Cyber security is growing to be one of the biggest challenges that is keeping company executives up at night. In a survey done by a number of insurers, cyber security is now rated among the top risks in the world.
The challenging aspect of cyber crime is that it is often difficult to curtail it r pre-empt the effects of it because the nature of the crime changes all of the time. Yet, companies need to be proactive in this battle.
Serious commitment This may take some serious commitment on the part of corporates. I recently read an article on informationsecuritybuzz.com where Alan Platt, COO of CyberHive wrote an interesting article about this commitment.
The informationsecuritybuzz.com article pointed out that a recent survey by the Bank of England revealed that cyber-attacks were the joint second most cited risk to the stability of the UK financial system.
The proportion of respondents that named cyber-attacks increased for the third consecutive survey to a new record high of 62%, an increase of 5%.
The article adds that an increase of 5% listed cyber-attack as the risk most challenging to manage, according to Bank of England Systemic Risk Survey Results.
“Against this background of increased threats to cybersecurity, and continually strengthening legislation concerning data security, it is no surprise that IT security has become a high priority for organisations,” Platt told informationsecuritybuzz.com
He added that cyber threats have evolved to become more sophisticated, often originating from well-organised groups – state-sponsored or criminal networks – who target businesses or individuals connected to businesses for valuable information.
High cost of human errors
Platt pointed out that IT professionals in financial services often envisage their role in cyber-security as fortifying the defences against external attacks. The reality, though, is very different. Most cyber-attacks originate from human errors within an organisation, such as an employee opening a malware-laden phishing email, or as the result of some deceptive social engineering on the part of the attacker to infiltrate malicious code inside the defences.
He added that most standard cyber-defences, such as firewalls and penetration testing, serve to secure the systems from external attack. Anti-virus is used by most companies, but its effectiveness is minimal in the defence against the increasingly sophisticated and bespoke cyber-attacks that can go undetected for several months.
Security professionals need to change their mindset to counter these disastrous attacks. They need to carefully explore the options that can safeguard a company from damage caused by human error. They must be mindful of the reality that mistakes can – and will happen.
“It is not a case of if a data breach will occur, but when. Companies would be well advised to shift the emphasis from defending against known external threats and instead focus on identifying attacks as quickly as possible once they happen – and taking swift action to foil them before they wreak havoc,” said Platt.
This need to act quickly to limit damage is borne out by key findings in a study published last year by IBM security and Ponemon Institute. In the 2017 Cost of Data Breach Study: United Kingdom² the Mean Time to Identify (MTTI) and Mean Time to Contain (MTTC) metrics were used to assess the effectiveness of an organisation’s incident response and containment processes. It took an average of 168 days to identify a data breach and 67 days to contain it. The previous year’s MTTI and MTTC figures were 178 and 72 days respectively.
Incident response plans important
The informationsecuritybuzz.com article added that the findings also emphasise the importance of being able to rapidly detect and contain an attack. New technologies are emerging that focus on detecting malware before it can do any damage. If the MTTI was less than 100 days, the average cost to identify the data breach was £1.98 million. However, if the MTTI was greater than 100 days, the average cost rose significantly to £2.97 million. If this MTTI were reduced to a few days, the costs of a cyber breach could be massively reduced.
“Similarly, the study highlights the need to have an effective incident response plan in place. If the time it took to contain the breach was less than 30 days, the cost to contain the breach was £2.24 million. If it took 30 days or longer to contain the breach, the cost soared to £2.71 million. The longer it takes to detect, respond and contain a breach must become a critical priority for every CISO and board. The rising costs of data breaches are extremely detrimental and only set to increase with GDPR legislation in place, let alone the reputational damage that can be suffered as customers begin to lose trust in a firm that can’t protect their assets,” said Platt.
Cyber-crime is recognised as a serious threat in the financial services industry and the UK Financial Conduct Authority (FCA) warns that firms should be vigilant to this threat, able to defend themselves effectively, and respond proportionately to cyber events.
