A new report from Pricewaterhousecoopers (PwC) has said that cyber breaches are costing organisations $7.6 billion each year, and that figure is increasing as more and more organisations turn to remote and flexible working arrangements.
The report says that cyber breaches launched against organisations came at a price of $7.6 billion in the last financial year, and this figure is expected to rise as cyber criminals continue to increase their cyber attacks against vulnerable organisations without an information security management system in place.
The figures came from PwC’s latest Digital Trust Insights 2021 Report – The Need for Cyber Resilience – which you can access here, and took responses from 3,249 businesses around the world.
Nicola Nicol, a partner with PricewaterhouseCoopers has said that “the attackers have taken advantage of the situation,” adding that “attackers have started to look to take advantage of employees who are working from home and perhaps not thinking about security in the same way they would do in an office environment.”
“We are seeing an expectation that attacks will continue to increase,” Nicol said.
In reference to the $7.6 billion price tag for organisations and the wider economy in the wake of rising data breaches, Ms Nicol said “that’s a significant number and really a lot of those costs need to be passed onto the consumers through increases in the price of products or services.”
“International industry research actually shows that more than half of malicious attackers are financially motivated,” – Dr Suelette Dreyfus
While stay-at-home orders were no doubt effective for curbing the spread of the COVID-19 pandemic, they were also disastrous in the context of cyber risks for organisations and presenting cyber criminals a new avenue to direct their attacks and cyber breaches.
The report noted a 65% jump in the number of data breaches and cyber security incidents being reported between the months of April and June, where the majority of Australian workforces had moved to remote working practices.
Other headlines in the report is the fact that “over 50% of companies lack confidence in their organisation’s current cyber budget and processes.”
Authors of the report noted a clear trend toward cyber security and investments in something like an ISO 27001 Information Security Management System after 50% of respondents said they were increasing their cyber budget, and another 50% responding that cyber security and privacy considerations will be “baked into” every business decision made.
The report states that organisations that have made significant investments in their information security systems were responding positively, with 17% of business and IT leaders already realising the benefits from better quantification of cyber risk.
A report from the ABC’s Daniel Ziffer says that “an astonishing number of employees moved quickly this year from working on computers linked to secure servers, inside buildings protected by pass cards and gates, to performing vital business roles from their kitchens and bedrooms.”
Senior lecturer of Computing and Information Systems at the University of Melbourne, Dr Suelette Dreyfus, has said that this shift has presented cyber criminals with an unprecedented opportunity to launch cyber attacks at unwitting organisations.
“You’ve got IT departments in big organisations [who] used to have a thousand people in a downtown office… now they’ve got a thousand people they’ve got to manage at kitchen tables from Wagga to Wonthaggi.”
Dr Dreyfus says that there are clear dangers in the number of remote workers accessing corporate information via personal devices and unsecured routers which often proves problematic for organisations.
“You have problems with people using their wifi from home, maybe they haven’t updated the firmware on their wifi devices for five years – that’s a security risk,” she says. “International industry research actually shows that more than half of malicious attackers are financially motivated… these are professional criminals,” she said.
We’ve reported previously on the dangers of employees accessing personal and corporate information on their own devices, with nearly 40% of respondents saying they were guilty of accessing corporate data on their personal devices.
Dr Dreyfus offered up five key steps to ensure you remain protected while working remotely and keeping both your corporate and personal information safe from prying eyes.
- Implementing Full Disc Encryption (FDE)
- Always having a passcode on your computer, smartphone and internet router
- Using two-factor authentication on logins for sensitive information
- Utilising a password manager system
- Updating software regularly to ensure you’re operating with the latest security updates.