This will be a year where companies of all sizes and industries experience a new level of alarm in realising their vulnerability to data breaches, hacking and other cybercrimes due to the proliferation of evermore sophisticated hackers. That’s the word from Doug Clare, Vice President of Product Management at predictive analytics company, FICO.
“Hacking has become formalised and thus more competitive, which means that many companies will be forced to take a more clear-eyed assessment of their cyber security posture, and will need to take strong action to improve their cyber defences,” says Clare.
Understanding your network’s real strengths and weaknesses is vitally important and there are several tools that can be used, (one of them is FICO’s free, web-based Cyber Risk Score that allows companies to track their individual scores against benchmarks).
“2018 has shown us that while South Africa is doing very well in terms of technology innovations for business that are of a global standard; there is still room for improvement when it comes to tight-sealing organisations against the concurrent dangers to their cyber security health. If used correctly, enterprise security scoring tools have the potential to change the South African cyber security landscape completely,” adds FICO South Africa’s Country Manager, Derick Cluley.
Another way companies can ensure good cyber security is to avoid placing too much emphasis on biometrics systems.
While some tout such systems as the ‘silver bullet’ for cybersecurity, Clare reckons biometric security data may become the biggest security vulnerability of all.
Biometrics use digital interpretations of a biological feature, that is then associated with an individual’s account credentials. Those digital files can be spoofed, stolen or simply rearranged to point to a digital identity other than that of the account holder.
“Biometrics are neither fool-proof nor fraud-proof. A hacker can replace the digital interpretation of another individual’s retina with their own, and if they do a sufficient job covering their tracks, they can breach a system. The honeymoon of confidence in biometrics is undeserved, and it won’t last,” adds Clare.
Minimising human error is an aspect that companies need to look at closely. Examples of errors include incorrect delivery, misconfiguration, and disposal errors. Companies need to focus at least as much on training, awareness, policy, and policy adherence as they do on technology and infrastructure.
“Cyber security is really a people problem. We make mistakes, we fail to follow policies, we overcommit resources, understaff projects, and we sometimes put people into jobs they are not ready for,” explains Clare.
In a global study, sponsored by IBM Security and conducted by the Ponemon Institute, the 2018 average cost of a data breach is estimated at $3.86m (over R52m), a 6.4 percent increase from the 2017 figures.
This study was based on in-depth interviews with nearly 500 companies that experienced a data breach. The study analyses hundreds of cost factors surrounding a breach – including the technical investigations and recovery, notifications, legal and regulatory activities and the cost of lost business and reputation.
The study also calculated the costs associated with ‘mega breaches’ ranging from one million to 50 million records lost, projecting that these breaches cost companies between $40m (over R500m) and $350m (over R4 billion) respectively.