Share this article on:
It’s been a year since Australians were forced to adapt to a work from home model to ensure business continuity. As we sought to manage businesses on hybrid platforms with multiple devices, IT professionals scrambled to ensure cyber security threats were minimised.
In spite of their best efforts, there was still a staggering 114 per cent increase in COVID-19-related cyber attacks in the fourth quarter of 2020 alone, according to McAfee’s quarterly threat research. In Australia, there have been more than 19,000 COVID-19 related malicious file detections since May 2020.
Preventing cyber crime before it impacts an organisation’s bottom line is essential – a reactive approach is always going to be the costlier and more disruptive method. Indeed, McAfee research found more than 90 per cent of companies surveyed said that hidden costs related to combatting cyber crime extended far beyond financial losses, such as significant interference with team productivity.
It is clear security teams and chief information security officers (CISOs) still have a challenge on their hands, particularly as working from home continues. As a result, the constant need to evolve technology stacks remains to help organisations with this new world order. Within this evolution of how and where we work, cyber security must remain a focus.
Addressing threats of the future
As more organisations adopt hybrid ways of working, it is clear several emerging threats are showing up in reports repeatedly. In Q4, McAfee Labs observed an average of 648 threats per minute, an increase of 60 threats per minute (10 per cent) over Q3, and there were also 3.1 million external attacks on cloud user accounts.
While the volume of attacks is undoubtedly on the rise, they’re expected to become more sophisticated as cyber criminals seek new ways to exploit and infiltrate organisations. The increased use of connected devices, apps and web services in our homes, brought on by COVID-19, will expose many to digital home break-in which not only impacts the consumer and their families, but enterprises as well.
This year we may also see threat actors using social networks to target high stake individuals working within sensitive industry sectors. Finally, as we observed revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform late last year, a new attack vector of exploiting the supply chain may continue to be a threat in 2021 and beyond.
The hidden cost of cyber crime
A recent McAfee report revealed global losses from cyber crime costs the world economy more than $1 trillion, or just more than 1 per cent of global GDP, which is up more than 50 per cent from a 2018 study. While the damage that comes with theft of intellectual property and monetary assets from cyber incidents is dire, some of the most overlooked costs of cyber crime come from the damage to company performance.
System downtime is a common cost to pay in the face of a cyber incident, along with reduced efficiency as a result. The average cost to organisations from their longest amount of downtime in 2019 was $762,231, and the average interruption to operations was 18 hours. Unbeknownst to many, incidence response costs can arise from the help of costly consultants to mitigate not only the attack, but damage to the brand. The cost of rehabilitating the external image and reputation of the brand is high, but crucial.
With today’s Privacy Act 1988 in full force for organisations to notify individuals in the event of a data breach, the Australian media are quick to get wind of the news — exposing these companies in public forums. This only adds to the reputational damage that can occur to a business of any size or sector.
It’s clear that a preemptive approach to security it’s vital, if not essential in overcoming the significant costs of cyber crime today.
Staying ahead of the threat trend curve
As organisations continue to develop multi and hybrid cloud strategies to fit with new working styles post-pandemic, CISOs and their security teams need to understand there is no ‘one size fits all’ solution. Every organisation has unique capabilities, and thus gaps that need filling. They need to take the time to develop a strategy for their current business needs.
Here are five effective methods to consider when developing your business’s cloud and security strategy in 2021:
Cyber security has never, and will never remain stagnant, so it is crucial CISOs and their security teams are keeping abreast of the latest threats and the damaging effects of cyber crime to develop a holistic, security strategy for their business.
Sahba Idelkhani is the director of systems engineering at McAfee ANZ