Story image

Are Aussie businesses "critically exposed" to data breaches?

12 Jun 14

The exponential growth in mobile e-commerce will leave businesses critically exposed to the soaring risk of data breaches unless they dramatically ramp up their focus on IT security.

That's the view of Chris Grant, managing director at Protiviti, a global consulting firm, who claims that in 2013 alone, almost 300 billion mobile transactions worth more than $930 billion were processed.

"By 2015, the number of mobile apps developed for smartphones and tablets will outstrip PC based software four times over, pushing transaction volumes to even greater heights," he adds.

"And by 2016 more than half of the world’s top 1000 companies will be storing sensitive customer data in the cloud.

“The rapid shift from desktop to mobile internet services and from traditional data centres to the public cloud will open up a whole new world of security vulnerabilities for businesses that are unprepared for the risks."

The recent data breach suffered by eBay resulting in the theft of personal information of 145 million eBay customers is a timely reminder that cybercriminals are becoming increasingly sophisticated and are able to deploy highly effective and destructive hacking tools to compromise even the largest corporations.

According to Grant, Australian businesses especially, unfortunately have a poor record in resisting cyber-attacks.

In 2013, Australian companies had data breaches that resulted in the highest average number of compromised records per capita (34,249).

Australia also ranked second after Germany, on the list of countries most likely to experience a data breach from malicious or criminal attack - the most costly breach category for companies.

“Despite these threats, many businesses remain dangerously complacent about their exposures and continue to seriously under-invest in IT security," Grant adds.

“Australian companies typically allocate only one to two per cent of their IT budget to security, even though benchmarking from reputable organisations like Gartner recommends a minimum spend of at least two to seven per cent, depending on factors such as regulatory requirements and individual risk factors."

Grant also observed that while companies had several data breach strategies at their disposal, the critical first step was to understand their customers’ behaviour.

“Companies first need to know how consumers behave when it comes to online security and adopt systems that help protect their customers from themselves," he adds.

"It’s well known that consumers tend to let their guard down particularly on social media by readily accepting contact offerings, sharing files or clicking on links from people they don’t personally know – even though these behaviours greatly increase their chances of malware infections, identity theft and the like."

Grant commented that to effectively combat complex and high-stakes e-commerce risks, companies were advised to adopt a multi-layered ‘defence in depth’ strategy.

“A ‘defence in depth’ approach involves a coordinated use of multiple IT security measures to protect the organisation’s information assets," he adds.

"Because the source of a cyber-attack can be unpredictable, you need to be set up so if one security measure is infiltrated there are fall-backs that can continue to hold the fort.

“And to be effective, those integrated measures must protect the business on all essential fronts.

"These include having robust server and application security which should include a clear policy for when it’s appropriate to use the cloud.

"Also critical are message confidentiality and integrity measures so that communications between transacting parties are private and not able to be tampered with, and authentication and authorisation protocols so that parties are properly identified and authorised to make the relevant transactions.

“Sound audit controls should also be implemented so that breaches or other unauthorised activities can be quickly detected.

"And lastly, payment processing and settlements need to be secure and compliant with the Payment Card Industry Security Standards which protect against credit card fraud.

“The explosion in mobile e-commerce presents both opportunities and threats for Australian businesses.

"The companies that succeed will be those that invest adequately in IT security and have a robust, multi-dimensional security strategy to deter the hackers at the gate."

Schneider Electric's bets for the 2019 data centre industry
From IT and telco merging to the renaissance of liquid cooling, here are the company's top predictions for the year ahead.
China to usurp Europe in becoming AI research world leader
A new study has found China is outpacing Europe and the US in terms of AI research output and growth.
Google says ‘circular economy’ needed for data centres
Google's Sustainability Officer believes major changes are critical in data centres to emulate the cyclical life of nature.
52mil users affected by Google+’s second data breach
Google+ APIs will be shut down within the next 90 days, and the consumer platform will be disabled in April 2019 instead of August 2019 as originally planned.
Ramping up security with next-gen firewalls
The classic firewall lacked the ability to distinguish between different kinds of web traffic.
Platform9 aims to allow enterprises to run Kubernetes instantly
Snapfish, HPE, and Juniper use Platform9’s hybrid cloud solution to deliver a modern cloud infrastructure-as-a-service experience.
DigiPlex’s data centre heat reuse system wins award
Its solution to reuse heat to warm thousands of local homes took out the accolade at the recent 2018 Energy Awards.
STT GDC to build hyperscale data centre in Singapore
ST Telemedia Global Data Centres (STT GDC) today unveiled ambitious plans for expansion with its largest data centre in Singapore to date.