Monday, February 18, 2013
Despite a significant decline last December, last year as a whole saw a near 60% increase in cybercrime attacks on businesses, with global losses estimated at $1.5bn (€1.12bn).
Most of these attacks were via phishing scams — criminals and hackers acquiring sensitive online information by masquerading as trustworthy entities. Companies in the US, Britain, Germany, India, and Brazil accounted for over 50% of attacks. But it is truly a global problem and Ireland is not immune.
A survey conducted last year by Deloitte, in conjunction with global information management giant EMC, found that one-third of Irish companies had, in the preceding year, experienced cybercrime breaches. The average cost per attack amounted to around €40,000. These costs are generally rising all the time.
This week sees leading international technology security firm RSA (part of the EMC group) host its annual conference in San Francisco.
Speakers at the conference include internet ‘evangelist’ and Google vice-president Vint Cerf, Wikipedia founder Jimmy Wales, renowned games designer and author Jane McGonigal, former US secretary of state Condoleeza Rice, and Oakland A’s general manager — and subject of the film Moneyball — Billy Beane.
RSA’s executive chairman Art Coviello will speak about how an intelligence-driven security strategy, using ‘big data’ analytics, can enable security practitioners to regain the advantage of time and allow them to detect attacks and respond quicker and reduce attacker "dwell time".
Mr Coviello has previously stated that some of the most basic mistakes made when trying to curb cyber attacks surround a lack of education of companies and an "inertia around security budgets".
"For a long time now organisations have spent 70%-80% of their budgets on prevention, 15%-20% on monitoring and detection, and 5%-10% on response," he said.
"The problem with the current allocation of budgets is that the vast majority of the spend is still preventative and perimeter-based; static and inflexible.
"Even the monitoring spend is probably heavily weighted to intrusion prevention systems, again perimeter-orientated. In an age of openness, where successful breaches are to be expected — if not inevitable — the balance must shift.
"Without rebalancing this spend, it will become increasingly difficult — if it isn’t already — for you to have the ability to timely detect a breach and have the capability to respond fast enough to avoid loss," Mr Coviello said at RSA’s last European conference, held towards the end of last year.
On the question of whether media reports of a rise in the numbers of cyber attacks are just over-sensationalising the problem, he said it’s not over-hyped.
"The press, unfortunately, doesn’t see what we, law enforcement, and defence organisations see," he said.
"Nobody wants their breach or loss exposed. So, like an iceberg, the true depth of the problem remains hidden. The result is a serious gap between the perception and the reality of the problem."
Daniel Cohen heads the business development at RSA’s online threats managed services department in Tel Aviv, which successfully shut down 250,000 phishing attacks last year and has nullified 750,000 on an international basis to date.
He is also of the mind that companies need to be better educated and more mature when it comes to control, compliance, IT risk, and business risk factors.
Mr Cohen said they also need to better evaluate the risk and know what exactly to protect and how it might be attacked. They also need to have a better idea of the well-organised crime syndicates behind the attack.
As he said: "It’s an army that’s attacking your site, not little fraudsters."