A Threat That Cannot Be Ignored

Cyber crime is a ‘Tier 1 Strategic Threat’.

For this reason, new laws are being enacted at a rapid rate everywhere. Most of these laws have key aspects in common:

1.  They carry swingeing penalties for non-compliance – particularly where negligence is involved, and;
2.  They carry heavy revenue based fines, and;
3.  They seek to single out and name those who have been ‘negligent’ in their duty of care of data they have custody of, and;
4.  Most have, or seek, surprisingly extensive cross-jurisdictional reach.

The risk to all of us from cyber crime is high and exponentially rising. Any and all data has a value. Criminals are determined to steal whatever they can – and once they have it, they have an effi cient market in the deep-web on which to trade it.

By the end of this decade, it is estimated that the global cost of cyber crime will substantially exceed $2 trillion – if each of those $’s represented 1 second of time, that would be equivalent to over 62,000 years. The target of the cyber criminal’s interest is not always obvious. They may be after something that you have, but they may just be looking for a stepping stone to another objective – as many as 80% of all breaches in larger enterprises are traced back to somewhere in the supply chain – a spoofed (hijacked) email address, for example, may provide exactly what they need.

No enterprise is too big, nor too small, to be of interest to cyber criminals. Regardless of what a slick salesman might tell you, there is no silver bullet which will protect a potential from the attentions of a determined hacker. Crucially though, around four out of fi ve breaches have their genesis in human error (or a malicious act). This is known as the ‘insider threat’. This means that a huge proportion of any company’s risk can be managed down by removing, or at least significantly reducing, that insider threat.

Criminals are in the business of making money. They go where the money is. Like any business, they are driven by risk and reward. Every difficulty that they face in achieving that goal will likely reduce their interest in targeting a particular victim – there is always someone else who has not bothered. By implementing a concatenated information security plan which looks at broader security issues (including cyber), supported by an active governance regime, the risk of a data breach can be significantly managed down and, in the process, the potential victim becomes a much less attractive target too.