LandMark White's data breach just the beginning for cyber criminals
20 March 2019, Written by David Simmons
Though the dust is yet to settle and the full effects of the data breach suffered by LandMark White are yet to be revealed, it's safe to say one tiny error has led to a world of pain for the listed property valuer.
Whether it was the 10 days that LMW's data was sitting on the dark web free for anyone opportunistic enough to grab, or the unmonitored Twitter account and the ignored live chat messages that alerted the company well in advance, LMW holds partial responsibility for the mishap.
This is something LMW has accepted and is hoping to fix, but the incident itself may be a harbinger of what could become more and more commonplace for businesses around the world.
The 2019 Official Annual Cybercrime Report from Cybersecurity Ventures paints a dire picture not just for the future of businesses, but for humanity more broadly.
Cybersecurity Ventures predicts cybercrime will cost the world in excess of US$6 trillion annually by 2021, up from US$3 trillion in 2015.
If that number doesn't sound shocking enough, consider how it could soon become the greatest transfer of economic wealth in history according to Cybersecurity Ventures, and would be more profitable than the global trade of all major illegal drugs combined.
The $6 trillion would comprise costs relating to the damage and destruction of data, stolen money, lost productivity, the theft of intellectual property as well as personal and financial data, embezzlement, fraud, post-attack disruptions, forensic investigation, the restoration and deletion of hacked data and systems, and reputational harm.
LandMark White must be all too familiar with the hefty cost of a data violation.
In the time before the company suspended its shares its share price dived by $0.10 per share, equating to around $8.153 million being wiped off its market capitalisation that's close to a quarter of the company's value.
Looking at the group's revenue at the end of the last financial year, the group brought in $42.5 million. Assuming the company has not received any revenue during the month between the announcement that it temporarily lost major clients (Commonwealth Bank is one that has since come back on board), on a monthly average basis that's a hit to the group's revenue of $3.5 million over the last month.
Though not on the scale as some historic data breaches like the Yahoo hack (which affected around three billion user accounts), the Marriott hack in 2018 (which exposed 500 million user accounts), and the Equifax breach in 2017 (which hit 145.5 million customers), the LMW breach is now part of a long legacy of cybercrimes worldwide.
Demonstrating the immediacy of the problem and how even the biggest companies are at risk was the recent data breach of Kathmandu. Though the extent of the problem is still yet to be revealed there is the potential of serious implications for the outdoor goods retailer.
Because of the scope of vulnerabilities faces by a business in 2019, Kane Sajdak, co-founder of BITS Technology Group, stresses it is important to be prepared for anything.
"The best way to protect their data really depends on what kind of data they are looking to secure is it a back-end database? It is some private intellectual property and processes that need to be kept from a competitors' prying eyes? Or is it a complete list of medical records for every patient a business has seen?", says Sajdak.
"In the first instance, engaging a cyber security company to assess the exact requirements is a must because when it comes to cyber security, you don't know what you don't know."
But even if you manage to get a cyber security expert in post-breach it might be too little too late according to Sajdak.
"Usually, if you're aware you've been attacked it's too late," says Sajdak.
"When it comes to cyber security, prevention is infinitely better than trying to fix holes after they've been exploited. With that being said, the first thing would be to engage a trusted IT Firm or cyber security consultant to assess what the damage or data breach possibility is and formulate a recovery plan."
Kane Sajdak (pictured right) and Bernard Mangelsdorf (pictured left) from BITS Technology Group
The fallout from a data breach can destroy a business too, especially when it comes to letting clients know.
"If there is the potential of personally identifiable, medical or financial data being exposed as per the Notifiable Data Breach Scheme that came into effect 12 months ago, you may need to publicly disclose the breach to both the Australian Government, and your client base. It's basically commercial suicide."
Not only will there be more people online by 2020 (estimates say 75 per cent of the world's population will be connected), but Microsoft has estimated that by 2020 data volumes online will be 50 times greater than they were in 2016. This is a lot more data to be exploited, and a lot more people looking to exploit it.
The dark web is increasingly becoming an uncontrollable problem too, as evidenced in the LMW situation.
The dark web (or the deep web) is not indexed or accessible by traditional search engines and is estimated to be around 5,000 times larger than the regular web and is growing at an extremely fast rate.
With the rate of cyber-attacks set to grow over the next few years, the human labour required to stem the flow of information is simply impossible to deploy. However, there will be a serious need for cybercrime specialists, with Cybersecurity Ventures estimating there will be 3.5 million unfilled cybersecurity positions by 2021.
Scared yet? It's not all doom and gloom technology is poised to dramatically improve our lives in unimaginable ways; just make sure you lock it down with a solid cyber security plan in mind.
Author: David Simmons