08 July 2021

By Sandro Bucchianeri, Chief Security Officer

In December 2013, Manchester United goalkeeper, David De Gea, famously equalled the Premier League record for saves in a single match (14). He helped Manchester United beat Arsenal 3-1 at the Emirates Stadium in London.

It was an astonishing performance from the Spaniard as he almost single-handedly kept Arsenal at bay, and the score line could have been very different but for his man-of-the-match display.

This brings to mind the significant challenges that Chief Security Officers (CSOs) worldwide face daily in constant attacks against the foundation stones – the goalposts in an organisation's football terminology.

As our world has become more digitalised, so too has the frequency and intensity of cyber-attacks and security breaches, with CSOs directly in the firing line and doing all they can to prevent such, ala De Gea.

The hard truth of the matter, though, is that data breaches and leaks are no longer the exception to the rule but an almost everyday occurrence.

The stats support this growing trend and make for difficult reading for anyone in the cybersecurity sector. Research published by AtlasVPN revealed that as many as 45% of businesses globally had a data breach in the 12 months, between September 2019 and September 2020.

The published figures are based on a survey conducted by Kaspersky and B2B International that involved interviewing 4,179 global businesses with between 50 and 4,999 employees. Companies that took part in the survey came from the financial services, government, manufacturing, IT and telecommunications, and retail and wholesale sectors.

The analysis revealed that, out of the 4,179 businesses, 45% had lost data to hackers over the year. IT and telecommunication companies saw breaches most often, with 53% of companies losing data to security breaches. This is of particular concern because IT and telecommunication businesses often hold sensitive customer information.

The retail and wholesale sectors also didn't fare very well, with 52% of businesses having experienced a data breach during the period under review. The consequences of a breach can frequently lead to brand damage and a breakdown in trust across the customer base.

Financial services were third on the list, with exactly half of the respondents reporting that their business lost sensitive data to cybercriminals. This is of particular concern given that customer accounts, monies are at stake, and breaches are likely to draw regulators' attention.

Those in the government sector are not immune as 46% had a data leak in the 12 months. According to AtlasVPN, "attacks aimed at the government are more often than not supported by foreign authorities, whose aim is to obtain political and military information".

Although manufacturing and industrial companies experienced data breaches least often, they still saw a significant amount, at 43%. These breaches are generally because a competitor hires a hacker to steal inside data to destroy competitive advantage.

Among the notable and high-profile breaches recorded during 2020, Microsoft reported that several servers used to store user analytics had been exposed on the internet without proper protection. It was further revealed this month that the software giant had also been targeted by hackers who homed in on Microsoft's business email software and reportedly compromised the integrity of tens of thousands of accounts.

In early 2020, the Defence Information Systems Agency (DISA), which handles IT for the White House, admitted to a data breach possibly affecting employee records; global hotel chain Marriott suffered a cyberattack which affected over five million hotel guests; and Whisper, the anonymous secret-sharing app saw millions of user-profiles and data exposed. Other corporates which saw data breaches of one form or another during 2020 included Nintendo, EasyJet, and South Africa's Postbank. In November last year, Manchester United said it was investigating a security incident affecting its internal systems.

External threats come in many forms and are directed at both organisations and clients or customers. I've written about this before, and there is no reason for any of us to let our guard down when it comes to external attacks.

But what about internal threats?

Far more discreet but also destructive is the threat that comes from within. According to ObserveIT's 2020 Cost of Insider Threats study, the latest research available, insider threat incidents increased by a massive 47% globally since 2018. The average annual cost to companies of insider threats has also rocketed, rising 31% to $11.45 million in only two years.

Closer to home, local companies, including Absa, have experienced insider threat incidents. Last year, we dealt decisively with an employee who shared data unlawfully. The employee was dismissed and faces criminal charges, as has been reported in the media.

Internal monitoring and control systems need to be continuously reviewed and revised, particularly as remote working becomes more mainstream and brings challenges in ensuring adequate security protocols are place across the business's entire operation.

Vigilance remains everyone’s responsibility – from businesses which keep data, to customers who must monitor their transactions and bank statements closely, and who should never share their pins and passwords.

The role of CSOs – and indeed, the broader leadership of organisations – is continually expanding to incorporate a deeper understanding of the human psyche and human element. The COVID-19 pandemic has placed intolerable stresses on individuals and households, and this can easily default into erratic, negligent, and even criminally deviant behaviour.

Part of businesses' growing responsibilities from a security perspective will be to understand and assess employees and the benefits and risks they pose to the organisation. This is our new normal, and CSOs can begin the step-up security by implementing the following basic rules:

  • Constantly educate and update your teams about what constitutes potential threats
  • How to recognise, report and address suspicious behaviour
  • Purge dormant accounts
  • Implement robust authentication protocols
  • Strictly monitor third-party access
  • Sentiment analysis such as log-in times and lengths can help early detection of a threat

Our job is to make it harder for cybercriminals and those with malicious intent to compromise our defences and score goals. We have to be like David De Gea was on that December day in 2017 and stand tall and firm in the face of the barrage of attacks.