30 May 2017

Fighting Fire With Fire – Equipping A Digital Army In A Cybersecurity War

By Eric Berdeaux

Cyber security is now a major industry, whose sheer size and growth is reflected in Statistics MRC data that showed the cybersecurity market is estimated to grow to $224.48 billion by 2022. There is so much data and information available on companies and individuals now, that there has never been as much risk and threat as there is currently.

The last few years especially have seen a number of high profile cyberattacks, where the ability, professionalism and organisation of hackers has far outweighed a company’s ability to defend itself. As well as being unable to defend against such attacks, many organisations also struggle to quantify the impact of such risks, leaving them more vulnerable than ever before. What are the reasons behind the on-going rise in cybercrime and what must organisations do to adequately defend themselves against attack in a cybersecurity war?

The rise of cybercrime

There can be little doubt that over the past decade, cybercrime has risen massively. In the UK alone in 2016, around £124million was stolen by hackers via the internet – a jump of 1,266% compared to 2015, according to the KPMG Fraud Barometer.

This rise can be attributed to three main reasons. First of all there is a new wave of criminal out there, that instead of physical crime, looks to exploit gaps in online and banking security. These hackers are highly organised and professional, and come with a skill-set that both the police and vulnerable organisations find hard to match or defend against.

The way technology has evolved is another contributory factor. The ways businesses and consumers communicate with eachother, manage their finances and spend time online, means there is a massive data trail that hackers can target and exploit. The internet of things – where everyday objects are connected to the internet – also increases vulnerability and is another chink in an organisation’s armour.

Thirdly, there is threat from a wider array of sources than ever before. Not only hackers, but insiders and a firm’s competition have all been known to attempt cybercrime. Often their aim goes beyond purely financial information and has widened to include the targeting of data and intellectual property, which can threaten the existence of a business if it was to be breached.

The inadequacy of many firms’ defences

It has become very clear over the past two years, that many firms simply do not have the tools, expertise or manpower to effectively defend themselves against cybercrime. In 2016 the UK Government published a guidance document – 10 Steps to Cyber Security – which sought to provide information on how to protect themselves in cyberspace.

But a PwC report in the same year revealed that one-third of companies have no plans in place to fend off online fraud. This is highly concerning. The cost of cybercrime goes way beyond whatever is actually taken by a hacker, and can include: the costs of investigating a cybercrime; criminal or civil cases that may be brought against the hacked company; fines for negligence; and the loss of reputation that come from being hacked, and of course the impact on a company’s bottom line that that may have.

Equipping your digital army

The truth is that no-one knows the true extent of cybercrime, and what we have become aware of could just be the tip of the iceberg. What is also true, is that prevention is far and away the best form of defence and this requires constant vigilance and a continuous defence.

With the rise of professional hackers, it means that companies have to become equally professional in how they manage risk and meet this growing cyber threat. An internal IT team is simply not enough. Their time is spread too thinly across many other areas of IT and they often lack the most up-to-date expertise to be able to defend against cybercrime – a digital army of hackers requires a digital army to defend against it.

This entails the involvement of highly trained and proficient third-parties, adept at warding off hackers and using digital tools to enable the real-time monitoring of threats, ensuring digital cyber security is a continuous and on-going process.

Cybercrime is a board-level issue, but not enough boards are treating it with the seriousness it requires. Many are only paying lip service to defending against cybercrime, and without the right defences, many more organisations may come under attacked, as we observed only recently with the WannaCry ransomware, which affected the NHS and infected 300,000 computers in around 150 different countries. It’s time for boards to face the reality of the threat of cybercrime, or they will face the most severe of consequences.

No comments: