Many of us hear the term Cyber Risk and we automatically default to the thinking this risk is one isolated to the big end of town… Yes, the attacks on the big end of town are the most heavily publicised but when it comes to Cyber Risk, the approach of, “This will never happen to me” is dangerous and leaves thousands of small to medium businesses hopelessly exposed to compromise. The recent global attack from WannaCry is a prime example that when it comes to cybercrime, anyone is fair game.
In a study conducted last year, security advisers Symantec, concluded that more than fifty per cent of the world’s cybercrime was imposed on businesses with less than 250 employees. Locally, stories are abound of the unsuspecting GP or dentist arriving at their surgery for a day’s work, to find out that their patient database has been compromised and held to ransom.
These attacks are now becoming common fare, and happen in our community daily…
In our experience, this is due to:
Absolutely not. Cybercrime is big business and one of the fastest growing industries in the world.
Cybercrime is a business just like any other. When the internet first emerged viruses and trojans were simply a way to cause business interruption and damage. Today, these are a business like any other, whose focus is on maximising returns through exposing the vulnerabilities of its targets.
Cyber criminals now offer products for purchase, including software developer starter kits, allowing someone to download the code they need to directly attack you. While these attacks are sophisticated, using these tools certainly does not require the genius computer whiz it once did.
Not only do these professional hacking businesses offer software development kits but also help desk services, just to ensure you are able to code your own variant. They will also provide assistance in deploying it and ensuring the hack is successful. If that wasn’t enough, your local friendly hacking professional will probably now also have a multi-lingual help desk to ensure that the victims of the hack have the support they need to pay the attacker. Unfortunately, this is a risk that is expanding at such a speed, legislators and regulators are unable to keep pace.
The key is to understand your own security posture and begin looking at ways to move from the legacy approach of ‘detect and repair’ to one of ‘monitor and respond’.
PKF’s cyber security arm, Cecuri, have the expertise to guide you through this potentially complicated world of emerging threats by.
If you have any questions in relation to this emerging area of risk, please contact me for more information.
Clayton is a Partner in our Audit & Assurance team with more than 13 years of experience providing his clients with audit, risk, and technical advisory services, as well as due diligence activities, and preparing independent accountant and expert reports.
Clayton’s interests lie firmly in providing growing businesses with a proactive audit function so they remain up to date, improve governance and operating efficiencies, and maintain competitive advantage. Read more...