You are here
Education on cyber-crime risks key in tackling rising complexity of cyber security
CYBER crime is big business - the cost has been calculated globally at US$114 billion a year - and has been identified as a major world threat.
It also has a disproportionately large effect on technologically-sophisticated nations like Singapore, where it has been estimated that as many as 70 per cent of the people will be victims of cyber crime of one sort or another in their lifetime. What's more, it's not simply unsuspecting consumers who are targeted. Last December, 17 government websites had their data compromised.
The problem is now only increasing. Indeed, a recent report by Carbon Black revealed that some 96 per cent of 250 local organisations surveyed have suffered a cyber security breach in the last 12 months, with increasingly sophisticated tactics. While the same report also reveals that most firms have cyber security measures in place, it is clear that businesses need a smarter approach to gear up against complex cyber crimes.
NEW TECH, NEW THREATS
With more employees using mobile devices and social networks at work, the opportunities for cyber criminals have only grown. At the same time, many users are not as security-conscious with these devices as they might be with their computers. As people have more devices, it seems they are becoming less focused on security; a survey by Norton Cybercrime found 41 per cent of users in Singapore did not use complex passwords or change their password frequently.
This has profound implications for businesses, which are becoming wireless alongside consumers. Not only do many businesses use social networking tools, but developments such as cloud computing and Bring Your Own Device (BYOD) mean they are more vulnerable than ever. All this sits alongside "traditional" attacks on infrastructure, meaning that cyber criminals now have a wide range of methods to damage a company.
Businesses should consider cyber risks in all their activities as there are various motivations for cyber crime. Apart from the lucrative financial fraud, data theft is also attractive to criminals, and this is not necessarily limited to commercially sensitive data or intellectual property. Departments like human resources and legal affairs, which are typically viewed as low risk, hold highly confidential data that can be disastrous if they fall in the wrong hands. It is thus crucial that cyber risk is not pigeonholed as an IT matter or limited to a few departments.
How can businesses protect themselves against cyber criminals?
Firstly, it is vital that those at the top are aware and sensitive to cyber crime and best practices. As technology is constantly shifting, it can be that more senior and experienced employees are not completely up to speed with the latest developments. However, they are also the most likely targets for criminals. As the tone in companies is set from the top, having cyber-savvy leadership should translate into a cyber risk-aware culture throughout the organisation.
Secondly, cyber skills should be prioritised, and regular training made available for all employees. It is critical that they have access to the knowledge and processes that enable them to protect the company at all levels, given the increase in frequency of cyber attacks across departments.
Thirdly, regular re-assessment of potential threats is needed. Unfortunately, the nature of technology means that threats are constantly changing, and the ways in which a company can be attacked changes by the week.
PLAN FOR THE WORST
The above are all good preventive measures, but organisations also need to ensure plans are in place in the event of a cyber attack. This means clear and transparent policies and steps to take when a cyber attack happens or when a crime is suspected. Many businesses have good response plans in place to ensure business continuity in the face of other disasters; cyber crimes should be given the same priority. By accepting that their security will be compromised, this can result in a different mindset, one that will help to broaden cyber security activities beyond prevention to include intelligence, detection and response.
Finally, companies will contribute greatly to fighting against cyber crime if they are prepared to share knowledge internally and with peers. Increasing information sharing is the best way to help build up a picture of the reality of the threats facing businesses, governments and consumers alike. By building a better understanding of what is going on, the spread of incidents can be reduced.
CRIME IS CRIME
The fact is - cyber crime is not that different from other crimes, except for the medium and method. As business advisers, the accountancy profession needs to help ensure that clients are aware of the major threats to their businesses.
Technology has enabled businesses to do many things that were unachievable half a century ago, but along with this has come the potential to abuse these new methods of data storage and communication. By educating them on the potential threats and counter-measures, companies can be better prepared to manage the risks of cyber crime as they would with any other threat.
- The writer is regional director for Greater China and South-east Asia in the Institute of Chartered Accountants in England and Wales (ICAEW)