"We're no longer in a situation where it's a case of 'if I am going to get breached'. It's more a case of how often you are going to get breached and how long those people are going to be in for."
A stark warning from cyber forensics pro Dr David Day.
How many of you have security software installed on your smartphones? I'll wager more than 80% don't. Well, neither did I, until two months ago.
A top female ethical hacker had shown me just how easy it was to hack into my phone - a device that for most of us is a real-time repository of our personal info. I was left more than a little alarmed!
I wanted to jump into action before finding myself a victim of cyber crime (research shows most of us aren't diligent about security until we've been hit with a data breach). I was recommended an anti-virus, plus clever digital lock app 'Latch' - it allows you to switch off access to your accounts when you're not using them.
90% of all cyber-attacks begin with a human weakness
I then got in touch with four security gurus including Dr Day to film a special episode of Digital Futures. Cue cyber security warrior Tim Holman, renowned engineer Jose Palazon and author of The Snowden Operation, Edward Lucas. Hit play below to hear from them first-hand.
[Share this vid via Twitter mentioning @tefdigital if you found it useful]
The video paints a clear picture of cyber crime threats, and I also want to quickly highlight three statistics you must keep top of mind. I sourced them from this great article by security professional Oliver Martinez.
One - 90% of all cyber-attacks begin with a human weakness.
Coaching your employees on data protection just isn't enough. In the video, Holman speaks to this point, explaining "You could buy the most high-tech security software, then the admin guy whacks a generic password on it ... and you're sunk".
Also, don't delegate cyber crime prevention solely to your IT department - embed these practices across all areas of business. Lucas finds that one of the big mistakes companies make is "to think that they can solve their data security problems simply by buying some new software and telling the IT department to get on with it".
Two - The US' National Cyber Security Alliance found that 60% of small companies are unable to sustain their business within six months of a cyber crime attack.
The financial burden - and reputational issues - of having your intellectual property or customers' data compromised means you could go bust after just one powerful attack.
Yes, it's getting more expensive to keep up with the sophisticated means of hackers. However, consider investing in bringing a seasoned security pro on board at the early stages to conduct a risk assessment, deploy custom software (it need not be the most costly one) and help hire specialised IT staff that are clued in to the new threats that crop up daily.
Three - The average price of cleaning up after your business has been hacked stands at... over $1mn (Ponemon Institute).
That's sit-up-and-take notice stuff.
Palazon insists: "It used to be that you applied one measure - one firewall, one layer of cryptography, one layer of secure communications. At some point however, they're going to be broken - but not all at the same time. That's why these days you need to apply as many as possible".
Here are the four pros you saw in the video. These are the guys you want on your cyber crime squad if you're in trouble!
- @2_secure Globally recognised pro Tim Holman, CEO, 2-sec and President, ISSA-UK - he's a top go-to guy for companies when they need security advice.
- @elevenpaths Software engineer, hacking expert and former Yahoo! Search architect Jose Palazon - he's the lead engineer at security outfit Eleven Paths.
- @drdavidjday Acclaimed cyber forensics expert Dr David Day is senior lecturer and consultant in information security and digital forensics at Sheffield Hallam University and he consulted on the high-profile LulzSec case.