Page 94 - Cyber Defense eMagazine April 2023
P. 94

Why then, do we not hold this same view when it comes to cybercrime?

            When a cyber-attack occurs, people are very quick to point fingers at the victim, the general view being
            that  the  business  failed  to  implement  the  necessary  security  practices.  However,  cybersecurity  is  a
            complex and integrated problem that requires total visibility into every control in order to find a solution;
            there isn’t a switch that automatically makes you secure.

            It's not as simple as locking the few doors and windows on your house; it’s the equivalent to deadlocking
            and placing bouncers on thousands of inconspicuous endpoints across the network.

            This isn’t to say that all organisations are blameless; poor cyber hygiene still exists across industries that
            needs to be addressed with haste. But we need to break the habit of playing the blame game, and work
            together against a common enemy.



            A single breach triggers an enormous fallout.

            To put this issue into perspective, we can refer to one industry in particular that frequently finds itself in
            the sights of global cybercriminals: the world of finance.

            This lucrative sector not only faces relentless bombardment from attackers, but they must also then
            manage  the  equally  damaging  repercussions  once  customers  and  partners  catch  wind  of  their
            predicaments.

            Banks especially face a fall in share price once an attack becomes public knowledge. They also risk
            losing customers if there is a perceived risk to personal finances and private information. At the end of
            the day, banking is built on trust and once that trust is broken, it’s extremely challenging to re-establish.

            Beyond their customers, banks also face fines from regulators and privacy boards, and if a cyber-attack
            is not handled with care and proper disclosure, employees lose trust in the organisation.

            The victim of cybercrime is therefore impacted from multiple angles, whether that be their consumer
            base, internal staff, regulators, the wider community, or even insurers who could refuse cover. Ultimately,
            when it comes to a cyber-attack, there is a shared responsibility with more than one party at fault, just as
            there are more victims beyond the original target. For example, if a bank is charged with higher insurance
            premiums, as is often the case post-breach, this inevitably trickles down to the consumer in the form of
            increased banking charges.



            More victims, more responsibility

            When personal information is stolen, whether that be banking details, names or addresses, this often
            then translates into other forms of crime such as identity theft, false transactions and even physical
            crime. For example, a criminal might be able to gain access to a personal email or social media account
            as a result, which can then be used to identify when a victim is away from home, leaving the house




                                                                                                              94
   89   90   91   92   93   94   95   96   97   98   99