Preventable data leaks that could cost you millions

Events worthy of a spy novel rocked Australia in October 2017.

The resulting loss of sensitive military data was devastating. The culprit? A mysterious hacker everyone calls ‘Alf’: He now has blueprints to Australia's F-35 fighters, spy planes, and smart bombs. There's no telling who else now has access to the data.

The weak point in the security chain was a small engineering contractor with only one IT staffer on duty. Alf exploited the firm's use of default logins and passwords to his advantage. Now, for the million-dollar question: how will you protect your business data?

History is a vast early warning system - Norman Cousins

To date, the average total cost of a data breach is AUS$2.51 million. That's bad news. Unfortunately, the news gets worse: Australia ranks fourth among the 10 countries most affected by data breaches. 

There are three main factors in data leakages:

#1: People:

Unsurprisingly, 48% of breaches are caused by hackers, according to the Ponemon Institute’s 2017 Cost of Data Breach Study. What is interesting, however, is that another 28% are the result of internal sabotage. Even though people account for a high percentage of data breaches, only 56% of Australian businesses have a documented internal IT security/cyber security policy for employees, according to the Canon Business Readiness Index. The price of not having these policies in place can be detrimental.

Whether intentional or unintentional, employees pose a huge threat to information security. You need to make sure that your people understand the threats and are trained to help protect your business.

#2 Technology:

In terms of technology, mobile malware, ransomware, and phishing are emerging as the greatest security threats in the IoT (Internet of Things) ecosystem. Alarmingly, mobile malware variants and ransomware attacks have multiplied since 2017. Ransomware can be delivered through phishing spam, which masquerades as legitimate attachments. When someone clicks on the link, malware infects the computer and gives hackers access to your sensitive data.

To recover the data, a bitcoin ransom may be demanded. The average ransom amount is AUS $1,400 per data breach.6 That's not all. Data recovery is unlikely, even if you pay. With the increasing use of smart devices, the security threat has never been greater. A Symantec study notes that it takes just 2 minutes for a smart device to be hacked.

For Bithumb (one of the largest bitcoin exchanges in the world), the lesson came too late. In early 2017, the exchange experienced a massive data breach. Hackers pretended to be Bithumb bosses and tricked employees into handing over their single authentication password, allowing them to infiltrate their money stores, employee devices and personal information about their users.

The stolen data was used to drain some people’s digital wallets, with one user losing roughly AUS $11K in a split second. The hackers also stole the email addresses and mobile phone numbers of 3% of Bithumb's user base. Needless to say, a class-action lawsuit is in the works. To add to Bithumb's woes, the Korea Communications Commission fined the exchange KRW ₩60 million (roughly AUS $71k) for the breach. That’s a lot of money over a password hack.

80% of hacking related data breaches involve weak or compromised passwords. Bithumb is a perfect example of this. These security measures can be the difference between bankruptcy and growth.  With almost all businesses now running technology based services, it’s crucial to protect your data and avoid the costs.

#3 Processes:

Another way data can be lost is through a BPC (business process compromise) attack. This is where hackers target a company's internal operations, which includes payment systems and manufacturing processes.

BPC attackers prey on organisations focusing too heavily on preventing attackers from getting in. But what about the attackers who do get in? This was the case with a virtual bank robbery at the Bangladesh Central Bank. In 2016, attackers hijacked the internal communications process between the bank and SWIFT, a global communications system for banks around the world. Fraudulent transfer requests were sent, which resulted in the Federal Reserve Bank of New York transferring US $81 million to a private account in the Philippines. It’s a nightmare scenario.

Like a classic bank heist, robbers spend a considerable amount of time planning, observing and discovering loopholes in your system.  When the time is right, they will modify entries or change printer settings to hide signs of an attack. Your security measures are just as much about playing defence as it is about playing offence. Don’t be on the losing team!

Is the price worth the risk?

Research from the Australian Government, outlined in the Canon Business Readiness Index, shows a staggering 59% of Australian business will have their business disrupted by some sort of security breach or attack every month and 43% of cybercrime will affect small businesses. Despite these stats and the very possible scenarios mentioned above, very few Australian businesses are concerned about protecting their information, finance and people. As a business owner, you know that data breaches could absolutely destroy your professional credibility. The average consumer expects impeccable security oversight: 66% insist that they will never again frequent an organisation that has suffered a breach.

Overall, more than half of attacks now cost US$500,000 (AUS $640,000) in recovery expenses. That's not all: you'll have to include losses in revenue, customer advocacy, and business opportunity to figure out the true cost of a breach. Despite the grim news, only 25% of popular retail websites use multi-factor authentication to protect their data.

At Canon Australia, we have a reputation for swimming against the tide. If you want to know more about security measures that protect your data, contact us. We're solutions-oriented, but most importantly, we're focused on protecting you.