Cybercrime Is Evolving, But Are You?
A week doesn’t pass without computer networks somewhere being attacked by cyber criminals. Is your organisation susceptible and if so, what can you do about it?
Earlier this year, Barclaycard conducted a poll of 500 SMEs and found that 44% were worried about being affected by cybercrime or a data breach whereas just 34% cited Brexit as a bigger concern. While UK SMEs spent £2.9bn on cybersecurity last year, this year the figure is estimated to reach £3.8bn. But is this a case of closing the barn door long after the horse has bolted?
Yes, and no. The nature of cybercrime, the dynamic of diligence vs creativity, necessitates that the attacker is constantly on the look out for weaknesses as yet unidentified by the victim. It’s cat and mouse, although in this case, the cat hunts in organised packs (for the most part in Eastern Europe) while the mice scurry around on their own.
Looking at the bigger picture, cracking down on cybercrime clearly requires a global concerted effort and that means information sharing. Only two weeks ago, Israeli police helped the UK charge a British student for supplying malware used in a string of high-profile cyber attacks. Co-operation at a national government level is vital but industry must also, to some extent, set aside competition for market share and actively engage with competitors in order to spot dangers long before they get in range. In a joint white paper produced by BT and KPMG, it found that businesses fall prey to cyberattacks because many are in denial, believing that cyberattacks aren’t an issue for them. If you’re a small- to medium-sized business, you are especially susceptible and should not take the threat lightly. Even industries as far removed from the tech world as farming are now realising that they are at risk and in some cases are not even covered by traditional insurance policies.
The fundamental measures
Every firm first needs to understand the risks, the types of threat, and embed a culture within the company that ensures all employees understand the dangers and know how to avoid them. This could be the relatively simple implementation of training schemes to ensure that staff develop a critical attitude to anything that looks remotely suspicious. This can’t be a one-time seminar with a security firm, but rather a long-term commitment.
Secondly, and it sounds obvious, but IT leaders must have diligent processes in place to avoid running out of date software. This is critical, especially when an organisation uses temporary staff or staff who are often on the road.
Thirdly, data encryption is critical. Hackers can use even the most seemingly innocuous personal information to their benefit, but encryption of company-wide data is fast, simple and very effective. That said, employees still need to be diligent because encryption only tends to work when a login is not in use so a formal company-wide policy of auto-logouts. Remember, when it comes to cyber security, a company’s employees are the weakest link, which makes having a company-wide internet policy a rudimentary step. Another forgotten measure is actually securing the hardware itself. Security breaches often start from stolen computers.
So how do you know if your company is at risk?
If you’re looking for answers from the board, you may not get them: Aerospace behemoth BAE Systems found that there is currently a huge disconnect between IT heads and C-suite bosses, both of whom expect one another to take responsibility for information security breaches. Fifty per cent of IT heads would point fingers at senior executives and vice versa. Data also shows that 71% of more than 200 Fortune 500 business leaders believe that cyber security is the most significant challenge their business faces. If you’re looking around at the senior faces of your organisation and can’t put a finger on who has ownership of security, then something needs to be done about it.
Often, different companies will apportion the responsibility on different senior executives. CSOs with a tech background are a natural choice, but a CTO or even CIO might be the more fitting selection depending on experience. Whatever the acronym, a dedicated senior executive needs to be on top of the ever-changing threat of cyber crime. Here at ORESA, we work very closely with some of the very best people in the security space (see this interview with Stuart Jubb, director at Crossword Cybersecurity).
To ensure that your company’s cyber-security is in the hands of the best personnel, contact us confidentially at +44 (0) 203 675 1459 or email Orlando Martins at firstname.lastname@example.org. The nature and sophistication of cybercrime is constantly evolving and your business needs talented individuals to evolve with it.