South Africa is no stranger to data breaches, with databases of blue-chip companies such as Ster-Kinekor, ViewFines and Masters Deeds having been targeted in the recent past – often with staggering consequences for the companies and their clients.
Doug Clare, vice-resident of product management at FICO, forecasts that 2019 will be the year where companies of all sizes and industries experience a new level of alarm in realising their vulnerability to data breaches, hacking and other cybercrimes due to the proliferation of evermore sophisticated hackers.
“Hacking has become formalised and thus more competitive, which means that many companies will be forced to take a more clear-eyed assessment of their cyber security posture, and will need to take strong action to improve their cyber defences. That’s a great New Year’s resolution for everyone,” says Clare.
Understanding the network’s real strengths and weaknesses is vitally important. One of the tools that can be utilised is FICO’s free, web-based Cyber Risk Score for enterprises. Subscribing to a Cyber Risk Score that can track your company’s individual score against benchmarks will assist organisations in determining the efficacy of their cyber defences.
“2018 has shown us that while South Africa is doing very well in terms of technology innovations for business that are of a global standard; there is still room for improvement when it comes to tight-sealing organisations against the concurrent dangers to their cybersecurity health,” says FICO South Africa’s country manager Derick Cluley. “If used correctly, enterprise security scoring tools have the potential to change the South African cyber security landscape completely.”
Another way companies can ensure good cyber security is to avoid placing too much emphasis on biometrics systems.
While some tout such systems as the “silver bullet” for cybersecurity, FICO’s Doug Clare reckons biometric security data may become the “biggest security vulnerability of all”.
Biometrics use digital interpretations of a biological feature, which is then associated with an individual’s account credentials. Those digital files can be spoofed, stolen or simply rearranged to point to a digital identity other than that of the account holder.
“Biometrics are neither fool-proof nor fraud-proof. A hacker can replace the digital interpretation of another individual’s retina with their own, and if they do a sufficient job covering their tracks, they can breach a system. The honeymoon of confidence in biometrics is undeserved, and it won’t last,” according to Clare.
Minimising human error is an aspect which companies need look at closely. Examples of errors include incorrect delivery, misconfiguration, and disposal errors. Companies need to focus at least as much on training, awareness, policy, and policy adherence as they do on technology and infrastructure.
“Cyber security is really a people problem. We make mistakes, we fail to follow policies, we overcommit resources, understaff projects, and we sometimes put people into jobs they are not ready for,” says Clare.
In a global study, sponsored by IBM Security and conducted by Ponemon Institute, the 2018 Cost of a Data Breach Study found that the average cost of a data breach globally is $3,86-million (over R52-million), a 6,4% increase from the 2017 figures.
This was based on in-depth interviews with nearly 500 companies that experienced a data breach. The study analyses hundreds of cost factors surrounding a breach including the technical investigations and recovery, notifications, legal and regulatory activities and the cost of lost business and reputation.
The study also calculated the costs associated with “mega breaches” ranging from one million to 50 million records lost, projecting that these breaches cost companies between $40-million (over R500-million) and $350-million (over R4-billion) respectively