Australian IT companies should prepare for global internet failure

According to a recent Zurich industry paper on future cyber risks for the global IT industry, implementing preventive cybercrime measures can be compared to the hopelessness of forever stacking sandbags to protect against a severe hurricane.

The report - Global interconnections of cyber risk: impact on the information technology industry - warns a single set of principles alone will be insufficient if anticipated global internet failures hit.

It finds that no company, not even in the IT sector, can completely secure themselves against interconnected and complex cyber shocks and comes at a time when statistics around the world already show a startling number of cybersecurity attacks.

In fact, in a 2013 presentation, IBM Security Services General Manager Kristin Lovejoy revealed the average company faced 2,641,350 security attacks every week. She stated that malicious code was the most common type of attack, with others including unauthorised access, denial of service, credentials abuse and a sustained probe or scan.

Zurich Chief Information Officer Scott Watters says the report sends a clear message to Australia’s IT industry to remain at its most vigilant. “With its ongoing immeasurable complexity, the internet of tomorrow will undoubtedly be less robust and resilient than it is today, so it comes down to the companies and businesses that are most resilient and agile.

“Those companies will shift from protection towards resilience. They will have a plan in place that allows them to bounce back from cyber disruptions. No matter how large the company, a relatively small set of actions can protect against most cyber risks - things like following standards for secure coding and implementing critical security controls devised by organisations such as The Council on Cybersecurity.”

Scott says another key method for companies to build resilience is for them to examine the most likely and dangerous cyber risks and then ensure their executives, board security and response teams all practise their reactions should those risks ever eventuate.

“It is surprising how often this type of drill is overlooked, alongside the basic safety net of having the relevant insurance, as we found in another report released by Advisen which looked at cyber risk management practices in the Asia-Pacific region.”

That report - 2014 Network Security & Cyber Risk Management: A survey of enterprise-wide cyber risk management practices in the Asia-Pacific region - showed results consistent with similar surveys in Europe and North America, with 96% of respondents believing cyber risks posed at least a moderate threat to their organisation.

“The survey found that APAC companies are slower to adopt certain cyber risk management strategies, including threats associated with social media, cloud computing and mobile devices,” says Scott.

“Alarmingly, the report revealed that despite the vast majority of risk professionals, senior executives and board members acknowledging the threats to network and information security, less than one-third of organisations surveyed currently had cyber liability insurance as part of their risk management strategy.

“This mentality must change. Risk professionals need to talk to their broker or insurer and understand how they can protect themselves against specific risks. We know the market hears it all too often but reputational damage can be one of the most serious and lasting impacts of cyber risk. Just one attack on a vulnerable system can undo years of reputation and brand building,” says Scott.

Image courtesy David Bleasdale under CC.