No man is an island. This old saying has new meaning in the cyber world and with over one billion people connected on social media life has changed forever. But as we find new ways to connect, follow, engage, like and share, there is increasing risk that our personal information may be breached, hacked, stolen or defaced. And while we may be mortified to know someone has read our emails and is tracking us on social media, the risk to business and indeed, nations is great. Last year, one of my company websites was hacked in such a way the information (in the way I wanted to see it again) was irretrievable.
Externally, consider hacktivist organisation Anonymous. Since 2004, Anonymous has ironically become the ‘face’ of cyber-crime, hitting a host of corporate brands with denial-of-service attacks (DDoS). So far, Anonymous has been responsible for taking down the websites of the CIA, Visa and MasterCard and for leaking information from Sony, Bank of America and Nintendo. While the attacks are brief, they are costly. According to Neustar, 51% of IT professionals say the impact of DDoS attacks on customer experience and brand is their greatest concern. Those who have been hit by a DDoS calculate the cost of website outate to be more than US$100,000 per hour – $2 million a day. And, the risk of an attack is getting higher. Today, there is a one in three chance of a DDoS attack.
But there is more. Because now our data is up for grabs. In 2011, computer hackers successfully stole the names and addresses of millions of US customers in an attack on marketing email provider Epsilon. The security breach forced Epsilon clients including JPMorgan, Citigroup, Disney Destinations and Capital One to tell customers that their email addresses may have been stolen. Not a message likely to build band conference. Moreover, these cyber-attacks do not simply hurt corporate interest, they put us as individuals in the firing line. Most data breaches are used to commit credit card fraud and for identity theft.
So it doesn’t just happen in the movies. In 2010, 90% of US companies had been hacked according to a survey by Ponemeon Research Institute and Juniper Networks. More worrying still is that the majority of companies do not fully disclose the extent of the security breach. Although new guidance forms outline how and when publicly traded companies should report hacking incidents, a Reuters report found that major companies still do not disclose the incidents in their filings.
But surely, that just happens in the US! Wrong again. Billabong, the Australian Institute of Business Brokers and web host Distribute.IT are just a few of the companies that have been exposed to hacks in recent years. Small Australian businesses have also been compromised. Last year, the Australian Federal Police (AFP) confirmed that breaches of individual computer systems compromised approximately 500,000 credit cards and resulted on over $25 million in fraudulent transactions.
Cyber-attacks are a real and escalating danger with potentially explosive social, political and economic fallout. Take for instance the hacking of the official Twitter account of Associated Press. Early this year, the Syrian Electronic Army (SEA) breached the news outlet’s account and tweeted that President Obama had been injured in a bomb attack on the White House. With over 2.5 million followers, the news caused widespread panic with the Dow Jones Index briefly dipping by US$136 billion. Although the tweet was soon exposed as fraudulent, the incident was a timely reminder of the world’s vulnerability to cyber-attacks.
It was also a reminder that cyber-attacks are not just pranks. They involve more than embarrassing leaks of George Bush’s self-portraits in the bathroom or Colin Powell’s suspiciously amorous emails to a Romanian diplomat. They involve multinational corporations, mega databases, governments and our personal information. As we welcome in a new era of cloud technology and more information goes online, the outlook for our cyber security becomes increasingly stormy. Prepare for heavy rain.