News, events, media, seminars and more
There is widespread confusion over the scale and nature of cyber crime, which is undermining efforts to tackle a menace that may be costing the economy billions of pounds a year.
Businesses have been at fault, with company bosses delegating responsibility to internal IT specialists in a deliberate effort to keep a problem they may not understand at ‘arm’s length’; the issue of cyber-risks needs to be made accessible for those who are neither familiar with technology nor highly IT literate.
Cyber crime is committed by individuals, or groups, whereas cyber warfare is committed by governments. It can damage your business; every organisation has a role to play in creating a global security culture. Everyone in the information chain must assume responsibility and take steps to improve the security of their systems and networks. Cyber crime prevention is mission critical but there is no one-size-fits-all solution. However, it’s not difficult to identify the steps to take to secure your business from cyber threats.
Until a few years ago, malicious programs were just cyber vandalism, anti-social form of self-expression exploiting computer technology. Few of them were deliberately written to cause harm, although a small number caused damage to data or made the computer unusable (quite often as a side-effect, rather than by design). The bulk of malicious programs in circulation at this stage were viruses and worms. Today, by contrast, the greatest threat comes from cyber crime. The criminal underground has realised that malicious code can be used to make money in our constantly connected world and they use it to steal confidential data.
Cyber attacks include viruses, worms, Trojans, hacking, phishing and more. Cyber threats are becoming increasingly sophisticated and their volume is growing exponentially. However, the most prevalent malicious programs today are Trojans. There are many different types of Trojan. Some record which keys you press, some take a picture of your screen when you visit a banking web site, some download additional malicious code, and some provide a remote hacker with access to your computers. Moreover, they all have one thing in common: they allow cyber criminals to harvest confidential information to make money.
The range of security threats includes:
• Malicious threats, such as viruses and other malware
• Fraud threats such as phishing emails and spyware
• Unauthorised access from hacking, data leakage, botnets, unsecured wireless, and user name/password insecurity, etc.
• Operational threats, such as distributed denial of service (DDoS) attacks, attacks on VoIP, the failure of cloud computing suppliers to secure your network, or security risks from remote workers.
• Newer threats such as social networking insecurity, web application threats, smartphone insecurity and poor security for converged voice/data applications on the network
Service availability is the name of the game, with an almost universal requirement for a 24 x 7 service to those who should receive it at the time and place of need; are the risks associated with this requirement being adequately managed?
Remember, what is adequate for a charity may not be adequate for a bank and what is adequate for a bank may not be adequate for a nuclear power station!
If you answer ‘yes’ to one or more of the questions below you are at risk and need to take steps to review the security of your systems and networks:
– Is any of your important company or personal information (whether yours or that of employees, customers, contractors or partners) stored on a computer?
– Do you or your employees access any important information (including banking, credit card, and supplier or delivery information) across an internal network?
– Do you have a company website?
– Do you or your employees use the Internet at work?
– Do you or your employees use e-mail at work?
– Your organisation would not survive if it lost the use of its computers for several days or longer?
Becoming a victim of cyber crime is not a question of the size of your business. All organisations use similar tools across their IT infrastructures, including operating systems, office products, web browsers, storage for critical data (customers, employees, financial) and the laptops and mobile devices used by employees. All of these are equal targets for cyber criminals.
Hacker intrusion, malware, spyware and spam can lead to lost or stolen data, computer downtime, decrease of productivity, lost sales andeven loss of reputation. Even those organisations that consider themselves less dependent on computers need to protect their data.
Cyber criminals do not care about the nature or size of your business. They are not concerned who a computer or network belongs to. Cyber criminals want to own any system they can gain access to carry out illegal activity and achieve financial gain at your expense.
What would happen to your organisation if:
– Customer details or credit card data were stolen
– Child porn were to be placed on you web server
– Money was transferred without authorisation from your bank account
– A senior manager’s computer was accessed remotely
– All your computers become unusable
– Information about a new product leaked to a competitor
Threats to vital information are becoming ever more malicious and complex. While in the past the main problem will have been hardware downtime, today much more is at stake:
Unfortunately, ignorance is no excuse for inaction. In today’s networked world, information on an unsecured system can be quickly compromised, or the system itself can be used as a launch pad for attacks on other systems and networks.
Even if you’re not an expert, you still need to take steps to protect your organisation and others.
Your business needs protection that is simple to install and easy to maintain. Your time should be dedicated to the success of your business, not the constant safeguarding of the network.
Even with limited resources and expertise, you can maintain the security of your systems and network. Consider the points below; are you taking these steps?
Look closely at your most valuable assets and ensure they are well protected. For one business this may be protecting its customer database, or protecting intellectual property, and for another it might be securing financial information.
Whatever steps you do take, be sure your business is protected.
Dealing with cyber crime within a legal and regulatory framework means that there are six potential end-game scenarios depending on whether it is as a result of either an internal or external attack. These are discipline, resignation, dismissal, civil prosecution, criminal prosecution, or make it go away.
If an organisation does not have a forensic readiness plan then it is likely to be unprepared for the consequences of an incident investigation. Law enforcement agencies could conduct a search of premises and seize business critical computer systems which could cause major business continuity issues. Also, an organisation may be prone to significant liabilities if it cannot collect digital evidence to a standard required during civil proceedings and tribunals in response to employee abuse of an organisation’s computer systems.
Potential incident investigations include:
Adoption of a forensic readiness policy is a mandatory requirement for Government Departments. But if you work with (or plan to work with) a Government Department then they may require, or expect, an organisation to have a forensic readiness policy. Other business benefits of adopting a forensic readiness policy include:
The benefits to the organisation of creating a forensic readiness policy consist of the following:
London: 0207 438 2045
Manchester: 0161 797 8123