I recently read an article in the @TheEconomist (April 8 edition) entitled The Myth of Cyber Security, a somewhat depressing article on the poor state of cyber security globally. The author discussed numerous reasons behind the current problems:
The last point drawing comparisons to the car industry in the early 1960’s. It was not until the government forced their hand on safety did the industry’s attitude change. The author considered that perhaps additional government intervention could be beneficial to the technology sector. Examples included increased reporting requirements for companies that are hacked, forced default password changes and legislated timeframes for fixes to "at risk" products.
I’m not so sure. Unlike the car industry, the technology industry is in a never ending battle with entities and individuals trying to gain unauthorised access to data and intellectual property either for extortion, sabotage or theft.
In 2016 we have seen interference with electoral processes, approximately $80 million digitally stolen from the Bangladesh central bank and a DDoS attack on the Australian census to name but a few. Ransomware activities continue to trend upwards with the cost of unlocking the device at up to US$1,200. Read article Cloud Computing - Food for Thought.
Toolkits for malware, ransomware and trojans can be bought for between US$200 and US$1,800. So just 2 successful ransomware attacks are enough to recoup the most expensive kit and start generating profit from that point on. You might also like, Information Security Risk Management: An Interview with Peter Walker, Chief Information Officer.
The battle will never end, so rather than rely on government intervention, we should be continuing to promote and adopt best practices wherever possible:
At Protecht we have adopted the principals of the Information Security standards ISO 27001 and are certified by an independent body to ensure controls are operating as expected. Ask yourself if it would be worth considering if your business should do the same, if it has not already? Equally, if you are looking for new technology service providers the questions above should be asked of them to ensure that they take your security seriously.
We live in a technology addicted era that comes with its own unique set of risks. To participate in it, we need to remain vigilant and continue to work on our defences. Given our experience of going through our ISO certification process, Protecht is able to help you implement an appropriate Information Security Management System within the Protecht.ERM system.
If you are interested to know how and why more and more companies are using Protecht.ERM to manage their risk frameworks including their information security, please contact firstname.lastname@example.org.
To read the ATO story, please click the yellow button below: "Implementing efficient risk information management systems can reduce red tape".
David Bergmark is the Chief Executive Officer and co-founder of the Protecht Group. David’s vision and passion is to use technology to drive best practice risk management and embed risk management within each one of Protecht’s clients. He is the driving force behind the Protecht.ERM system and the integration of Protecht’s Software, Advisory, Training and Consulting capabilities to provide a consistent and seamless risk management experience for clients.