Cyber-security is a business issue, not an IT issue

It is said, that an innovation only gets the investment they need to be perfected once the arms industry has seen a need for it. More worryingly, there is now good evidence that much of the innovation is being driven by increasingly organised, sophisticated and well-resourced cyber-criminals.

For example, one of the worlds first encrypted wireless network was created by a Mexican drug cartel. Submarines that cannot be detected by radar have been developed by, and are being manufactured on behalf of, international smuggling syndicates. And then, of course, there are the software developers that create the software that allows hackers to access any system, from a power plant, oil refinery or similarly vital site to a bank. The Bangladeshi central bank recently lost more than $80million.

The real issue here is that cyber-criminals have become leading innovators in their own right, and they have the resources, both financial and human, to do whatever it takes to penetrate the most carefully constructed defences, said Kovelin Naidoo, CIO at Internet Solutions. We have to be aware that there is a vast hidden network of organisations and individuals who are focused on accessing the data and system for their own purposes.

These shadowy players make use of the Deep and Dark Webs, which host an alternate economy where pretty much anything can be ordered and paid for in untraceable Bitcoins, including contract killings and replacement human organs. All of this covert activity falls into three broad categories: governments working against their enemies, activists motivated by a cause, or those simply motivated by profit.

Jeremy Capell, Head of Advisory said that the threat posed by cyber-criminals to businesses and governments has now become so severe and so sophisticated that nothing but a coordinated and integrated technical and business response across all domains would be effective.

A technical response to cyber-crime is one important component, but its only part of the solution, he says. Companies need to understand what the risks of a breach are, but they also need to have a detailed, enterprise-wide response that will limit the damage. This damage is not restricted to direct financial loss, but also includes reputational damage, which can be devastating.

Organisations need to assess whether they are properly prepared. Do they have the right skills? Do they have a document set of processes and procedures in place? Do they have adequate threat intelligence? Very often sites are breached and corporate information is posted on Deep Web yet the organisation remains unaware of the breach. Is security conscious behaviour integrated into the corporate culture? And are all the risks known and properly communicated, and is the security and threat landscape constantly being monitored?

Cyber-crime calls for a technical response, a business response and, increasingly, proper cyber insurance as well.

Share on: