Gear towards resilience in cyber war
Insurer’s research finds Australasian IT companies must prepare to face global internet failure.
Resilience, as opposed to protection, will be the characteristic allowing companies to survive the complex cyber breaches which are becoming the norm, according to a Zurich industry paper.
Sounding a somewhat doomladen bell, the report likens implementing preventative cybercrime measures to the hopeless ness of forever stacking sandbags to protect against a severe hurricane.
The report, Global interconnections of cyber risk: impact on the information technology industry’ , warns a single set of principles alone will be insufficient’ if anticipated global internet failures hit.
It finds that no company, not even in the IT sector, can completely secure themselves against interconnected and complex cyber shocks and comes at a time when statistics around the world already show a startling number of cyber security attacks.
In fact, in a 2013 presentation, IBM Security Services General Manager Kristin Lovejoy revealed the average company faced 2,641,350 security attacks every week.
She stated that malicious code was the most common type of attack, with others including unauthorised access, denial of service, credentials abuse and a sustained probe or scan.
Zurich’s Chief Information Officer, Scott Watters, says the report sends a clear message to the Australiasian IT industry to remain at its most vigilant.
“With its ongoing immeasurable complexity, the internet of tomorrow will undoubtedly be less robust and resilient than it is today, so it comes down to the companies and businesses that are most resilient and agile.
“Those companies will shift from protection towards resilience. They will have a plan in place that allows them to bounce back from cyber disruptions. No matter how large the company, a relatively small set of actions can protect against most cyber risks – things like following standards for secure coding and implementing critical security controls devised by organisations such as The Council on Cybersecurity.”
Watters says another key method for companies to build resilience is for them to examine the most likely and dangerous cyber risks, and then ensure their Executives, Board security and response teams all practice their reactions should those risks ever eventuate.
“It is surprising how often this type of drill is overlooked, alongside the basic safety net of having the relevant insurance, as we found in another report released by Advisen which looked at cyber risk management practices in the Asia-Pacific region.”
That report, 2014 Network Security & Cyber Risk Management: A survey of enterprisewide cyber risk management practices in the Asia-Pacific region, showed results consistent with similar surveys in Europe and North America, with 96% of respondents believing cyber risks posed at least a moderate threat to their organisation.
“The survey found that APAC companies are slower to adopt certain cyber risk management strategies, including threats associated with social media, cloud computing and mobile devices,” says Watters.
“Alarmingly, the report revealed that despite the vast majority of risk professionals, senior executives and board members acknowledging the threats to network and information security, less than one third of organisations surveyed currently had cyber liability insurance as part of their risk management strategy.”
“This mentality must change. Risk professionals need to talk to their broker or insurer and understand how they can protect themselves against specific risks. We know the market hears it all too often but reputational damage can be one of the most serious and lasting impacts of cyber risk. Just one attack on a vulnerable system can undo years of reputation and brand building,” says Watters.