After reading a few articles I came across some interesting data freely available in cyberspace. It came to my attention that the public perception of cyber security is somewhat skewed. The larger companies are not disclosing their most serious security breaches. We all know that many people tend to shop online. This is because of larger discounts and organisations who prefer to sell online (many of whom do not have to handle their product). Many of us work online as demand for more flexible working hours continues. Many people play games online using the plethora of technological devices developed for our pleasure. More and more often our lives are becoming far more dependent on online data and digital services. All of the above form what is commonly known as The Internet of Things.
However, although this sounds totally fascinating and difficult not to use, it does pose a serious threat. The threat is known as cyber security. Many larger companies suffer up to 1000 security breaches on an hourly basis according to figures published (BIS Cyber Security Breaches Survey, 2014). However, when we examine the media reports we only witness one or two major breaches. This is not a true reflection of the current cyber security threats market. According to published figures over 70% of organisations do not publish major security breaches (CyberSecurity Watch survey, 2010). They do not involve media, regulatory bodies, or inform law enforcement. One can only assume this behaviour is to cover up more serious data breaches. The current security breaches published in the media have a negative impact on those organisations. So we can imagine that a company could potentially be shutdown if we were informed of more serious data breaches. Should we just hold the organisations responsible or take some management of security ourselves?
All the responsibility can not be placed on the organisations. I truly believe that we all have a responsibility for cyber security. We all should take necessary steps to protect our data and that of others. This could be through implementing our own security measures (antivirus, strong passwords, different passwords for different services, firewalls, data backups, updated router bios, computer password protected user accounts) or reporting the ones we witness.
Cyber Security Number Crunching…
The concept of cyber security is definitely a topic that requires us to evaluate the validity of the information provided. This is a sensitive topic to many large corporate companies. The figures presented above were derived from the Cyber Security Watch Survey of 2010. This research was carried out in the United States of America. A number of different organisations were involved including that of the US Computer Emergency Response Team. According to this survey, the general public might not be fully aware of the full impact of undisclosed cyber security breaches:
‘the public may not be aware of the number of incidents because almost three-quarters (72%), on average, of the insider incidents are handled internally without legal action or the involvement of law enforcement.’
The estimate of 1000 potential cyber security breaches presented above was taken from the BIS Cyber Security Breaches Survey produced in 2014. You are able to take the total number of companies that reported cyber attacks of more than hundreds per day. To be safe, we could assume a minimum attack rate of 100 per day to be safe (although, still not a true reflection of the impact and scale). Using this minimum threshold, you can establish there were 24156 attacks per day. This was spread across the total number of organisations taking part in the survey (1098). To find out our average (estimated) attacks per hour we divide this by 24. This would suggest that the minimum cyber attacks suffered by the surveyed companies was above 1000 per hour.
This to me clearly states that we are not fully made aware of the true nature of major cyber security threats and potential breaches. Our current interpretation of the cyber security market is distorted by the organisations of whom their job (as well as our own) is to protect data security in the first place.
On another separate topic, I find it very interesting that Apple OS updates only show you the benefits of the update by default. You have to head to their website to find out the large amount of security breaches they have closed for a particular update. Again, skewing the general public’s understanding of the market for cyber security threats and breaches.
CyberSecurity Watch survey (2010). Interesting Insider Threat Statistics. Accessed: 20-05-2016. Available at: https://insights.sei.cmu.edu/insider-threat/2010/10/interesting-insider-threat-statistics.html
Information Security Breaches Survey (2014). Information Security Breaches Survey. Accessed: 20-05-2016. Available at: http://www.pwc.co.uk/services/audit-assurance/insights/2014-information-security-breaches-survey.html