You’re going to be hacked: Why professional service should take cyber security seriously

The business of cyberattacks is booming. Every day, malicious software trawls the internet searching for vulnerabilities to exploit, and this software doesn’t discriminate by location, or organisation size.

The numbers are scary: Recent research from the IBM and Ponemon Institute estimates the average cost globally of a data breach to an organisation is NZ$5.5 million. And, that’s just tangible costs: the cost of the ongoing reputational damage could be much higher.

After recent high-profile breaches, at the Reserve Bank, NZX and Canterbury DHB, it’s clear that being at the bottom of the world won’t protect Kiwi businesses from a cyberattack. In fact, CERT NZ says that cyberattacks in New Zealand are reaching record highs, and it isn’t just big-name organisations: small and medium enterprises, and those in the professional services sector are easy targets for cyberattacks, and lose millions of dollars a year as a result.

The sophistication of the attacks is increasing too, making it more difficult for businesses to identify breaches. Hackers make use of automated tools and real email addresses and domain names, which make it near impossible to monitor for breaches without the assistance of dedicated software, like SIEM.

What does this mean for professional services?

Professional services companies need to be unimpeachable in their ability to take care of clients’ information; if the company’s firewall gets a reputation for being easy to crack, it could be disastrous for business.

New changes to the Privacy Act, introduced in late 2020, mean the effects of a cyber-attack can be much more serious. Under the new rules, it’s a criminal offence for businesses to fail to notify the Privacy Commissioner and customers of a data breach that causes “serious harm.”

That’s a major risk for professional services companies, whose systems handle huge amounts of sensitive data: personal details, trade secrets and confidential information. The only way to avoid the embarrassment of admitting to a data breach or facing criminal action is to stop data breaches before they reach that “serious harm” threshold. That can’t be achieved with a reactive mindset; if businesses wait until it happens, it will be too late.

How SIEM can help

One part of any organisation’s security system should be Security Information and Event Management (SIEM) software. SIEM monitors the network and responds in real-time through the aggregation of log and event data generated across your systems in a centralised platform. This allows businesses to mitigate the impact of breaches and threats as they arise, so they can get on top of them right away, before they become serious.

SIEM can detect threats from emails, cloud resources, applications, and external sources, giving broad visibility to security teams. In an age where organisations increasingly rely on hybrid- and multi-cloud environments, the ability to piece together threats from lots of different sources has never been more important.

SIEM systems allow for monitoring against lots of different rules, models and ways of detecting suspicious activity. They can detect for brute force attacks, which are relatively simple, or more complicated attacks. For example, it’s physically impossible for a person to enter a password 100 times in a minute, or a new sign in location for a user isn’t necessarily unusual, and neither is the transfer of large amounts of data, but the combination of those two is more likely to be suspicious activity. SIEM software can be set up to pick up on combination actions like that.

According to IBM, it takes organisations an average 280 days to identify and contain a breach; SIEM allows businesses to do so in a fraction of that time. It’s a simple equation: the quicker professional services businesses discover the breach, the quicker they can stop it.

How can I learn more about SIEM?

Intellium has deep experience integrating SIEM into the systems of all kinds of organisations and building out holistic solutions for data and network security.

Get in touch to learn more.

Return to Blog

BLOG

What does this mean for professional services?

How SIEM can help

How can I learn more about SIEM?

Intellium Technology has relocated!

Is blockchain adoption the key to an impenetrable network?

Why it pays to help your collaboration tools go further

Zero trust: Because no one is safe from attacks

3 unanticipated returns from smart technology investments

Data sovereignty laws place new burdens on CISOs

Could shadow IT be a secret bright spot in your business?

COVID has changed the way SMB works: Here are the new tools that get things done

Data hoarding: The consequences go far beyond compliance risk

A hybrid work device guide for the modern office

Understanding managed services and its importance to your business

Want to download the leaked Windows 11? Don’t be so hasty…

5 IT choices that can immediately counter climate change

Maximise Microsoft Teams with these top productivity tricks

The value of digital transformation for small businesses

What are the most desirable skills of the next decade?

The 6 things small businesses need to know about security

10 innovative 5G use cases: What 5G is actually capable of

What devices do you need to head off the unexpected in 2021?

5 analyst predictions on the CIO role in 2021

CES 2021: 4 Key Takeaways For Brands

5 long-term tech changes set in motion this year

The “hindsight 20-20” view of 2020s most promising tech

5 disruptive technologies you should already be planning for

How to foster loyalty in your brand – no matter the size of your business

How to create a harmonious hybrid office

How to properly prepare for MS Exchange Server 2010's end

The role of identity and access management in remote work

Six signs finance companies need to update their IT infrastructure

iPhone Robbers Try High Tech Approach

Protecting Against Ransomware

Intellium Technology - IT Support New Zealand