Dynamiq CEO Jarrod Wilson
Falling for email scams is becoming the most costly mistake made by companies around the world.
It even happened to tech heavyweights Facebook and Google, who were scammed out of more than $100 million between 2013 and 2015 through an elaborate fake invoice scam. A Lithuanian hacker sent each company a series of fake invoices while impersonating a large Asian-based manufacturer both used as a vendor.
Phishing is a social engineering attack used to steal user data and gain access to vital systems, login credentials and credit card numbers. It happens when an attacker, acting as a trusted entity, convinces the victim to open an email, instant message, or text message.
In their latest Phishing Activity Trends Report, the global Anti-Phishing Working Group found the number of organisations attacked by phishers in Q3 2019 was up notably with attacks on more than 400 companies per month, versus an average of 313 per month in Q2.
It’s a similar story in Australia with Scam Watch ranking phishing the number 1 reported scam with 20,782 reports so far in 2019.
While once cyber risk and IT security were the domain of the IT professional, it’s now a significant business risk which needs to be addressed by both business leaders and the board.
Many business leaders don’t realise the biggest cost of a data breach is not the breach itself, but the business disruptions that occur because of it. IBM has listed the biggest cost factor in a data breach as ‘Lost Business’, which accounts for 36 per cent of the entire breach cost. This cost is greater than detection, escalation, post breach, and notification costs.
Why companies are neglecting cyber risk
More than half of Australian organisations have no cyber security governance in place, found the recent Security In Depth survey of nearly two thousand businesses. Some 38 per cent did not provide any cyber awareness training to staff, despite 71 per cent of breaches being the result of human error and 90 per cent beginning with an email. The survey also found 63 per cent of companies “have no idea” how to respond to a cyber incident.
With so little cyber security oversight, it’s no surprise Australia had become a testing ground for hackers trying new kinds of malicious software.
Turning the ship around
The Australian Signals Directorate’s Australian Cyber Security Centre (ACSC) has developed Strategies to Mitigate Cyber Security Incidents. The strategies focus on governance and response and cover cyber intrusions, ransomware and external adversaries with destructive intent, malicious insiders, ‘business email compromise’, and industrial control systems.
ACSC said, “Prior to implementing any of the mitigation strategies, organisations need to identify their assets and perform a risk assessment to identify the level of protection required from various cyber threats.”
We’ve been working within these mitigation strategies to develop Qantian for our clients. It’s a cyber resilience program which identifies cyber risks, quantifies the severity of the risks, and provides solutions to address the risks. In addition to improving governance and response capabilities, Qantian has a strong focus on people risk management with industry-leading education, awareness and testing programs.
How the resilience program works
Identify risk – Our online risk assessment uses data insights and analytics to identify the gaps in protecting your data assets.
Quantify risk – An output report tells you exactly how vulnerable your business is. You get a percentage risk score for three key risk pillars of people, process and technology.
Solution exploration – Our consultations help you find the right solutions for your business based on the identified risks. That way, you are not throwing wasted dollars towards solutions you don’t need.
Supplier selection – We make it easy to find the right supplier. We’ve partnered with tried-and-tested providers who understand the budget constraints of small and mid-sized organisations.
Managing cyber risk shouldn’t have to be such as complex task. Our consultants have spent the hundreds of hours up front to develop Qantian so you can quickly identify your vulnerabilities and start working to fix them.