Welcome to 2016 and happy new year. Now here is the bad news.
In a presentation by the CEO of Microsoft, Satya Nadella, the following numbers were shared to illustrate that 2015 was a bad year for cybercrime:
– 160 million customer records compromised
– 229 days on average between infiltration and detection
– $3 trillion of market value destroyed
The lost productivity and lost growth caused by cybercrime led to the $3 trillion estimate.
If you care to view the 49-minute presentation you can find it here.
Since the dawn of communication technology there have been interference and fraud, so it is not a new phenomenon. However, like the speed of transactions, the speed of fraud has increased exponentially.
Mail gave us mail fraud
Telegrams gave us wire fraud
Internet gave us cybercrime.
From our IT services viewpoint we have never seen as many breaches as we did last year and have never lost so much of our time to cleaning them up and recovering lost data. We also saw more irretrievable destruction of data than ever before and also saw more lost productivity amongst our clients than in any year previously. If this increases in 2016 it will force us to hire additional staff to deal with the workload and to increase prices charged to cover the cost of recovery.
We are already considering putting exclusions on this in our services contracts as a result.
IT is now involved in every part of our lives from amusement to education to transportation to work and beyond. Trust is central to this. Faith and hope do not have a place in defence against cybercrime, as attacks are automated and thorough. Effort to build trusted, robust and up-to-date systems is the key to safety.
Satya spoke of the Microsoft approach to security starting with the Microsoft mission. “To empower every person on the planet to achieve more” and going on to talk about the importance of being able to trust digital technology.
In light of that Microsoft is working with the following four pillars in mind to protect us:
Privacy to ensure your data is private and under your control
Compliance to manage your data in accordance with the law of the land
Transparency, Microsoft will be transparent about the collection of data and the use of your data
Security, All your data will be secure
IT has moved from our IT environment which we control to be an extended global network. Clearly IT security has not kept up with the changing nature of how business is done.
There are many solutions out there but the adoption rate of the cloud environments is well ahead of the adoption of the security solutions.
Yet, the frustration is that most of the breaches are related to the lack of patching and the lack of strong credentials. Hence the claim that it is complacency that has driven the $3 trillion cost.
More effort on managing passwords and more effort to keep systems patched and managed would significantly reduce this loss. Microsoft is not blaming people for the complacency because getting it right is complex and for some beyond capabilities. Instead Microsoft is working hard to build systems that are simpler for owners to manage and stay on top of.
For example, Windows 10 will allow us to use bio metrics such as Windows Hello for facial recognition to log in to the device. This login offers better security than passwords and is then integrated for use with thousands of cloud SaaS solutions for single sign-on.
This means that with a quick look into the lens your device will open and securely connect you to most of your web portals for social media, financial management and so forth. No more hiding away a pin or password and no more keeping an encrypted key file just to keep track of how you access everything.
Also, Device Guard on Windows 10 will work to stop hackers from running malware on the local machine through some smart virtualisation layers that are beyond the nature of this blog. The point is that keeping secure needs to shift from individual responsibility to machine-managed with a simple human interface. In 2016 we just may see this begin to happen.
Windows 10 is generally getting a good wrap and it is now time to start planning and testing for company migrations to the new platform which offers better security features than its predecessors.
My hope is that before the free upgrade path from Windows 7 service pack one and Windows 8.1 expires on July 29, 2016 there will be good reasons to upgrade. With just over six months left to plan, test, build and roll out it is certainly time now to start planning.
In the meantime please consider patching all of your devices to latest patch versions and get off end-of-life products such as windows XP and Server 2003. The cost to your organisation when they are hit by cyber attacks will be high. Higher than the cost of migration to better platforms.
With an average infiltration detection time of 229 days as mentioned above you may already have been hit and just don’t know it yet.
David Markus is the founder of Combo – the IT services company that is known for business IT that makes sense. How can we help?