Published on the 29/10/2015 | Written by Beverley Head
When HP and the Ponemon Institute asked 28 Australian organisations about their experience with cybercrime, they discovered that the average cost of an attack was now $4.9 million…
In addition it cost more than $40,000 and took a month to resolve the problem.
Released this month these figures make clear the extent of the problem facing Australian businesses, but according to Roy Adar, senior vice president of product management at CyberArk, organisations remain focused on perimeter security measures, despite growing evidence that the perimeter is porous.
And, given Gartner’s prediction that next year $US2.5 million a minute will be spent on Internet of Things deployments, protecting the perimeter is going to get a whole lot harder.
“People believed in the past that the perimeter was the most important part of defence. Over the last five years we have proved that the perimeter is very porous.
“The issue is how to stop hackers from moving further inside,” said Adar.
CyberArk’s approach has been to focus on internal protection measures, essentially to protect privileged accounts – the administration accounts which hackers prize because they effectively act as the keys to the digital kingdom. It first locks down privileged accounts, controls and isolates privileged activity, and also monitors activity for suspect patterns.
Entry level pricing starts at around $30,000.
Adar, who was in Australia this week, said that part of the problem to date was that many organisations had hired security specialists, but into lowly positions without the clout needed to be heard higher up in the organisation. He said that as a result there was only a relatively low number of organisations which had properly protected privileged accounts.
CyberArk itself has around 1,900 customers worldwide, about 5 percent of which are in Australia and include three of the four major banks, Government departments and some utilities and resources companies. According to Adar that still leaves a lot of vulnerable businesses noting that “analysts suggest that less than 10,000 organisations have their privileged accounts protected,” although he acknowledged that some organisations may have deployed manual workarounds to try and protect themselves from attack.