The world has breached the very limit of the Internet Protocol version 4 address, AKA IPv4. This addressing scheme enables around 4.3 billion distinct devices to be connected to the Internet at the same time. However, as mentioned by the father of the Internet, Vint Cerf, IPv4 was not designed as a ‘production’ protocol but was just an experiment that went public. The reach of the newer protocol, IPV6 is more than enough for decades and even centuries to come. It can accommodate our desire to expand the network of networks by expanding the use of the smartphone, tablet and IoT devices; they will have their own IP address without causing any supply issue in the future.
The real problem in the nutshell is this unprecedented expansion opens more opportunities for cybercriminals. Their target is proportional to expand as well, as not all networks and computers are set up with security in mind. Ponemon Institute has initiated a study, and according to its results an average cost of a typical data breach is $6.75 million, with $200 is the average cost of every compromised data.
The damage, of course, escalates the more popular and influential the brand is. The brand reputation damage alone for ‘Nobody Brand X’ is nothing compared to the huge damage against ‘Popular Brand Y’, and the more popular the brand, the more expensive the recovery cost.
Targeted attacks are becoming common, as it is at the tail-end of an espionage. Threat actors monitor the targeted systems for quite a while, looking for weaknesses, the longer the patches are not applied, the bigger the possibility of becoming the next victim.
Identity theft, the fraudulent use of another person’s personal information, usually for economic gain, is another potential consequence of inadequate security controls. This type of fraud generally involves the misuse of existing credit card, checking, savings, and phone accounts, or the misuse of personal information for various uses. Using a technique known as social engineering, users themselves are unsuspectingly surrendering their personally identifiable information to an unknown third party.
Beyond the direct cost of damages to businesses, poor information security can lead to a decline of consumer confidence to online e-commerce transactions and lost customers both for short and long terms. Inadequate enforcement of privacy and security protections has frequently been cited in calls for more rights that provide meaningful sanctions and redress. Security breaches will continue to occur until businesses find that the costs from inadequate security measures outweigh the investments needed to implement a comprehensive information security plan.
The sure way to lessen the chances of becoming a victim of a cyber attack, penetration testing. Companies need to change its culture, through a change of mindset of its leaders, including its board-of-directors. Penetration testing is performed by professional ethical hackers, and it is not a huge cost for a company in the long run. It should be considered as an “investment” in order not to get hacked in the future, or at the very least the chances of becoming the next victim are orders of magnitude minimized.