Another week, another global outbreak. Yet you still don’t think you need real visibility? Really?

Are we really naïve enough to think that we are immune to being hit by these global threats?

Do we really think that everything is ok, even though millions around the world have been hit?

We really have become a special kind of stupid... Harsh? Maybe, but I hope this gets you to listen.

I speak to people everyday who are overwhelmed by the growing threat landscape. They hear of these threats and see the dangers and have felt the pain of a cyber-attack in the last few weeks or months – yet nothing has changed in the environment. You then think that you won’t be attacked again?

More discussions leads to more discussion. More talk about what needs to be done leads to nothing actually being done.

Updating a policy as a knee jerk reaction is one thing, but not doing anything to monitor what is really happening renders your policy worth only the piece of paper it is written on.

IT and business media are increasingly full of the threats posed by cybercrime. Based on my own extensive experience the threat is not exaggerated.

Many of the threats are underpinned by something called the Dark Web, or Dark Net. This term refers to an overlay network that exists in parallel to the Internet, which can only be accessed using specific software like a TOR (an application browser used on the dark web) browser, configurations or authorisation.

Dark nets are quite transient, appearing and disappearing at unexpected times. They contain a vibrant and thriving e-commerce sector in which participants trade in illegal goods and services. These markets offer goods like drugs, counterfeit money, stolen IDs, credit card details, and website and corporate access credentials.

Where do these thriving markets in this hidden cyber world get the goods they are selling in such quantities?

The answer is from you, or your network, often through a compromised device. Upon investigation, it is also clear that in almost every incident, the user and the people responsible for managing the computers and networks did not even know they had been compromised. In other words, they do not know to take post-factor remedial action.

An additional factor is that even a person with limited experience can quite easily access the tools and services needed to hack into sensitive data and credentials. In uncertain times, people look for new ways to make a little bit extra. These amateur hackers are compounding the already severe problem posed by criminal syndicates.

The only place where an investment to prevent cyber-attacks is unnecessary is in the land of make-believe

Recently revealed research results by Kaspersky Lab would certainly indicate that prevention is not an option but should rather be a strategic business objective when it comes to cyber breaches. Kaspersky notes that large business losses from cyberattacks are estimated to be $861,000 per security incident. The report named: Measuring the Financial Impact of IT Security on Businesses* notes that small and medium businesses (SMBs) are paying $86,500 per incident. Significantly the cost of recovery is estimated to be directly related to time of discovery. Small to medium business were found to pay 44% more to recover from an attack discovered a week or more after the initial breach, compared to attacks spotted within a day. Enterprises corporations are estimated pay a 27% premium in the same circumstances.

Cybercrime is reported as the fastest growing industry worldwide and South African businesses lose around R2.2bn Rand annually to cyber-attacks.

It seems incredible that in an age where cyber threats evolve as quickly as technology develops, thousands of businesses in this country rarely, if at all, re-evaluate their vulnerability to this growing global issue.

Security initiatives often end up being ineffective because they are not focused on the right issues.

It has become abundantly clear in my conversations with IT managers, CIOs and other executives that there is a huge need to cut out the noise and the fluff, and direct security efforts in the right places.

As the wheel slowly turns and more companies place a higher priority on information security and protection against cyber threats, it is the responsibility of security professionals to manage this ongoing task. If security is to be sustainable and effective, businesses must understand it is an evolving undertaking that requires continuous attention from skilled specialists.

Companies today are definitely putting a spotlight on security – it is now the big buzzword in IT. Due to this, there are a plethora of new companies and solutions making a lot of noise in the marketplace. With all the flash, pomp and ceremony companies are being bombarded with, they need to ensure they are not just being sold a shiny bottle of snake oil.