Is your IT Department Fighting Fit?
IT budgets seems to be on the rise. But what exactly is your firm spending its money on? For financial firms, the rise in cyber threats may have you rethinking your spending patterns…especially if you want to make sure your department, and firm, is fighting fit.
In the recently released survey, Executive Perspectives on Top Risk for 2013 (by global consulting firm Protiviti and the Enterprise Risk Management Initiative at North Carolina State University’s Poole College of Management), it explains that while technology can make like easier, it can also be a threat: “Technological innovation is a powerful source of disruptive change of which no one wants to be on the wrong side. Cloud computing, social media, mobile technologies and other initiatives to use technology as a source of innovation and an enabler to strengthen the customer experience present new challenges with managing privacy, information and system security risks.”
Indeed, embracing new technologies could provide a welcome economic improvement to Europe. The EU recently released its report, “Cybersecurity Strategy of the European Union: An Open, Safe and Secure Cyberspace”, which notes that by completing the Digital Single Market, Europe could boost its GDP by almost €500 billion a year; an average of €1,000 per person. However, for new connected technologies to take off, including e-payments, cloud computing or machine-to-machine communication, citizens need trust and confidence. Unfortunately, a 2012 Eurobarometer survey showed that almost one-third of Europeans are not confident in their ability to use the internet for banking or purchases. An overwhelming majority also said they avoid disclosing personal information online because of security concerns. And across the EU, more than one in ten Internet users has already become victim of online fraud.
ENISA (European Network and Information Security Agency) has also just launched a new report looking at Cloud computing from a Critical Information Infrastructure Protection (CIIP) perspective, identifying that Cloud computing is critical given the concentration of users and data and its growing use in critical sectors, such as finance.
In a few years, a large majority of organisations will be dependent on Cloud computing; large Cloud services will have tens of millions of end-users. What happens if one of these cloud services fails, or gets hacked?
“From a security perspective, the concentration of data is a ‘double-edged sword’; large providers can offer state-of-the-art security, and business continuity, spreading the costs across many customers. But if an outage or security breach occurs, the impact is bigger, affecting many organisations and citizens at once,” Dr Marnix Dekker of ENISA says.
These figures and growing concerns are startling, but perhaps could have been predicted. In its 2012 “Fighting Economic Crime in the Financial Services sector” report, PwC says that cybercrime accounted for 38% of economic crime incidents for financial services organisations around the world in 2011, the second most common type of economic crime for such firms (it accounted for only 16% for other industries). Moreover, firms don’t all seem to have a comprehensive plan in place to deal with cybercrime, despite its large presence: PwC found that only 18% of financial services respondents said that they had in place all five incident response measures specified in the survey (in-house capabilities to prevent and detect cybercrime; shut down procedures; media & PR management plan; in-house capabilities to investigate cybercrime; and access to forensic technology investigators).
PwC says: “It appears that some [financial services] organisations are complacent about the risks that cybercrime poses, in spite of serious concerns about potential damage arising from cyber threats.”
So, what can IT departments do to combat this growing threat? Obviously, having the proper technology and security measures embedded in your routine procedures is vital, as is ensuring a cyber crisis response plan is in place. However, although cyber crime is often viewed as an IT issue, it really stretches across the whole organisation. This may mean working with other teams and departments to raise awareness, train employees on the issues/risks, and ensure senior management recognises the problem/risks and are capable of handling a crisis, should one occur. In other words, to be fighting fit, think outside the ring.