 |
| Your BC Eye
Donna Monkhouse
|
My topic of choice
for yesterday's webinar listen-into was the one on Cyber Threats and Cyber Security
by Brendan Byrne from IBM in which Brendan shared both IBM’s and other
organizations experiences from the dark world of cyber threat.
According to a recent IBM survey, the biggest threat
perceived by Business Continuity professionals is cyber-security. Some of the challenges faced include BYOD
(Bring Your Own Device) which is on the increase; the widespread use of social
media with its pros and cons; workforce mobility and the increasing use of
cloud-based solutions.
The landscape is changing for organizations all around the
globe. Big Data or Smarter Data
inevitably means more security considerations and the growing use of online
services is another cause for security concern.
The boundaries are becoming blurred as we step up the use of the innovative
technology that is advancing our way.
Supply Chain Security, as Brendan quite rightly said, is indeed only as
strong as the weakest link in the chain and the expanding use of data is
presenting more and more problems in terms of potential threats to an
organization.
According to the X-Force Research Team (just one of the jewels
in IBM’s crown) who is tasked with analysing the worldwide web on a daily
basis, scanning the horizon for new trends and new vulnerabilities, there are
over 40M spam and phishing attacks every month!
Now that is a scary figure.
KPMG’s Data Loss Barometer 2012 showed that hacking is the number one
cause of data loss and that data loss incidents have increased by 40% since
2011. There is evidence of new attack
activity as malware gets too clever for its boots. Some of the challenges faced are down to
things as apparently simple as passwords (or rather the common and widespread
use of the same password) and of course there is the challenge of BYOD and a
new concept, called APT (Advanced Persistent Threats).
One of the key messages that this webinar drove home, was
the importance of embedding cyber-security into an organization’s business
culture. It is not enough to develop a
policy and then file it away thinking that the job is done and a big fat tick
has been put in the box. With a
constantly changing landscape and new threat activity entering the “Cyber
Charts”, it is essential that organizations review, review and review again to
ensure that their policies and procedures meet the current and future security
needs of their business.
One of the key issues is that cyber threats are just getting
more and more sophisticated. Motives for
cyber-attacks range from simple curiosity, to revenge, right through to the big
stuff like espionage and political activism.
The players or actors on the cyber stage are also becoming increasingly
more educated and organised. They scale
of actor type runs from the inadvertent actor, who may cause an incident
through ignorance or lack of training; to the opportunist that just grabs the
moment to do some damage; to the “hacktivist” (remember that is the number one
cause of data loss); right through to the top of the tree with the advanced
actor, that heads up some big scam.
According to IBM research, the top three IT risks that
damage a company’s brand (its greatest asset) and reputation (as perceived by
BC professionals) are: Data Breach;
Systems Failure and Data Loss in that order.
An interesting example of a botnet was put in the room as
such to demonstrate both its apparent innocence and its inherent danger. We can all very easily download a botnet. More often than not, this just sits
harmlessly on our computers until the organiser of said botnet decides to sell
this onto another organization, which in turns uses this to collate important
and personal data and there we have it – bring this data together into one
central location and you have a hacker’s dream and the so-called Money Mule
concept kicks or trots (does a donkey trot?) into action. So we see that the end users are also part of
an organization’s security landscape.
Brendan also expanded on the IBM approach to managing cyber
threats. The IBM approach consists of two elements – the first is the
“Pre-exploit”, which is all about prediction and prevention and the second is
the “Post-exploit” which is about reaction and remediation. Every organization needs to adopt this
approach. Every organization needs an
instant handling approach and every organization needs an intelligent view of
their security position. When working
with clients, IBM has discovered that most organizations think they have an
optimised approach; but reality tells another story with the majority only
having basic measures in place.
Organizations need to aim to be proficient in order to be able to
proactively protect themselves from cyber-attacks.
Brendan listed the
essential practices as follows:
-
Build a risk awareness culture and management
system
-
Manage security incidents with greater
intelligence
-
Defend the mobile and social workplace and make
social media work for you and not against you
-
Have security-rich services by design and not as
an after-thought
-
Automate security hygiene
-
Control network access and help assure
resilience
-
Address the new complexity of cloud and
virtualisation
-
Manage third party security compliance
-
Better secure data and protect privacy
-
Manage people’s identity throughout the whole
security lifecycle
-
Cloud security will move from hype to a mature
solution and will progress
-
Advances in BYOD mobile will increase and be
more secure than laptops by 2014
-
Compliance will be a big driver for 2013 with
organizations facing potential fines of 2% of their global annual turnover
-
Data explosion will increase
And in conclusion,
Brendan left us with the top threats for individuals to consider in 2013 and
these are:
-
Cyber Security
-
Supply Chain Security
-
Big Data
-
Data Security in the cloud
-
Consumerization
No comments:
Post a Comment