Page 45 - Cyber Warnings
P. 45
Black market prices have fallen for large batches of personal data such as addresses and credit
card numbers, forcing malevolent individuals to switch their attention onto extorting money from
personal victims.
The bulk of these attacks are through malicious email attachments, and the ingenuity and skill
involved by the hackers to extort money is truly breath taking.
The risks have never been as severe: there were 188 cyber attacks classed by the NCSC as
Category 2 or 3 during the last three months, although the UK has not yet experienced a
Category 1 attack, the highest level (for example, the attack on the US Office Of Personnel
Management was a Category 1 attack, with millions of confidential American public service
personnel records stolen).
Hackers managed to steal $81 million from the Bangladesh Central Bank according to media
reports in 2016, promoting others to upgrade their security, but I am still not convinced that C-
suite teams understand that cyber security permeates every aspect of a company’s DNA and is
the responsibility of every individual, not just the IT department.
I fear that hacks, cyber attacks and digital heists similar to the experience of the unfortunate
Bangladesh Central Bank will increase in coming years and become an increasingly common
occurrence.
Threats such as ransomware will be even more dangerous due to the number of interconnected
devices and smart phones in our homes and offices.
The internet of things may well end up being re-named the internet of weaknesses or the
internet of vulnerabilities.
Quite often, the biggest threat comes from inside a business, where poor internal controls and
dangerous internal practices are dangerous Achilles’ heels for many companies.
For example, a study of leaked passwords last year that analyzed 10 million leaked passwords
found that 17% of accounts sampled were secured with the password “123456”.
This all goes to demonstrate how much IT security is a make or break business issue –
traditionally, companies, government departments and security agencies have treated this area
as a matter for their IT department. It requires a leader who reports directly to a senior
executive, if not to the board directly itself.
The specific job title of this individual is not important, but rather their ability to bring key IT
security issues to the C-suite directly with clarity, authority and sufficient gravitas to help the
management team think through and discuss how security affects every single business
decision.
Effective cyber security leaders are those who can demonstrate the linkages between security
and the company’s strategic objectives and goals.
45 Cyber Warnings E-Magazine – March 2017 Edition
Copyright © Cyber Defense Magazine, All rights reserved worldwide
