I recently read an article in the @TheEconomist (April 8 edition) entitled The Myth of Cyber Security, a somewhat depressing article on the poor state of cyber security globally. The author discussed numerous reasons behind the current problems:
The last point drawing comparisons to the car industry in the early 1960’s. It was not until the government forced their hand on safety did the industry’s attitude change. The author considered that perhaps additional government intervention could be beneficial to the technology sector. Examples included increased reporting requirements for companies that are hacked, forced default password changes and legislated timeframes for fixes to "at risk" products.
I’m not so sure. Unlike the car industry, the technology industry is in a never ending battle with entities and individuals trying to gain unauthorized access to data and intellectual property either for extortion, sabotage or theft.
In 2016 we have seen interference with electoral processes, approximately $80 million digitally stolen from the Bangladesh central bank and a DDoS attack on the Australian census to name but a few. Ransomware activities continue to trend upwards with the cost of unlocking the device at up to US$1,200. Read article Cloud Computing - Food for Thought.
Toolkits for malware, ransomware and trojans can be bought for between US$200 and US$1,800. So just 2 successful ransomware attacks are enough to recoup the most expensive kit and start generating profit from that point on. You might also like, Information Security Risk Management: An Interview with Peter Walker, Chief Information Officer.
The battle will never end, so rather than rely on government intervention, we should be continuing to promote and adopt best practices wherever possible:
At Protecht we have adopted the principals of the Information Security standards ISO 27001 and are certified by an independent body to ensure controls are operating as expected. Ask yourself if it would be worth considering if your business should do the same, if it has not already? Equally, if you are looking for new technology service providers the questions above should be asked of them to ensure that they take your security seriously.
We live in a technology addicted era that comes with its own unique set of risks. To participate in it, we need to remain vigilant and continue to work on our defenses. Given our experience of going through our ISO certification process, Protecht is able to help you implement an appropriate Information Security Management System within the Protecht.ERM system.
If you are interested to know how and why more and more companies are using Protecht.ERM to manage their risk frameworks including their information security, please contact firstname.lastname@example.org.
To read the ATO story, please click the yellow button below: "Implementing efficient risk information management systems can reduce red tape".
David Bergmark consults on a variety of market and enterprise risk management issues and is actively involved in the development and implementation of Protecht's risk management software (ERM and ALM). David started out in the audit division of Price Waterhouse in 1990, handling clients such as Macquarie Bank and Bankers Trust. By 1994 he was Risk Controller for Carrington Securities - a financial markets trading company. In 1996 David left Carrington to head up the Risk Management Department at IBJ Australia Bank (IBJA) where he was responsible for the development of all risk disciplines at the bank – market, credit, liquidity and operational.