Cyber Crime: The Blind Spots
Non-stop innovation is making it increasingly difficult to keep up-to-date on cyber threats, and with banks, airports and most businesses being attractive targets, organisations need to rethink their security approach. From hardware to software, companies are focused on staying secure and resilient against cybercrime.
Cyber risk is constantly evolving, comprising of intangible data which presents a challenge for many corporations. Organisations need to become cyber resilient by placing the emphasis on the importance of business continuity and the need to return to normal operations as soon as possible after an incident has occurred. Trust is destroyed in moments, impacting brand reputation, lost customer loyalty and incurring high costs in the process to win business back.
“An attack could destroy a business overnight, and it’s increasingly clear that knowledge is power when it comes to cyber-attacks.”
Cyber security was traditionally seen as the sole responsibility of the IT department, but IT security has now become a remit for all employees, and CEOs who delegate the task of organising a cyber security strategy without any personal involvement, do so at their peril. Education plays a key role in giving all employees a level of understanding around threats, but it’s also about leading by example. Fortunately, the majority of boards are starting to get more involved, taking a more sophisticated and holistic approach to how cyber is handled in-house.
This is good news because as cyber criminals and their methods become more refined, and as the threat landscape changes due to advances in technology, the power and impact of cybercrime has gained momentum. The WEF Risks Report surveyed a 1,000 decision makers and found that cyber security was the third most likely risk, with data fraud or theft sitting at number four. Each year the Global Risks Report pinpoints and investigates the most persistent risks that companies face, and in the Global Risks Report 2018 cybersecurity featured heavily, presenting a challenging environment for businesses.
The ever increasing use of tech offers many opportunities, including faster, more immediate connections, increased efficiency and improved collaboration and teamwork, but it also opens businesses up to increased risk, additional inaccuracies and undetected exposure. For example, the number of interconnected devices will increase from 8.4 billion today to 20 billion in 2020, highlighting the sheer scale of the opportunity and/or problem businesses will face. IT is garnering an increased role in business decisions with the implementation of cloud computing, data centres, and enterprise mobility, so cyber security needs to be allocated more prominence throughout the entire enterprise.
“Businesses may protect their removable devices, but as little as one infected USB will affect the entire IT network.”
An attack could destroy a business overnight, and it’s increasingly clear that knowledge is power when it comes to cyber-attacks. An eavesdropping breach, for example, is a network security attack where a cyber-criminal steals information that smartphones, computers and other digital devices send or receive. This hack exploits unsecured network transmissions to access the data being transmitted. Eavesdropping is difficult to detect since it doesn’t cause abnormal data transmissions. Many businesses are beefing up their cyber resilience, and Geneva Airport, surrounded by large international organisations including IATA, is tackling electronic eavesdropping and disruption to mobile networks by working with Telecom Liechtenstein.
Businesses may protect their removable devices, but as little as one infected USB will affect the entire IT network. Firms need to be 100% secure and understand that there is no room for error when it comes to security. They can do this by instilling best practice:
- Educate employees on cybersecurity policies for remote work and business travel
- Increase awareness of suspicious activity
- Educate all staff by using resources like the Information Security Forum
- Keep updates on new tools and technology to fight cybercrime
- Avoid pop-ups, unknown emails, and links
Data protection laws in Europe evolved substantially in 2018, with the implementation of the General Data Protection Regulation (GDPR) and the Directive on Security of Network and Information Systems (NIS Directive). The introduction of the GDPR has made UK businesses more resilient to cyber risk, and the emphasis will shift from theory to practice, as application now gives way to enforcement.
The GDPR has already ‘contributed to a greater level of board engagement in cybersecurity issues’ among FTSE 350 companies, according to the government’s Cyber Governance Health Check. The NIS regulations provide the authorities with power to ensure organisations address any compliance failings, and they can issue significant financial penalties to organisations that fail to do so. In the UK there is no single competent authority – instead, a number of government ministers, departments and regulators such as Ofcom and the Information Commissioner’s Office (ICO) are tasked with overseeing compliance across the various sectors in which the rules apply.
In this Internet-driven era, DDoS, data breaches, malware and ransomware have become increasingly common terms, and even some of the big names such as Adobe, Sony and Facebook have fallen prey to notorious cyber-attacks. Digital innovation will continue to impact business, but understanding both the threats and the opportunities it brings with it will help combat cybercrime.