By Oliver Martínez, Director of Security and eHealth services at Telefónica
The continued rise of cybercrime means that every consumer and business is now under an almost constant threat of attack.
As a result, the costs of defending against cybercrime for businesses have risen 78% per year for the past four years, with the average price of cleaning up after a successful attack now estimated at over $1m (Ponemon Institute).
However despite security being seldom out of the headlines, from the National Security Agency’s global Prism scandal to household consumer brands having their customers’ personal data stolen, many businesses are still unprepared. The UK Government’s Department for Business, Innovation and Skills (BIS) found that 86% of the top FTSE 350 firms were not regularly considering cyber-security threats. This can have devastating effects to both a company’s reputation and its bottom line.
A report from the Washington-based Center for Strategic and International Studies (CSIS) estimates the cost of cybercrime today to be a sizeable $400bn a year.
What’s worse, the National Cyber Security Alliance in the US revealed that 60% of small companies go out of business altogether within six months of an attack.
These are alarming figures and yet, most companies are dangerously unprepared to protect themselves from the latest threats in the digital world, often adopting outdated or piecemeal solutions when a dynamic approach – going beyond the IT department – is called for. Jose Palazon, lead engineer at ElevenPaths, creators of new digital lock app Latch, points out that hackers are most likely to launch an attack at the least expected point of entry, and he finds most firms invest budgets heavily on protecting merely one or two areas (see video here and below).
[youtube]http://www.youtube.com/watch?v=tFB0M8YuckI[/youtube]
A big challenge faced by businesses is the blurring of the line between our personal and professional lives – an issue most prevalent with the increase of smartphone ownership and subsequent BYOD policies. This creates not only a single ICT ecosystem for cybercriminals, but critically offers them a unified attack point for both types of data. Consumers don’t want to have to carry two devices with them and companies don’t want corporate data being held in an unsecure environment.
This concern is put into sharp relief by a recent UK government survey that found over half of consumers surveyed didn’t even bother installing security software on their mobile devices. It is not surprising then that 90% of all cyber-attacks begin with a human weakness. Advising employees on data protection and prevention measures is no longer enough.
“The real issue is still going to be people. You could get the best product in the world, someone in the company sticks a default, generic password on it – and anyone could still get in just like that,” points out ISSA-UK President and 2-sec CEO Tim Holman.
Whilst human involvement will always be necessary to a degree, many experts appear to agree that the best ways to limit the risk of a cyber-attack are the systemisation of functions, stringent data encryption, deploying security across departments and constantly updating this software to keep up with ever-evolving threats. Tim also warns businesses to be vigilant for so-called legitimate businesses being set up by hackers, where they carry out attacks on other companies.
This is why Telefónica is geared towards rolling out products and services that protect businesses and consumers’ digital data. The above-mentioned Latch allows consumers to remotely switch their digital services on and off, and we’re already seeing banks, universities and social networks start to integrate this.
We’ve also partnered with the likes of Samsung to bring Knox, a sophisticated end-to-end secure mobile platform solution, to our customers.
With this tool, consumers will be able to separate their work and personal lives on their devices, and businesses will feel more peace of mind knowing the business data on employees’ phones is encrypted and sitting behind rigorous password protection.
We will never completely counter or eradicate cybercrime but by adopting a new way of thinking about our personal and corporate defence, we can take steps to limit its destructive power.
Four top global experts assert the same in a special video we shot recently (see above) – I’d urge you to take a look.
