Albert Einstein once said, "I know not with what weapons World War III will be fought, but World War IV will be fought with sticks and stones."
Ever a man ahead of his time, were he alive today it’s likely the only thing he would change about his statement would be how World War III would be fought. He surely would point at the spate of cyber security threats and surmise the most dangerous weapon of the next world war to be an invisible terror delivered electronically. He would note that the threat could come from anywhere at any time, be delivered with complete stealth, hit at the most sensitive systems, cripple infrastructures, topple economies and create chaos, all before even a single soldier was wounded.
But this begs the question, "Has World War III already begun?"
Australian Defense Minister Stephen Smith told his country’s Defense Signals Directorate (DSD) last week that cyber security threats are coming from all over the globe via foreign and domestic sources. And these sources are as widespread in size as they are in geography, ranging in size from individuals, hacker groups, to organized crime syndicates to nation states.
As he said to the DSD:
"Australia is experiencing increasingly sophisticated attempts to infiltrate networks in both the public and private domain. The dangers come not just from nation states, but also from non-state actors."
Smith added that nobody is immune to these cyber security threats and that governments, corporations and individuals are all targets of cyber attacks and that, "More than 65 per cent of the intrusions observed by [Australia’s Cyber Security Operations Centre] were economically motivated."
For those perpetrating a cyber attack for economic purposes, the costs they impose upon their targets are significant and far reaching:
- Loss of business due to IT downtime
- Loss of clients who leave seeking "more secure" business access certification
- Lost productivity of non-IT staff while IT staff repairs the breach
- Labor costs associated with the IT staff’s reparations
- Legal costs associated with investigating the breach and prosecuting an attacker
- Legal costs to defend the company in suits brought by clients whose information was stolen
- Cost of reputation reparations paid to public relations and media relations consultants
- Increased costs of insurance premiums
- Cost of ensuring future risk management compliance
Obviously, organizations need to address their cyber security risks and defend themselves against cyber security threats by deploying audit controls that can undermine the bottom lines of organizations. Identity and access management, GRC software, and cyber security software are at the forefront of prevention. Just limiting identity and access governance to authorized users only and prohibiting unauthorized users from entering a network prevents many IT cyber security attacks from happening.
Get Your Free Top 10 Access Governance Best Practices Workbook
Learn the top 10 Access Governance Best Practices for successful implementations from experts. Sidestep the challenges that can derail GRC software and compliance management projects.