IN recent weeks, supermarket chain SuperValu and insurance firm Axa experienced a cyber attack that led to 70,000 customers’ unencrypted credit card details — including CVV numbers — being stolen.
Loyaltybuild, the company responsible for both companies’ reward schemes and the source of the breach, said they had experienced a “sophisticated criminal attack”. If anything good can come of this incident, let it be a loud alarm bell for businesses — IT security is no longer an issue to be brushed under the rug.
The ubiquity of the internet and mobile devices has brought people from around the world closer than ever before. A once vast, seemingly endless globe has been reduced to a smartphone screen, where a message typed casually over a coffee is read on continents thousands of miles away before the sugar cubes have even dissolved.
This interconnectivity is a triumph and a marvel. But, to an unscrupulous hacker, the syncing together of mobile and desktop devices, of social media and email accounts, presents a well-labelled roadmap to your valuable data and information, personal and business alike.
A study by the RSA, EMC’s Security Division, and US-based Ponemon Institute in Michigan revealed that businesses in Britain and the US remain markedly blasé about security, despite the high profile of cybercrime.
On Cyber Monday, one of online retail’s most profitable days of the year, 64% of companies reported a ‘significant increase’ in online attacks. Though a startling figure, 70% do not take any additional precautions to safeguard their assets.
Similarly, Ireland has not escaped the wrath of cyber criminality. The Deloitte 2013 Irish Information Security and Cybercrime survey, in association with EMC, found that 40% of Irish companies have experienced at least one security breach in the past year with an average cost of €135,000.
In terms of the remediation and clean-up costs associated with security incidents and cybercrime, the survey showed that the average cost of a large security incident stood at €29,954.
As technology becomes increasingly sophisticated, hackers can employ more elaborate methods of fraud and disruption. These intrusions are almost impossible to prevent given the openness of today’s technology and the growing sophistication of hackers.
The traditional firewall and anti-virus suite will do little, if nothing at all, against a deliberate attack; just as a picket fence will scarcely discourage a determined burglar.
This guile has pushed companies like RSA and EMC to employ intelligence-driven security strategies that will help business defend themselves from attack by having increased visibility of the threat and being able to stop the breach quickly.
An intelligence-driven approach proactively targets and hunts exploits before they can cause damage within a network. It involves using reliable cyber security data and researching prospective cyber criminals to better understand risk and learn about why and how attacks occur.
These security solutions are essentially bespoke, being both scalable and adaptable to all businesses, working in tandem with internal IT systems without disrupting them.
That is to say, proactive, as opposed to reactive, countermeasures. Passive barriers, like firewalls and anti-virus software, will only follow obvious trails to problems that have already impacted your business. These alone cannot assure safety.
Organisations need to shift more resources from attack prevention to rapid threat detection and remediation.
But the most fundamental weapon in the war against cybercrime goes beyond software. As this technological arms race ramps up, it is vital that every employee — not just the IT department — is aware of the basics of “security hygiene” so they can better contribute to the stability of the business. After all, it only takes one poorly protected mobile to open a backdoor into an entire ecosystem of vulnerable machines.
Simple missteps, like failing to update software when prompted, or mistaking company protocol (like changing passwords every month) for good security, create a culture of complacency that can be exploited by hackers. Protecting a business from online threats requires investment in employee training and a regularly updated, intelligent security solution that covers all aspects of a network.
As we move towards unprecedented interconnectivity across multiple mobile devices, it is essential that we equip ourselves with the necessary tools to defend our data from increasingly advanced threats.
Most security spending is still invested in “perimeter-based prevention” — focused tools that advanced cyber attacks have made largely obsolete. Cyber securities most pressing goal, now and the foreseeable future, should be to prevent business damage or loss, not to prevent intrusion and compromise.
An intelligence-driven security strategy allows businesses to manage risk, see vulnerabilities and detect and investigate threats both external and internal, whether malicious or the result of human error. Such an approach ensures Irish businesses can protect their digital assets, like intellectual property and business information, from cyber attacks, and can reduce the time and significant costs associated with today’s most sophisticated threats.
* Jason Ward is EMC Director for Ireland, Scotland and UK North. RSA is the security division of EMC.
© Irish Examiner Ltd. All rights reserved