If you watch a lot of TV news, you’ll be familiar with the sort of interview in which shell-shocked victims of recent muggings and burglaries look into the camera and say “It’s always the sort of thing you expect to happen to someone else.” At this point, it’s natural to shrug and say “but you are someone else” and turn to another channel. But when it comes to IT crime, these warnings should be heeded. 60% of Australians have now been a victim of cybercrime in their lifetime, and nearly 47% of these victims have been targeted in the past 12 months. This isn’t something that just affects other people, and if you don’t have reliable security measures in place then it’s time to start protecting yourself.
Small to medium businesses are most at risk
The Australian Crime Commission claims that cybercrime now costs the country more than a billion Australian dollars each year. And the figures are rising as cyber criminals become more sophisticated. What’s more, it is small and medium businesses that tend to be most at risk.
A study by the Ponemon institute has shown that the cost of cybercrime in Australia has escalated 33% since the first study three years ago, to $4.3 million. That doesn’t seem too much in the grand scheme of things, you might think, but this is merely the average annual cost of cybercrime across the study’s benchmark sample of just 30 organisations! There are hundreds of thousands of small and growing businesses in Australia who simply wouldn’t be able to cope with such losses. And it seems that energy, utilities and financial services organisations experience higher costs than the hospitality, consumer products and retail sectors.
The term cybercrime covers a pretty broad spectrum, so what sort of online attacks are we talking about here? Well according to the survey, most attacks on the IT systems of SMEs are the ones that we’ve been warned about for many years: malicious insiders, malware, viruses, worms, Trojans and botnets. But larger companies tend to fall victim to other attacks such as malicious code, phishing and social engineering. Larger companies tend to suffer higher costs as they can’t offer their services during the downtime it takes to fix problems. Plain bad luck plays its part, too, with many crimes happening due to stolen or lost devices – but there are still ways you can protect your company data against such events.
The real cost of cybercrime
The Ponemon study should be essential reading for any business owner who uses IT to run their company, which is pretty much all of us these days.
Here are just a few of the figures:
- The average cost of cybercrime incurred each year is $4.3 million (with a range of $409,959 to $15.8 million) – this means that there has been an increase of 8.4% over costs reported in 2013.
- Attacks are commonplace: the 30 companies in the Ponemon survey alone reported 47 successful attacks a week up from 41 in 2012.
- The time it takes to resolve issues is getting longer, too, up to 23 days on average. Attacks by insiders or staff can take up to 51 days to contain and solve.
Some of these attacks are taking place on an industrial scale, as well. Chinese hackers recently attacked Canada’s National Research Council and Westinghouse Electric Company, US Steel and the United Steelworkers Union. Meanwhile, in 2014, Russian hackers stole the largest collection of Internet credentials, amounting to 1.2 billion usernames and passwords, plus 500 million email addresses, from organisations including Fortune 500 companies and small websites. Even the small Australian companies in the Ponemon survey said all incidents were expensive to resolve and disruptive to their business operations.
Why do these attacks end up costing so much?
The most expensive costs are those that disrupt services and cause downtime, which accounts for half of each organisation’s annual cybercrime costs. Detection and recovery also costs money, accounting for 53% of internal costs, mostly paying experts to come in and fix problems.
The findings of the report are depressing, and should act as a warning to any business large or small that hasn’t addressed IT security concerns. Looking on the bright side, the survey also found that deploying security intelligence makes a real difference when it comes to fighting cybercrime, and saves you from losing money, clients and time.
Australian businesses that use security intelligence technologies are much more efficient at detecting cyber attacks and then containing them. A Security Information and Event Management (SIEM) solution should be deployed, providing real-time analysis of security alerts generated by network hardware and applications. This has been shown to result in cost savings of $1.9 million a year over companies that haven’t taken such measures. Organisations with Intrusion Prevention Systems (IPS) and Next Generation Firewalls managed a 21% ROI result.
Most companies have a disaster recovery plan in place for disasters such as flood, fire or power outages, and they need to do the same for IT security breaches, so they have strategies in place to minimise risks. Most online criminals want easy targets, so the harder you make it for them to access your systems, the more likely they are to get frustrated and move on.
What should my business do?
At the very least you need to be doing the following:
- Make sure your computers have all the latest patches and updates installed
- Choose strong passwords and don’t use the same one for several devices
- Make sure your computers are configured securely
- Protect your computers with security software
- Protect your personal information, especially on social media
- Review bank and credit card statements regularly to check for suspicious activity
- Don’t access your bank accounts using an unsecured Wi-Fi connection
- Log out of public Wi-Fi networks after use
If you want further advice on how to protect your systems from cyber attack and to stay safe online, contact the experts at Empower IT Solutions. We have decades of experience in IT security and keep up to date with all the latest challenges and threats.