Perils of bad data management
The article points out that one of the chief threats to the sector comes from poor approaches to data management in notoriously disjoined IT systems or inadequately managing their defences when outsourcing data storage.
The importance of the guidance given by the FCA can easily be seen in perspective when we consider the disastrous impact of recent cyber-attacks at large well-known companies.
“In June the data breach at Dixons Carphone served as a serious wake-up call to improve cyber security across the world for organisations holding data on EU citizens. The reality is that Dixons Carphone showed it was unable to secure the card details of 5.9 million customers, who became victims of unauthorised access. The breach, which also involved the personal data of 1.2 million customers, was serious enough for cybersecurity chiefs at GCHQ to launch an investigation,” said Platt.
An Equifax security breach revealed last October, is understood to have affected around 700,000 UK-based customers and many more in the US. Stolen information included email addresses, passwords, usernames and partial card details linked to membership data, as well as driving licence and phone numbers.
Platt added that financial organisations must assume they are going to be breached, they are being targeted on a daily basis and the sophistication levels of hackers continues to rise. It’s absolutely critical that banks and financial service businesses know about the breach in a matter of minutes or hours, not days. They can then mitigate the risk and avoid further damage to their systems or avoid data loss.
Net value
There are many reports floating around regarding the value of cyber crime. However, because the value of these ventures consistently increase, it is hard to put a solid value when quoting actual numbers. According to a press release on globenewswire.com, the automotive cybersecurity market is anticipated to surpass $837 million by 2024; according to a new research report by Global Market Insights, Inc.
According to the release, improvements in the standard of living and increased disposable income have caused a shift toward the adoption of advanced vehicles offering various benefits such as in-car infotainment systems, navigation, and telematics. As these systems have become increasingly complex, they are more vulnerable to cyberattacks, contributing to the automotive cybersecurity attacks.
Key partnerships
The release points out that government agencies are also partnering with software providers for telematics cybersecurity solutions driving the automotive cybersecurity market growth. For instance., in May 2018, the Department of Homeland Security Science and Technology Directorate (DHS S&T) partnered with Volpe National Transportation Systems a part of Department of Transportation (DOT), to build a cybersecurity implementation and operational network for telematics systems in various federal vehicles.
The automotive cybersecurity market is benefiting from the investments made by the leading investors, who support automotive firms. These funds are used by the companies to scale up their cybersecurity profile, fighting against the rising cyberattacks. For instance, in April 2018, Denso an international American firm invested $2 million in Dellfer, an automotive cybersecurity company. The company plans to use the funding to enhance its operations in the cyber protection of automobiles.
Cloud worries
The release points out that cloud security is the fastest growing segment in the automotive cybersecurity market and it is projected that by 2024, approximately 30% of the vehicles globally will be deployed with cybersecurity cloud services. They examine and manage the fleets of vehicles through software such as management service, which enables them to assess the irregularities and identify unauthorized efforts to attack the connected vehicles. The automotive industry is making huge investments in the cloud technology to secure the automotive cloud environment. For instance, in May 2016, Ford invested $182.2 million in Pivotal to use its cloud-based technology in Ford’s auto and mobility services.
The release adds that the software security segment in automotive cybersecurity market is projected to grow at a compounded annual growth rate of 24.5% over the forecast period. The proliferation of ECUs in the automobiles has also increased the attack surface making vehicles easily accessible to attackers. There are a large number of ECUs with different capabilities in the automobiles, making them necessary to provide software security to these systems.
Commercial vehicles remain prime targets
The release points out that the commercial vehicle segment in automotive cybersecurity market is expected to grow at a compounded annual growth rate of 34.5% over the forecast timeline as these vehicles play a major role in delivering the country’s goods and services and hence, protecting them from the rising cybercrime is a necessity.
These vehicles also use relevant technologies to extend their connectivity and assist the businesses to enhance their working efficiency. It helps them in reducing fuel costs and increasing vehicular productivity boosting their demand.