Most New Zealand organisations have a pretty good sense of the potential fallout from security breaches.
However, the truth is that data breaches are growing in number, and the financial cost is growing too.
The average cost of data breach has nearly doubled in the past five years, from US$6.46 million in 2010 to US$12.9 million today.
“The costs aren’t just monetary,” says Stuart Mills, Regional Director A/NZ, CenturyLink.
“Organisations must understand the other risks including damage to reputation and leaked intellectual property.
“Customers and users place an enormous amount of trust in the companies with whom they do business. A single breach can damage that trust forever.
“And, if intellectual property is leaked it could sound the death knell for any organisation.”
Mills believes that today, security isn’t just about basic monitoring services.
“Companies have far more to consider than they once did, particularly because of the rise of new technologies and business-use scenarios, like cloud and BYOD,” he adds.
“Instead, security is a holistic approach to protection, prevention, and response, and it needs to encompass all aspects of technology.”
For Mills, what organisations should consider when implementing, updating, and enforcing their security policy:
1. External threats:
The sheer number of external threats is growing, and there’s absolutely nothing we can do about it, other than maintaining constant vigilance through a security policy that is constantly updated and enforced.
The speed at which threats are increasing is exponential. For instance, there are millions of malware variations that enterprises must defend against, but it’s difficult for signature-based malware to keep up.
There are more distributed denial-of-services (DDoS) attacks than ever before, and they vary widely; they can be highly targeted or generic, long in duration or short.
And they mutate; there’s a new breed of DDoS attacks that use Web servers as payload carrying bots, which makes them even more damaging because of exponential performance increases.
And then there are application attacks, often targeted at financial systems, which can bring a company to its knees.
What’s even more problematic is that most organisations have already been breached - they just don’t know about it.
2. Internal threats:
Employees often leak data because security policies are not enforced. External threats are real and dangerous.
But internal threats can be just as common and just as damaging. Internal threats are often inadvertent, stemming from a lack of oversight as well as from disgruntled employees who leak sensitive data right after they’re fired.