Op-Ed: The evolution, emerging threat, and hidden cost of cyber security

In spite of their best efforts, there was still a staggering 114 per cent increase in COVID-19-related cyber attacks in the fourth quarter of 2020 alone, according to McAfee’s quarterly threat research. In Australia, there have been more than 19,000 COVID-19 related malicious file detections since May 2020.

Preventing cyber crime before it impacts an organisation’s bottom line is essential – a reactive approach is always going to be the costlier and more disruptive method. Indeed, McAfee research found more than 90 per cent of companies surveyed said that hidden costs related to combatting cyber crime extended far beyond financial losses, such as significant interference with team productivity.

It is clear security teams and chief information security officers (CISOs) still have a challenge on their hands, particularly as working from home continues. As a result, the constant need to evolve technology stacks remains to help organisations with this new world order. Within this evolution of how and where we work, cyber security must remain a focus.

Addressing threats of the future

As more organisations adopt hybrid ways of working, it is clear several emerging threats are showing up in reports repeatedly. In Q4, McAfee Labs observed an average of 648 threats per minute, an increase of 60 threats per minute (10 per cent) over Q3, and there were also 3.1 million external attacks on cloud user accounts.

While the volume of attacks is undoubtedly on the rise, they’re expected to become more sophisticated as cyber criminals seek new ways to exploit and infiltrate organisations. The increased use of connected devices, apps and web services in our homes, brought on by COVID-19, will expose many to digital home break-in which not only impacts the consumer and their families, but enterprises as well.

This year we may also see threat actors using social networks to target high stake individuals working within sensitive industry sectors. Finally, as we observed revelations around the SUNBURST campaigns exploiting the SolarWinds Orion platform late last year, a new attack vector of exploiting the supply chain may continue to be a threat in 2021 and beyond.

The hidden cost of cyber crime

VIEW ALL

A recent McAfee report revealed global losses from cyber crime costs the world economy more than $1 trillion, or just more than 1 per cent of global GDP, which is up more than 50 per cent from a 2018 study. While the damage that comes with theft of intellectual property and monetary assets from cyber incidents is dire, some of the most overlooked costs of cyber crime come from the damage to company performance.

System downtime is a common cost to pay in the face of a cyber incident, along with reduced efficiency as a result. The average cost to organisations from their longest amount of downtime in 2019 was $762,231, and the average interruption to operations was 18 hours. Unbeknownst to many, incidence response costs can arise from the help of costly consultants to mitigate not only the attack, but damage to the brand. The cost of rehabilitating the external image and reputation of the brand is high, but crucial.

With today’s Privacy Act 1988 in full force for organisations to notify individuals in the event of a data breach, the Australian media are quick to get wind of the news — exposing these companies in public forums. This only adds to the reputational damage that can occur to a business of any size or sector.

It’s clear that a preemptive approach to security it’s vital, if not essential in overcoming the significant costs of cyber crime today.

Staying ahead of the threat trend curve

As organisations continue to develop multi and hybrid cloud strategies to fit with new working styles post-pandemic, CISOs and their security teams need to understand there is no ‘one size fits all’ solution. Every organisation has unique capabilities, and thus gaps that need filling. They need to take the time to develop a strategy for their current business needs.

Here are five effective methods to consider when developing your business’s cloud and security strategy in 2021:

1. Provide cyber security awareness training for employees: Each employee represents a potential entry point for cyber criminals, and with remote working continuing to become the norm, cyber education must become a priority.
2. Reassess your prevention and response plans: This is to ensure it works around a disparate or remote response team. Look beyond incorporating telemetry and detection to include prevention tools which will work effectively against known attacks, like ransomware, and covert attacks.
3. Protect and prioritise the cloud: Consider cloud security as a nimble architecture where the tools and environment can shift to accommodate. Tapping into a shared responsibility cloud model and deploying a unified cloud security platform will support this posture.
4. Consider consolidation: A recent Gartner survey found that 80 per cent of IT organisations plan to consolidate cyber security vendors over the next three years, with 78 per cent of CISOs stating they have 16 or more tools in their cyber security vendor portfolio. As CISO’s inch closer to leveraging a secure-access service edge (SASE) model, and reassess how to protect their people in a new environment, now’s the optimal time for consolidating your security tools and services.
5. Be wary of emerging threats: Knowing the cyber risks of tomorrow is key to staying ahead of the threat trend curve, and tailoring a strong cyber security strategy for your business. Consent based attacks could become more prevalent, as remote working becomes the norm.

Cyber security has never, and will never remain stagnant, so it is crucial CISOs and their security teams are keeping abreast of the latest threats and the damaging effects of cyber crime to develop a holistic, security strategy for their business.

Sahba Idelkhani is the director of systems engineering at McAfee ANZ