This is part four of a ten-part series leading up to the inaugural Australian release of the Digital IQ report.
It happens like clockwork. Every month, it seems, a new enterprise is divulging the unfortunate truth – that its database has been hacked and customer information has spilled out onto the internet.
While this incident may have only affected larger companies in the mid 2000s, now online thieves are targeting all types of businesses for their customer data – which even the smallest company can contain.
And while retailers are some of the primary targets for precious credit card data, it isn’t just consumer-facing businesses which are being targeted. Various surveys show B2B enterprises are being hacked for their financial information. Smaller clients of large organisations are seen as easily breakable entry points to these larger databases, and are being targeted more ruthlessly.
Attacks have also grown in their sophistication. Phishing emails sent to companies are often disguised as coming from legitimate clients, or even from internal IT support teams – when users give over their login information, serious information leaks can occur.
In response, more enterprises are becoming savvy in the methods they use to address security threats, conducting audits and attempting to understand the risks associated with the information they possess.
But the exponential growth in business analytics, including the explosion of cloud services, means the role cyber security plays in high-level strategic thinking will continue to grow.
The growing sophistication of hacking
Most of the cyber attacks targeting popular consumer-focused institutions is focused on credit card data. This information can be sold at a price once obtained, (and fairly easily, due to the ongoing weakness of most users’ passwords).
For retail-focused enterprises this remains a challenge and will always be a problem – security managers in these operations should remain vigilant and abreast of any improvements in technique or security features. Consumers will not tolerate service providers whom they deem to be unsafe.
Also to be considered is the possibility of protest attacks – groups attacking businesses not for financial gain, but to protest strategic choices made by the business.
But another real danger now lies in attacks targeting these B2B enterprises, and in ways they may not expect.
While many internal security systems can detect obvious threats, more are subtle and hard to find. Hacking attempts often disguise themselves as coming from internal departments – and can even infiltrate networks through an infected USB stick.
As the value of business analytics continues to grow, so will the number of attacks. Currently the value of a cyber attack targeting Australian business is worth $US200 per victim. This number can only be expected to grow as more currency and commerce occurs online.
This attention can be seen in the growth of crypto currencies and the number of attacks made on various exchanges. As virtual currencies continue to rise in popularity, their attacks will have significant implications for the global economy.
With the number of attacks continuing to rise, how is the corporate environment reacting – and what approach should it take?
The changing corporate personality
As these attacks have become more commonplace, the corporate mindset has shifted. While cyber security was once seen as a technological challenge, left to the IT department, it is now being interpreted as a key strategic issue.
If a successful attack occurs, the damage can be widespread and severe. With so much of an enterprise resting on technology, cyber security is not just a matter for a particular department, but a consideration that must be baked into every decision – from what type of technology staff can use, to whether they can work from home, or even what type of USB sticks the organisation uses.
At the same time, it isn’t just enough to focus on prevention. As the likelihood of an attack increases, more organisations are developing robust internal mechanisms to detect attacks and shut them down before any information can be stolen.
This emphasis will continue. The more robust cyber security methods are developed, the more sophisticated techniques will be required to police them – which is where savvy digital enterprises will be placing their resources and attention.
Stay tuned for the fifth entry in our Digital IQ series, which will explore the growing market of on-demand business services.