“Organisations and governments are completely overwhelmed by the sheer size and complexity of this problem,” says Max Pemberton, Managing Director of PSG Cyber Intelligence.
The cyber expert and former Special Forces team leader, who spent 20 years in the military, now specialises in training financial institutions, helping them to develop cyber strategies as well as hunting down those behind a crime that is on the same multi-billion dollar scale as the global illegal drugs trade.
With the Australian Cyber Security Centre reporting around 76,000 cyber events in the past year - up 13% on the previous financial year – that works out at an attack every seven minutes.
“It's made worse by our increased reliance on technology,” says Max, who is giving the FINSIA Podcast and InFinance an overview of the problem and a taster of the day-long, six module workshop.
By 2030, the number of internet-connected devices is expected to reach 30 billion, which is a 300% increase on the amount of devices in 2020, he adds.
“You can expect that the threat is going to go up proportionally. We are expecting this threat to grow in complexity and severity before it gets better,” he adds.
Max pointed towards the Internet of Things boom – and everybody’s requirements to have household items like fridges and thermometers connected online – as one of the drivers of increased opportunities for criminals behind the breaches.
“This is what's presenting a significant risk across businesses in general and across private and public sector,” he said.
One sensational example of this happening, according to Max, was when a Crown Casino high rollers table was hacked through a fish tank that was connected to the net.
The hackers were scanning the internet and got into the network that way.
“That in my mind starts to give you an understanding of how bad this problem is and where it's going in the future.’
While a breach at a casino fish tank sounds like something out of a spy thriller, the very real cost to the Australian economy is around $42 billion per year, according to UNSW. Estimates of the cost to the global economy in 2025, put the figure at $10.5trillion.
Unsurprisingly, a shadowy mirror image of industry has evolved, Max explains.
“Groups like the REvil Group or the Conti Group are running full businesses to the tune of 300 staff with full IT teams, full HR teams, management teams, bonuses on their productivity rates. They're running it like a business.’
How can businesses tackle this ever-growing problem – especially considering the complexity of the issue?
One of the key ways, says Max, is taking a risk-based approach and speaking a universal language as a “100-page pen testing report is double Dutch to most people”.
It’s about executive teams and the C-suite having an understanding of why they should act and what they should do.
“Unfortunately, it's not a matter of if you get breached, it's when. How do we minimize that so we can automatically kick the threat actors out of the network before they do damage?”
Find out more by downloading the FINSIA Podcast here Facing a cyber breach is not a matter of IF, but WHEN | FINSIA podcasts (podbean.com)