Editorial & Advertiser disclosure

Global Banking and Finance Review is an online platform offering news, analysis, and opinion on the latest trends, developments, and innovations in the banking and finance industry worldwide. The platform covers a diverse range of topics, including banking, insurance, investment, wealth management, fintech, and regulatory issues. The website publishes news, press releases, opinion and advertorials on various financial organizations, products and services which are commissioned from various Companies, Organizations, PR agencies, Bloggers etc. These commissioned articles are commercial in nature. This is not to be considered as financial advice and should be considered only for information purposes. It does not reflect the views or opinion of our website and is not to be considered an endorsement or a recommendation. We cannot guarantee the accuracy or applicability of any information provided with respect to your individual or personal circumstances. Please seek Professional advice from a qualified professional before making any financial decisions. We link to various third-party websites, affiliate sales networks, and to our advertising partners websites. When you view or click on certain links available on our articles, our partners may compensate us for displaying the content to you or make a purchase or fill a form. This will not incur any additional charges to you. To make things simpler for you to identity or distinguish advertised or sponsored articles or links, you may consider all articles or links hosted on our site as a commercial article placement. We will not be responsible for any loss you may suffer as a result of any omission or inaccuracy on the website.

Technology

Posted By Gbaf News

Posted on November 3, 2014

NO BUSINESS IS IMMUNE TO CYBER-ATTACKS – BUT THEY CAN BE EFFECTIVELY MANAGED

By Craig Richardson, CEO of Wynyard Group

Craig believes there are two sorts of organisations: those that have been hacked, and those that have been hacked and don’t know it yet. Every organisation has been compromised but most don’t discover it for months. It is now a question of how to have holistic and complete management of the risks, rather than a belief that you are secure because you have updated your anti-virus software.

The internet was originally developed as a way for U.S. research scientists to communicate with each other. Almost 50 years on it is now an integral part of society, used to control critical infrastructure systems like electricity, nuclear power and hospitals all over the world.

However, alongside the huge opportunity the internet presents to us, there is also great risk attached. The cyber-threat landscape is wide, sophisticated, dynamic and growing, with criminals constantly looking for new ways to manipulate the internet and use it for illicit activity. From organised criminals targeting financial services organisations, state-sponsored theft of trade secrets, and terrorists targeting critical infrastructure, no company is immune to cyber-attacks.

Traditional IT perimeter defence is no longer sufficient to keep an organisation safe. Organisations face extremely sophisticated intruders who continually change the means by which they penetrate into, and conceal their work within networks, as well as insiders who abuse their access rights to manipulate and steal data. Cyber-crime cannot be prevented at the perimeters of today’s large, complex and global networks, and companies need to abandon the illusion of 100 per cent IT security.

If a company has something of value to the attacker, such as personal customer information or intellectual property, it is likely they have already been attacked. Just being connected to the internet makes an organisation a target, but having vulnerable systems heightens the risk considerably. The increasingly sophisticated practises of cyber-criminals have rendered traditional perimeter defences including proxy, firewall, VPN, antivirus and malware tools, inadequate to protect against attacks. These capabilities protect against known threats but today’s cyber criminals can conquer these defences in minutes. Companies now need to detect threats inside the firewall and as they develop.

The risks to governments, businesses and citizens is growing and significant. Late last year, Target Corporation, the second largest discount retailer in the U.S., suffered a huge security theft that compromised around 40 million credit/debit cards. Target’s stock fell almost 14% in a couple of months after the news surfaced. The news of a large security theft also impacted consumer sentiment, dragging profits down by 46% year-over-year in 2013. The retailer has incurred cumulative expenses of $146 million in data-breach related expenses since the news broke, reflecting total expenses of $236 million.

Could Target’s loss of reputation have been stopped with quicker detection of the breach? If the alarm had been raised earlier it would have given the company valuable time to respond, investigate any unusual activity to counter attacks and reduce the impact.

Despite the fact that cyber-threats are an ongoing problem that can never be fully eradicated, it can be successfully and effectively managed. Information-driven cyber intelligence allows organisations to assess, manage and minimise the risks of cyber-crime. By identifying cyber threats and assessing the vulnerability of critical assets and operations it puts organisations in a stronger position to identify ways to reduce those risks. In this way organisations are better prepared to plan for the consequences of an attack and can better manage and minimise the risk of this occurring.

An information-driven cyber risk approach means that threats can be identified much earlier, enabling organisations to counter attacks swiftly to preserve their data and protect customers and reputations. This is essential considering that, on average, it currently takes around 230 days before a breach is detected. By this time the damage has been done and in some cases it’s irrecoverable. If an attack was detected within the first three days, the consequences would be significantly reduced. Responding quickly when an alarm is sounded is essential to prevent the compromise or loss of critical information. It provides valuable time for an organisation to understand a situation, stop the danger from spreading and manage the outcome.

The prevalence and increasing sophistication of attacks does not mean that organisations should stop investing in multiple layers of security. But it does mean that higher and stronger fences to defend against cyber-attacks should be accompanied by smart tools inside those barriers – analytics that can detect, identify and manage cyber-risk to quickly mitigate potential threats and stop attackers early on.

Recommended for you

  • The Future of Asset Management: Technology-Driven Innovations and Client Expectations

  • How can we ensure privacy in the digitization of healthcare?

  • Quantum Computing: Unleashing Disruptive Potential and Strategic Industry Implications