The message was simple, companies should expect to be attacked, according to Telstra chief information officer, Mike Burgess, who delivered his company's view of the cyber security landscape at the 2015 Check Point Cyber Security Symposium.
The threat, according to Burgess, is both an internal and external thing.
On the external side the threat consists of individuals motivated by fame and fortune; issue motivated groups looking to protest and make a point online by engaging in hactivism to steal data or embarrass organisations or governments; organised crime gangs looking to make serious money; and nation states looking to gain a tactical or strategic advantage.
The insider threat, said Burgess, is not simply the morally corrupt individual seeking personal gain by stealing data, it goes far beyond that and is far more simple and pernicious than many realise.
Burgess said it was imperative to give regard to well-intended individuals inside an organisation or its supply chain, that do their jobs well and with care, but make mistakes or take inadvertent action that puts data at risk.
The Telstra CIO stressed nothing was really new in this. He made the point that the issue is significant because in an age of connectivity and continuous uptake of technology, crime, protest, espionage and even mistakes come at a scale, pace and reach that is unprecedented.
"It's what makes cyber security a matter of global importance and makes it a significant issue we have to deal with," he said.
"I hear many people talk about cybercrime, cyber espionage and hactivism. Cybercrime is just a crime, cyber espionage is just espionage and hactivism is just a form of protest.
"But again, because of technology and connectivity, these things can happen at a pace, scale and reach that is unprecedented. The impact can also happen at a pace, scale and reach that is unprecedented."
Burgess sited the US health provider, Anthem, breach and the loss of 80 million customer records as an example of this new cyber security paradigm.
"Today, it is a reasonably foreseeable event that someone will attempt to hack an organisation or a network to steal information," he said.
"Today, it is also a reasonably foreseeable event that someone will hack an organisation to disrupt that organisation. This is a reality we must deal with."
Burgess outlined two important things he felt distracted from dealing with the risk of cybercrime and manage this challenge effectively.
"One of the distraction points I want to talk about is attribution distraction," he said.
"Don't get me wrong. I am not saying attribution is not important> I'm not saying you shouldn't source great technical intelligence and other forms of intelligence to understand the threat and intentions of those looking to steal information or disrupt an organisation. That is incredibly important.
Sign up for Computerworld eNewsletters.