Many organisations don’t view cybersecurity as a priority and fail to take a pro-active approach to cyber threats. In 2016, global companies spent almost $600bn building their brands, whilst only allocating about one-tenth of that amount on cybersecurity. However, nobody is immune from attacks and it’s paramount that organisations are aware of the hugely detrimental implications of failing to prepare for a cyberattack; including the implications on operations, finances, legal consequences and the potential damage to reputation.
I’m a victim of cybercrime, what now?
Act fast! It’s key that you view a cyberattack as an urgent matter and you don’t wait for the consequences. First, “stop the bleeding” and ensure that you have contained the incident to the best of your ability to maintain your business operation. Then plan to notify all the relevant stakeholders, including insurance companies, regulators, legal counsel, law enforcement and your customers. It’s recommended to have a list of all those people you may need to communicate with well in advance of an attack, to ensure you don’t miss any stakeholders and incur unnecessary delays when responding to an attack.
More importantly, don’t wait until the breach happens. Be pro-active rather than re-active. Ensure you have procedures, guidelines and a plan of action in place for if/when a cyberattack hits. In the case of cybercrime, be a pessimist: it is not about if you’re attacked, but when.
Looking ahead to the future of cybercrime
The cybercrime landscape is evolving. Cyber criminals have found a new, fruitful opportunity in targeting individuals, rather than just targeting a company’s IT systems.
Whilst we’ve recently witnessed the creation of innovative tech solutions and should see an increased combination of security analytics and Intelligent Automation (IA) to help us defend against cybercrime, attackers are using the same technology, meaning we can’t rely exclusively on these solutions. It is fundamental that we take a holistic approach to fighting cybercrime, incorporating the use of authentication, cultural awareness and the human element in the fight. We shouldn’t let our technology solutions lure us into a false sense of security.
However, it’s not all bad news. Whilst the EY Global Information Security Survey 2018 recently revealed that Tech, Media and Telecommunications companies require 22.2% growth in funding to protect themselves in line with company’s risk tolerance, preventing against cybercrime is becoming easier and cheaper. For example, two-factor authentication has become much more widely available and is predicted to become the norm. This method alone can significantly reduce email account take-overs – often a common form of attack on people who are susceptible to phishing attacks. Additionally, we are seeing companies responding and dealing with attacks better. Strong defensive strategies and increasing use of security and analytics is putting companies at an advantage to attackers.
Economic Crime Plan not enough to combat money laundering epidemic
Don’t let cybersecurity be an after-thought!
Remember the ABC’s of cyber security to reduce your chances of being a victim of cybercrime
- Access control – use strong authentication and “least privileges” to limit the impact of an attack
- Back to basics – practice good Cyber hygiene – patching, backups, passwords, anti-virus
- Cultural awareness – the human firewall is key – don’t be an easy target
Watch my interview with UK Tech News for more insights: https://www.uktech.news/video/tech-world/tech-world-facebooks-fine-elon-musk-makes-headlines-and-more-20180720
All statistics are taken from the EY Global Information Security Survey 2018: https://www.ey.com/gl/en/industries/technology/ey-tmt-global-information-security-survey-2018
The views reflected in this article are the views of the author and do not necessarily reflect the views of the global EY organization or its member firms.