IT Security threats are on the rise. The figures speak for themselves. In Q2 2012, the Kaspersky IT Threat Evolution Report shows:
- Over 1 billion threats detected
- 89.5 million URLs serving malicious code detected
From McAfee, we know that at the end of Q2 they had over 90 million samples of Malware in its database (a significant increase from under 60 million in July 2011). Of greater concern, the report confirms an increased focus on the Internet from organized crime, giving rise to what the McAfee report aptly calls “crimeware as a service”.
Ensuring IT Security objectives are met is a key component the Board’s Governance function. Failures in IT security have far reaching consequences for an organization, ranging from interruption of activity to loss of public trust. The associated costs have the potential to be very high, including damage to a company’s reputation.
Organizations have known of the security threat for years. A 2007 study from McAfee shows that 33% of respondents said a major security breach could put their company out of business. From Sony (who lost an estimated 1.25 billion from a cyber atack) to the smallest start up, nobody is safe. To put things in perspective, The 2011 Norton Cybercrime Report estimated global losses of $400 billion a year and one million victims a day.
This makes it important that all parties involved in IT Security, from IT Security managers to Board members, know what they are facing. It is a war, and the only way to win is following Sun Tzu’s advice “If you know the enemy and know yourself, you need not fear the result of a hundred battles.”
In this particular situation, the enemy has many faces and is fighting on many fronts:
- Via complex organizational structures(even as real corporations), offering a full suite of cyber-crime products and services, these syndicates have well prepared professionals and boards directing them, which makes them a difficult opponent. It is a battle between two corporate competitors, one of whom is not bound by any rules.
- Small criminal operations are actively trying to make quick cash from insufficiently protected systems.
- Hacktivism is becoming a legitimate means of protest. Although widely covered in the news, the Anonymous hacking group is by no means the only hacktivist group out there.
- Increasingly complex, but easy to obtain malware written by sophisticated programmers that sniff and exploit known unpatched vulnerabilities, that “script kiddies” can buy on the Internet but use effectively with minimal technical knowledge.
- Almost universal Internet access and web presence, which allow for multiple points of access.
Information is today’s most sought after asset. Whether it is corporate espionage or stealing personal data and money, cyber crime is on the rise. Is your organization prepared to defend itself?