With the average organisational cost of a data breach sitting at $2.64 million, walking the tightrope between digital transformation and digital security has never been a more serious balancing act, writes Michael Cunningham.
Our world is experiencing a revolution, brought about by the digitisation of everything.
We’ve digitised businesses, governments and industries, and along the way we’ve changed many business models, operational processes and customer experiences. The impact has been no less than life-changing.
The transformation to all things digital is astounding, liberating and exciting. I haven’t printed an airline boarding pass in who knows how long, I rent my music, I never go to my bank branch, and I rarely use a taxi.
But digital transformation also has a dark side.
Working in the security space, my natural persona is Mr Cautious. I know just how easy it is for my data to be stolen or my bank account emptied.
While I have had the opportunity to witness some very smart people creating amazing things with technology, I know that many don’t think of the security implications of what they are creating.
Tech companies and departments, by design, code new sites and apps quickly in scrums and sprints. But sometimes I feel performance and time-to-market takes precedence over security.
Often I see or hear about the “tick the box” approach to security. These are the people who just want to be able to report to their board that they have a good security footing, and procured it for a good price.
As a business leader, this is alarming to me. Failures online can have disastrous consequences on a company, damaging customer trust, brand reputation and the bottom line.
IBM and Ponemon Institute estimate that data breaches cost Australian companies an average of $142 per compromised record – of which $80 pertains to indirect costs, including abnormal turnover or churn of customers, while the remaining $62 are direct costs incurred to resolve the data breach.
The average organisational cost of a data breach is $2.64 million.
Organisations need to adopt an in-depth defence posture.
Nearly every business operating online has been targeted by some form of cyber attack in the last year. Every day, organisations are at risk of having their online systems defaced, taken down or compromised, or valuable data stolen.
This threat is increasing everyday, with our data showing that DDoS attacks greater than 100 gigabits per second (Gbps) have increased 140 per cent between 2015 and 2016 alone, peaking at over 600Gbps. SQLi web application attacks also increased by 44 per cent in the same time.
The explosion of connected devices – also known as the Internet of Things (IoT) – has only exacerbated this. These devices, such as routers, security cameras and DVRs, generally have weak security systems and can be easily compromised.
Hackers increasingly tap into them to amplify their attacks, which is why we are currently observing the most powerful DDoS attacks we have ever seen.
Gartner predicts there will be 8.4 billion connected things worldwide by the end of 2017, and that will soar to 20.4 billion by 2020. That’s 20.4 billion systems at an attacker’s disposal.
As hackers continue to evolve their strategies, so do businesses. A “tick the box” approach is not adequate.
But keeping pace with digital transformation while protecting against the rising tide and complexity of security attacks is not impossible. At the core of it is people.
To stay competitive, you need highly skilled people who know the threat landscape and can respond quickly.
Digital transformation will only ever be as good as the security that comes with it. It’s a tightrope drawn between two opposite poles: the need to transform the customer experience or improve, extend or build new business models on one side, and the most up-to-date security technology and skills on the other.
If you fail to walk across this tightrope, it can be a long way down.
Michael Cunningham is the regional sales manager for content delivery network services provider Akamai ANZ.
Analysis: The misnomer of bank regulation and loan costs
By Adam Zuchetti
Analysis: Bank ‘misconduct’ a woeful understatement
By Adam Zuchetti
Analysis: Banks wrongly targeted as business custodians
By Adam Zuchetti