25/target-says-credit-card-data-breach-cost-it-162m-in-2013-14/

[2] http://www.csoonline.com/article/2879444/data-breach/hack-to-cost-sony-35-million-in-it-repairs.html

[3] https://cybersecuritystrategy.dpmc.gov.au/assets/img/PMC-Cyber-Strategy.pdf

[4] http://www.cnbc.com/2017/03/14/verizon-sought-925-million-discount-for-yahoo-merger-got-350-million.html

[5] http://fortune.com/2017/01/09/yahoo-marissa-mayer-board-verizon-acquisition/

[6] Cost of Data Breach Study: United States, Ponemon Institute LLC, May 2016.

[7] https://www-03.ibm.com/security/infographics/data-breach/

[8] https://www.oaic.gov.au/media-and-speeches/statements/mandatory-data-breach-notification

Picture of Ahmed Khanji

Ahmed Khanji

Ahmed Khanji is the CEO of Gridware, a leading cybersecurity consultancy based in Sydney, Australia. An emerging thought leader in cybersecurity, Ahmed is an Adjunct Professor at Western Sydney University and regularly contributes to cybersecurity conversations in Australia. As well as his extensive background as a security advisor to large Australian Enterprises, he is a regular keynote speaker and guest lecturer on offensive cybersecurity topics and blockchain.

Contact

Sydney Offices
Level 12, Suite 6
189 Kent Street
Sydney NSW 2000
1300 211 235

Melbourne Offices
Level 13, 114 William Street
Melbourne, VIC 3000
1300 211 235

Perth Offices
Level 32, 152 St Georges Terrace
Perth WA 6000
1300 211 235

Company

Learn more about the team at the forefront of the Australian Cyber Security scene.

About Us →

Meet the Team →

Partnerships →

Learn more about the team at the forefront of the Australian Cyber Security scene.

Career Opportunities →

Internships →

Media appearances and contributions by Gridware and our staff.

See More →

Services

Services

Whether you need us to take care of security for you, respond to incidents, or provide consulting advice, we help you stay protected.

View all services →

Web App Pen. Test Calculator →

Network Pen. Test Calculator →

Governance & Audit

Legal and regulatory protection

Penetration Testing

Uncover system vulnerabilities

Remote Working & Phishing

Fortify your defenses

Cyber Security Strategy

Adaptation to evolving threats

Cloud & Infrastructure

Secure cloud computing solutions

Gridware 360

End-to-end security suite

Gridware Managed Services

Comprehensive & proactive security

Gridware CloudControl
360

Harness the benefits of cloud technology

Gridware Incident Response 24/7

Swift, expert-led incident resolution

Solutions
Resources

Resources

A collection of our published insights, whitepapers, customer success stories and more.

Customer success stories from real Gridware customers. Find out how we have helped others stay on top of their Cyber Security.

Read More →