On behalf of Leap, I wanted to share an important update on the topic of IT Security.
What have we been doing?
Currently, we provide a managed solution called “Leap Security Services”. At the time this offering was created and named (back in 2012) it provided a solid level of coverage for most companies. It has three basic protection mechanisms;
Despite global security firms like Symantec, Trend, Webroot, Kaspersky etc. spending millions on research and development, the new breeds of ransomware continue to breach defences. This 2018 report from Datto shows the scary environment we are now faced with;
To reduce confusion and respond to the changing landscape, we have renamed this offering to “Leap Anti-Virus”. We have always used a multilayered approach to security for maximum protection, however, even this now requires new defences and approaches to mitigate the risks. Leap is undertaking an on-going program to raise the level of security awareness and help our clients navigate these risks.
What has shifted so suddenly?
As technology has overtaken how, where and what we do in our companies it has expanded the footprint for attacks. According to the Australian Cyber Security 2017 Threat Report, this has led to:
The speed, angle and combination of threats have left many companies exposed and yet others still unaware of the risk they are running by not acting. Just this year alone there have been major attacks and breaches at organisations like Austal Ships, Perth Mint and PageUp.
Even basic fraud like business email compromise scams has cost Australian business $2.8 million. Thishas risen 30% from last year according to the ACCC and has an average cost per victim of $30,000. So, security is not just about spies and hackers it is also about identity and criminals.
What are some examples of what we’re seeing?
Over the past 6 months, there were 18 data breaches reported to us where we assisted our clients from a wide variety of verticals. The types of attacks were:
It is clear that email is still the most common method of attack. Other interesting findings from the email attacks were:
This could have been prevented by:
According to the most recent quarterly report from the OAIC, of breaches reported, 50% of the malicious attacks came from phishing emails. Human error played a big part with 12% sending an email with personal information to the wrong recipient.
This report captures notifications received by the Office of the Australian Information Commissioner (OAIC) under the Notifiable Data Breaches (NDB) scheme between 1 July 2018 and 30 September 2018 (data breaches).
Data breaches are becoming more common, and now that mandatory notifications are in effect, taking steps to reduce the possibility of a breach should be a priority. Unfortunately, many organisations are still unaware of their responsibilities and this is also why the OAIC has the power to issues fines up to $2.1 million.
What we are doing about it?
The IT industry is grappling with how to respond to the demands and pressures of this escalating security shift. Whether it is a lack of graduates and qualified staff to inconsistent legislation to inadequate community awareness the problem is confronting.
Through our affiliations and global relationships including with organisations like Microsoft and Telstra, we have both learnt and witnessed firsthand what is required. Our focus areas in the next 12 months are;
What are your options moving forward?
The Wall Street Journal’s Cybersecurity Research Director, Ron Sloan shared these five questions at anAustralian Institute of Company Directors talk that we think every business should consider;
Answering these questions should be the start of your journey because unlike other areas of technology security is a joint responsibility.
Our Top 5 recommendations for you;
We will continue to be in communication regarding new offerings and increased protection standards we are introducing to help you keep your data and your business safe.