You’re going to be hacked: Why professional service should take cyber security seriously
The business of cyberattacks is booming. Every day, malicious software trawls the internet searching for vulnerabilities to exploit, and this software doesn’t discriminate by location, or organisation size.
The numbers are scary: Recent research from the IBM and Ponemon Institute estimates the average cost globally of a data breach to an organisation is NZ$5.5 million. And, that’s just tangible costs: the cost of the ongoing reputational damage could be much higher.
After recent high-profile breaches, at the Reserve Bank, NZX and Canterbury DHB, it’s clear that being at the bottom of the world won’t protect Kiwi businesses from a cyberattack. In fact, CERT NZ says that cyberattacks in New Zealand are reaching record highs, and it isn’t just big-name organisations: small and medium enterprises, and those in the professional services sector are easy targets for cyberattacks, and lose millions of dollars a year as a result.
The sophistication of the attacks is increasing too, making it more difficult for businesses to identify breaches. Hackers make use of automated tools and real email addresses and domain names, which make it near impossible to monitor for breaches without the assistance of dedicated software, like SIEM.
What does this mean for professional services?
Professional services companies need to be unimpeachable in their ability to take care of clients’ information; if the company’s firewall gets a reputation for being easy to crack, it could be disastrous for business.
New changes to the Privacy Act, introduced in late 2020, mean the effects of a cyber-attack can be much more serious. Under the new rules, it’s a criminal offence for businesses to fail to notify the Privacy Commissioner and customers of a data breach that causes “serious harm.”
That’s a major risk for professional services companies, whose systems handle huge amounts of sensitive data: personal details, trade secrets and confidential information. The only way to avoid the embarrassment of admitting to a data breach or facing criminal action is to stop data breaches before they reach that “serious harm” threshold. That can’t be achieved with a reactive mindset; if businesses wait until it happens, it will be too late.
How SIEM can help
One part of any organisation’s security system should be Security Information and Event Management (SIEM) software. SIEM monitors the network and responds in real-time through the aggregation of log and event data generated across your systems in a centralised platform. This allows businesses to mitigate the impact of breaches and threats as they arise, so they can get on top of them right away, before they become serious.
SIEM can detect threats from emails, cloud resources, applications, and external sources, giving broad visibility to security teams. In an age where organisations increasingly rely on hybrid- and multi-cloud environments, the ability to piece together threats from lots of different sources has never been more important.
SIEM systems allow for monitoring against lots of different rules, models and ways of detecting suspicious activity. They can detect for brute force attacks, which are relatively simple, or more complicated attacks. For example, it’s physically impossible for a person to enter a password 100 times in a minute, or a new sign in location for a user isn’t necessarily unusual, and neither is the transfer of large amounts of data, but the combination of those two is more likely to be suspicious activity. SIEM software can be set up to pick up on combination actions like that.
According to IBM, it takes organisations an average 280 days to identify and contain a breach; SIEM allows businesses to do so in a fraction of that time. It’s a simple equation: the quicker professional services businesses discover the breach, the quicker they can stop it.
How can I learn more about SIEM?
Intellium has deep experience integrating SIEM into the systems of all kinds of organisations and building out holistic solutions for data and network security.