Pride goes before the fall – Australian companies getting caught with their pants down.

While the attacks on the US companies such as Sony, Target and Ashley Madison are old news, our own ‘home grown’ cyber incidents are growing by leaps and bounds, most recent of which, involving David Jones, Kmart Australia and Australian Farmers Direct, prove that cyber threats are a global phenomenon and even the big players aren’t safe.

Over the past 12 months, the number of cyber security incidents detected in Australia has increased by 109 percent, with an average of two incidents per second. However, with companies taking on average 256 days to even detect that the breach has occurred, these rather chilling statistics only reflect a fraction of the problem. 

The number of cyber security incidents detected in Australia has increased by 109 percent over the last 12 months.

Last month, three of Australia’s biggest retailers reported security breaches in which hackers made off with customers’ personal details in the form of names, addresses and contact details. While David Jones, Kmart Australia and Aussie Farmers Direct may be congratulating themselves on the fact that no credit card details were stolen, the information obtained by cyber criminals will fetch a pretty penny on the dark web, helping to keep the lucrative practices ofphishing and identity theft alive and thriving.

However, these retailers may yet feel the pinch once their customers feel the repercussions of these breaches and begin to point litigation fingers at the companies for failing to keep their personal information safe. What’s more, lack of consumer trust may see deterioration of customer loyalty and loss of sales, further hurting the bottom line.

Keeping Up With Security.

One of the biggest problems remains to be, that regardless of the clear dangers and expensive repercussions, comprehensive cyber security is still viewed by many today as a luxury that often misses out on the necessary budgeting allocations required to keep these businesses from becoming the latest victims of cyber criminals. As evident, even the largest of companies are guilty of making this mistake.

Many companies choose to perform cursory testing on an annual basis as a way of ticking the appropriate box and lulling themselves into a false sense of security. While the unsuspecting business continues to function, cyber criminals have a whole year in which to plant malicious software on company computers and reap the rewards, often in the form of stolen intellectual property or client credit card details and personal information.

Companies should review their options.

To discover and correct vulnerabilities that may be exploited within company systems, regular and comprehensive testing and assessment must be performed. However, while a penetration test may identify your vulnerabilities and provide guidance on correcting them today, it will not stop a your employees from downloading those malicious zip files, or prevent any number of creative exploits that may be employed against your business tomorrow. Keeping abreast of the rising number of threats and keeping your system secure requires constant, 24/7 vigilance. That level of security just can’t be achieved when your security team goes home at 5 pm. Companies now have the option of outsourcing their extensive cyber security needs to managed security service providers who are able to provide an all-encompassing security solution, including the monitoring of the company’s networks and systems every second of every day.

For any serious business, information security cannot be an afterthought or something piled into the ‘later’ basket. It needs a strategic and thorough approach, because your company’s survival may very well depend on it.