Statistically, it’s very likely a breach will happen and businesses need to be ready in case of such an event. Cybersecurity is an important part of business planning.
Cybersecurity software, policies and practices are constantly improving but breaches still happen according to CERT Australia's Cybercrime and Security Survey Report. Organisations that reported cybersecurity incidents in Australia rose 34 per cent between 2012 and 2013. Targeted cyberattacks alone increased to 42 per cent worldwide.
Something's not right, and we humans might be the problem.
Staff errors contributed to 57 per cent of cybersecurity incidents, with poor security culture at a staggering 50 per cent.
Any security engineer will tell you the human factor is the weak link. For one thing, we don't seem to learn our lessons about choosing good passwords and changing them often, with 95 per cent of organisations saying that staff needs to improve their IT practices.
We are also increasingly falling victim to new styles of attack. In the beginning cybercriminals were hackers defacing websites for bragging rights. Then more organised crooks realised they could hijack our financial details as we shopped online.
In response, regulatory bodies imposed robust standards and companies dealing with our credit card numbers or other private data have to be compliant with regulations to stay in business.
Now, cybercriminals are increasingly going after individual users. If the technology is getting too hard to get around, a common strategy is to trick us into simply letting the bad guys in.
Called phishing attacks, a classic example is receiving a warning to change your PayPal password. The link in the email takes you to what appears to be the PayPal website, but it's actually fake and your login details are sent straight to cybercriminals.
The next level is spear phishing, an attack targeted at you personally. Sometimes the bad guys 'work' you as a mark before the swindle, pretending to be a friend on Facebook until they convince you to download a game they know ‘you're going to love’. But which turns out to be malware, or malicious software, that compromises personal details in your account.
In one recent example, over 25,000 Instagram users willingly disclosed their login details in exchange for vague promises of 'likes' for their pictures, sending them straight to an Eastern European organised crime gang.
Cybersecurity can be complicated, but caution and education, rather than fear and avoidance, are the best strategies.
- Make sure the site is safe before you input personal information – watch for the padlock in your browser window, 'https' in the website address and/or the green address bar
- Use security software and install updates promptly
- Don't click on suspicious links in emails or social networks
- Don't email personal information
- Don't enter personal information in a pop-up web page