08 February 2017
Blogs by author: Bas Burger, CEO, Global Services
We’re bringing our front-line insight into cyber crime to RSA 2017.
We’ve successfully overcome millions of cyber attacks. And, from our central position in the fight against cyber crime, we’ve learned that no one — from nation states to the world’s largest companies — is safe from cyber attack.
But that’s no reason to just give up on your cyber security altogether. This front-row seat also means that we’re constantly watching, learning and responding to the latest threats — which helps us to develop more accurate predictions and effective security. So, while it’s impossible to prevent an attack, security solutions help to protect your critical data and reputation.
Our unique position also lets us see how significant security is as a business enabler — boosting business performance by ensuring organisations can roll out the latest digital solutions with confidence. I’ve laid out some of my key learnings below.
Connected companies, connected criminals
Today, everything is connected, so cyber security features high on leaders’ agendas, and is a top priority in every boardroom around the world. Each business has its own web of connections, often stretching across the globe. It’s fantastic for people working together or making their organisation more efficient, but it’s also fantastic for criminals.
Hacking is a lucrative business. Digital crime costs the world around $400 billion a year, and often occurs in ways companies don’t even consider. It’s not just about data theft: one criminal organisation intercepted medicines and sold them on the black market for £200 million, because they got access to the route information.
Taking the offensive
In our report with KPMG, ‘Taking the offensive’, we found that almost every business (97 per cent) has experienced some kind of attack, but less than a quarter (22 per cent) feel prepared. This comes as no surprise, as about half of businesses don’t have a strategy to deal with blackmail, bribery or even criminals posing as members of staff.
As the pace and variety of attacks increase, you need to keep ahead — and there are four things you should be thinking about:
1. Is the board on board?
Security has to be on the board’s agenda. They need to be constantly thinking about the worst case scenario: what would happen if your information were stolen? How badly would your business be damaged if one individual were bribed or blackmailed? What are all the possible ways someone could attack?
Board members with backgrounds in digital security and risk management can help the board, and even senior management, better understand the issues and communicate more effectively with the security team.
Other C-level roles also need to evolve. The Chief information Security Officer (CISO), for example, will need to be elevated from a traditional IT-focused role to one with direct accountability to the CEO and regular reporting to the board. CIOs will need to factor risk mitigation into every step the organisation takes on its digital journey.
2. Is security part of your culture?
Board members can’t do everything themselves. You need to build security awareness into your organisation’s culture by making it part of everyone’s role. Give them responsibility, and encourage them to speak up.
If everyone thinks about security, they’ll ask the right questions. For example, a recruiter can consider how much a planted employee could steal. They might then be proactive and help ensure you have the right vetting processes in place.
3. Have you separated your data?
I often tell people that they can’t avoid an attack. It’s going to happen eventually. You can do everything possible to recover what’s been stolen and catch the criminal, but eventually they’ll find that tiny hole and squeeze through.
The trick is to make sure you have layers between your systems. If your customer data is behind another wall, it’s safer. You want to make sure your most valuable information is hidden — even from your own employees. You don’t see bank vaults out on the street. They’re behind checkpoints, cameras and closed doors. Do the same with your data.
4. Do you have all the basics sorted?
It’s not just big things you need to focus on; there are plenty of small things you can do too. Start by making sure passwords are strong and ensuring that all the right policies are in place. Encryption should be used across the board, and you need a response team ready to deal with attacks and minimise the damage. Spare a moment to think about whether your partners are keeping your data safe. Most importantly, think from a criminal’s perspective: try hacking back into your own business to identify vulnerabilities and then fix them.
Fail to plan, plan to fail.
Do all this and you’ll feel prepared. That’s part of the reason security is the number one digital enabler — organisations that have all the right protection in place are able to capitalise on digital technology, allowing their business to run at speed and building customer trust and investor confidence.
It makes sense really; the safer your data is, the easier it is to get ahead in your market, so you can be confident that you’re offering more than the competition. And that’s something customers and investors are looking for.
If you’re interested in finding out more, we’ll be a sponsor at the 2017 RSA Conference, 13-17 February at the Moscone Center in San Francisco and we’d like you to join us at our booth (North Hall #4123), meet with our senior security leaders and take part in our on-site activities.