Cyber-attack is a fact of business life these days.
By Michael Davies, CEO, ContinuitySA
Like it or not (and none of us do), it seems that the brave new world of the Internet, and the resulting connected business environment, have created a whole new class of crime: cyber-crime. Cyber-criminals are legion, and exist in suburban bedroom in Iowa, lofts in Beijing and North Korea, and Internet cafes in Belarus and Estonia. They are highly skilled, often anarchist in mindset, and supported by an apparently limitless set of hacking tools available on certain illegal sites (the Dark Web),either for free or for relatively small amounts.
These criminals are motivated either by financial gain or the simple joy of cocking a snook at the establishment—probably a bit of both, to be frank.
The statistics are truly frightening, as you have doubtless seen in news reports for many years—especially as a lot of cyber-crime is not reported to protect the victim’s reputation. Such an atmosphere of unrelenting threat is taking its toll: the recent Cisco 2016 Annual Security Report found that companies globally feel increasingly vulnerable to cyber-attacks, and less confident in the security measures they have in place.
Another study, RSA’s Cybersecurity Poverty Index shows that nearly 73 percent of global companies reported they had insufficiently mature levels of security. The survey further adds that the greatest security risk was the ability to measure, assess and mitigate cybersecurity risks, with 45 percent of the companies surveyed describing their capabilities in this area as “non-existent” or “ad hoc”. By contrast, only 21 percent reported that they are mature in this area.
The Cisco study found that small to medium-sized businesses have emerged as a potential weak link, spending less on Web security than in previous years. This connects back to the supply chain risk identified in a previous blog: many of the companies in your supply chain might fall into this category, making all their business partners as well.
Cyber-security is not just a technology problem, and it cannot be solved by the IT department. The whole company has to be made security-conscious, and security protocols have to be built into business processes. Only this approach will make the business resilient in the context of cyber-attacks.
Next time, I will conclude by looking at the fifth and final risk to bear in mind for 2016.
[author] [author_image timthumb=’on’]https://www.continuitysa.com/wp-content/uploads/2013/01/Michael-8-6400.jpg[/author_image] [author_info]Michael Davies has been involved in the Business Continuity Industry for more than ten years, having spent the last twenty years in the IT Industry with companies such as Dimension Data, Enterprise Technologies, Amdahl, Computer Configurations and MGX. Michael has predominantly been on the financial side of business with the most recent progression in 2011 being from financial director to CEO of ContinuitySA in 2011. He has spoken on organisational resilience and BCM at various conferences and heads up the largest independent BCM supplier in Southern Africa. Michael completed a B.comm degree from the University of Natal and a MBA from the Henley College in the UK. He is an affiliate of the Business Continuity Institute based in London and a member of the Institute of Directors. [/author_info] [/author]