When you leave the office tonight, turn off the alarm. Leave the front door open too. For good measure, head to a dodgy part of town and talk loudly in front of a group of disreputable-looking types about your disregard for security. Drop a juicy hint about the address of your building.

You wouldn’t do this in the physical world, but too many businesses think nothing of applying the same reckless behaviour online.

The costs of cybercrime

In 2014, software security firm McAfee estimated the cost of cybercrime globally to be about US$400 billion.

At a rough calculation, this figure was thought to account for 10–15 per cent of the worth of the annual online economy—a staggering surcharge to be paying for online activity.

The most recent Ponemon Institute report, ‘2015 Cost of Cyber Crime Study: Global’, found the mean annualised cost for 252 benchmarked organisations to be US$7.7 million per year, with a range from US$0.31 million to US$65 million.

Eugene Kaspersky of science and tech website Phys.org—one of the world’s leading IT security experts—estimates there to be about 300,000 unique attacks on computer devices each day. He also suggests that around 5% of computers running Microsoft Windows are already compromised.

Kaspersky said that beyond PCs, smartphones, and tablets, the next frontier for cybercriminals will be Internet of Things (IoT) devices and larger systems such as electrical grids, transport networks, and financial systems.

This broadening of targets for cybercriminals will potentially lead to even bigger financial and reputational losses for companies, as well as massive disruptions to commerce and society. In fact, Juniper Research, in its white paper ‘Cybercrime and the Internet of Threats’, predicts the cost to business of IoT-targeted attacks could be as much as $2 trillion by 2019.

Key threats

In his book released last year—Cyberphobia: Identity, Trust, Security and the Internet—author Edward Lucas ominously warned “the gap between attackers’ prowess and defenders’ abilities has become bigger, not smaller.”

He said, “Our single weakest point is our electronic identities: the messy, unreliable, easy-to-forget mixture of logins, passwords, security questions, and other means we use to control and authenticate everything we do online.”

IT systems, both internal and external facing, are largely identity based, requiring logins and passwords for access. This represents a massive challenge for companies in regard to both internal security and safety from external malicious attack, as well as the responsibility companies have to their clients or customers in maintaining the privacy and integrity of stored data.

You can download the full article below…