Cyber crime and cyber criminals have been around since computer networks first began to be used by businesses for commerce. Like Internet usage, the rate of cyber crime and its cost to businesses have increased dramatically over time. Today, cyber crime has evolved into a multi-billion global, organised, criminal enterprise that presents significant risk to businesses, governments and Internet users. The sheer scale and risk mandates that organisations adopt clear strategy and take appropriate measure to protect their IT assets from cyber criminals.
Cyber crime is pervasive
News reports of large-scale data breaches at brand name companies and even at government networks are more frequent than ever. Today's businesses are constantly being probed and attacked by unauthorised users searching for sensitive data and system weaknesses. This is not just true for businesses in rich, developed countries. It applies to any organisation with a computer network, anywhere in the world.
Gregory Richardson, chief executive officer of the computer security firm 1337 Leet Networks, Inc, shared at recently-concluded Caribbean Network Operators Group's CaribNOG 4 meeting in Grenada that the lax practices, outmoded legislation, ignorance and a limited culture of sharing information on network breaches makes the Caribbean particularly attractive to cyber criminals and particularly vulnerable to cyber crime.
According to Richardson, "Building internal network security capacity and sharing information on the methods of attack to networks is key to understanding the risks and driving the change in security practices to mitigate against it."
A study conducted by the Ponemon Institute revealed that the primary element for the cause of a breach of sensitive data was attributed to negligence by a corporate insider. This type of risk is expected to continue rising as the adoption of tablets, smart phones and cloud applications in the workplace increases, and employees are able to access corporate information anywhere, at any time.
The report also highlighted that the average organisational cost of a data breach in the US increased to US$7.2 million and cost companies an average of US$214 per compromised record, markedly higher when compared to US$204 in 2009. The study also noted that breaches sustained as a result of a malicious attack were on average 25 per cent more costly to the organisation than those incurred due to other factors.
Recommendations for business leaders
Cyber criminals are constantly evolving their methods, tools. As the Internet economy grows, so too does criminal motivation and incentive. It is safe to predict that cyber crime will continue to increase and tomorrow's cyber criminal will pose a greater danger to businesses than today's.
It is essential for organisations to put the proper information protection policies and procedures in place to counterbalance these new realities. Business leaders and network administrators must assume that today's cyber security defenses are already on a rapid track to irrelevance and inadequacy.
Organisations, therefore, must be strategic in how they define and allocate their security resources. Consider the following steps:
Conduct an information security risk assessment. A comprehensive risk assessment should identify the strengths and weaknesses in your security practices; compare them to confirmed and likely threats, and provide prioritised recommendations for reducing institutional risk.
Secure relevant security technology. Bleeding-edge security technologies should be adopted when it is the only viable option available to mitigate high-risk threats. Second- and third-generation security products are more refined and can be less expensive and easier to operate.
Investment in security products to support risk-based information security policy. Security investments based on clear organisational policy have a much higher likelihood of success than simply buying the latest security technologies without strategic direction.
Security technology alone is not enough. Accessible expertise, either via in-house or external security resource, is critical to staying on top of cyber crime trends and staying ahead of cyber criminals.
Establish a threat intelligence function. To compensate for limited visibility across the cyber-threat landscape, organisations should establish relationships with peers, industry groups, government agencies and vendors to source intelligence.
Volunteer cyber security groups, or ethical hackers, like the Caribbean Network Operators Group (CaribNOG), are increasingly important in the emerging Caribbean cybersecurity landscape. Groups, such as CaribNOG, Caribbean Telecommunications Union (CTU) Cybersecurity desk, the Organisation of American States Inter-American Committee against Terrorism (CICTE) CICTE unit, all provide opportunity for broader dialogue and collaboration on combating cybercrime.
They also create a transnational forum to discuss the latest cyber security methods and share emerging practices. More importantly, they provide access to a "trusted community" of experts that can be called upon troubleshoot or actively defend against network security breaches and threats.
As organisations of all sizes battle the rise of internal and external threats to their computer networks and systems, the spotlight will be on leadership-technical as well as tactical-to ensure that corporate culture evolves in sync with technology measures to address the growing challenge of cyber crime.
Bevil Wooding is an Internet strategist with the US-based research firm, Packet Clearing House, and the chief knowledge officer at Congress WBN, an international non-profit organisation.
Follow on Twitter: @bevilwooding and Facebook: facebook.com/bevilwooding or e-mail: technologymatters@brightpathfoundation.org