Do you take the hackers' perspective when formulating your cybersecurity strategies?
The Ponemon Institute, 2017 Cost of Data Breach Study, reported that in Australia, not only are malicious attacks the most prevalent, they are also the most expensive to remediate. The average total organisational cost of data breach in Australia in 2017 was $2.51 million. Hackers or criminal insiders (employees, contractors and other third parties) typically caused the data breach, as determined by the post data breach investigation.
"When organizations develop their cybersecurity strategies, they may have IT, legal, risk, and human resources teams at the table but the one person they never invite is the bad guy," said Chris Pogue, lead author of the Nuix Black Report 2018. This report examines the cybersecurity landscape from the hacker's perspective, including the background and mindset of hackers; most effective attacks, countermeasures, and security programs; and what hackers would tell company executives and directors if they had the chance.
Most organizations invest heavily in perimeter defences such as firewalls and antivirus, and these are mandatory in many compliance regimes, but most of the hackers surveyed found these countermeasures trivially easy to bypass.
Penetration testers and hackers report that they are having little problem breaching the perimeter and quickly locating critical data with 12 percent saying they can get into a system in less than an hour. Despite learning their company is vulnerable, some firms still opt to do nothing to improve security.
The Nuix Black Report challenges the common media narrative that data breaches are hard to prevent because cyberattacks are becoming more sophisticated. Nearly a quarter of Black Report respondents (22%) said they used the same attack techniques for a year or more and the following common security issues continually reappear as factors in Data Breach occurrences:
- Single-factor authentication,
- Unpatched Servers and Applications
- Weak or default passwords,
- Antiquated Operating Systems,
- Overprivileged Users
- Rolling your own software
- No network segmentation
- Lack of Instrumentation
What strategies is your organisation employing to ensure that it is not the next headline subject as the result of a major data breach? From a security perspective, we are only as strong as our weakest link. For further information, the Black Report 2018 by Nuix is a very interesting read, to explore report, Click here.