Computerworld

Kiwi firms wake up to prolific security threats following Sony breach

Prolific cyber attacks against Sony capped off one of the biggest years on record for cyber security, as Kiwi organisations recognise the need to protect against data breaches in 2015.

Prolific cyber attacks against Sony capped off one of the biggest years on record for cyber security, as organisations in New Zealand begin to recognise the need to protect against data breaches in 2015.

According to the Trend Micro annual security roundup, approximately 100 terabytes of data were compromised and up to US$100 million in damages were inflicted during this headline-grabbing incident as businesses across the country begin to sit up and take note of cyber attacks.

The year’s happenings reinforced that cyber criminals are relentless with ever-increasing levels of sophistication and tenacity.

“The average data breach costs Australian and New Zealand organisations millions of dollars, as well the long term impact on shareholder value and brand image,” says Zak Khan, director of custom cyber defence, Trend Micro A/NZ.

“In Australia and New Zealand Trend Micro has already seen an eightfold increase in enquiries in 2015 after analysts forecasted another big year for data breaches.

“With so many high profile attacks in 2014, organisations are beginning to recognise that prevention is cheaper than a cure.”

All in all, Khan says it’s a combination of identifying what’s most important, deploying the right technologies, and educating users.

“It is everybody’s job–not just those of IT professionals–to ensure that the company’s core data stays safe,” he adds.

Additional findings include confirmation of Trend Micro’s late 2013 prediction that one sizeable data breach would occur every month—further solidifying the need for organisations to protect their networks and implement intrusion detection.

“The past year was unprecedented in terms of the size and scope of cyber attacks as evidenced by the Sony situation,” Khan adds.

“Unfortunately, this will most likely be a ‘sneak peek’ of what is to come. Attackers are both tenacious and persistent in stealing data and intellectual property.”

To effectively deal with this reality, Khan says organisations in New Zealand need the ability to detect unexpected and unseen attacks and indications of attacker behaviour across all nooks and crevices of their networks.

Further report highlights include:

• No threat is too small. It did not take a sophisticated piece of malware to cripple a target. Attackers are using a simple wiper to breach company’s defences with devastating effects

• PoS RAM scrapers came close to becoming a mainstream threat in 2014, as several high-profile targets lost millions of customer data to attackers month after month

• New attacks showed that no application was invulnerable in 2014 as attackers branched out into new territory

• Online and mobile banking faced bigger security challenges and are proving that two-factor authentication was no longer enough to secure sensitive transactions

• Ransomware became a bigger and more sophisticated threat across regions and segments. And unlike older variants no longer just issue empty threats but actually encrypt files.