The document discusses the challenges of cybersecurity in today's data-driven age. It notes that the rapid growth of technology and data has created significant challenges for data security and regulatory compliance. Additionally, as organizations adopt more sophisticated digital business models, the board's need for assurance around data access and security increases. The document outlines some of the key challenges in combating cybercrime, such as consumers and SMEs not fully comprehending the threat or how to defend against it. It also notes that increased regulation around data protection and privacy adds further complexity, highlighting the importance of transparency and education.
2. Wilton & Bain and Kaspersky Lab were
delighted to host a lively, informative and
convivial evening to discuss the challenges of
Cybersecurity in today’s data age. We were
joined by Paul Johnson CIO at Aldermore,
one of the UK’s foremost challenger bank
success stories, who provided an insight into
the challenges faced by industry.
“Cyber threats are a
plague that respect no
national boundary,
corporate or institutional
fortress or any definition
of privacy”
Piers Marmion, Chairman,
Wilton & Bain.
3. Paul confirmed that the rapid evolution of technology over the
decades, and the exponential explosion in the quantity of data
generated, shared and stored, has created significant challenges for
data security and given rise to onerous regulatory requirements. The
juxtaposition of managing this risk, while striving for agility and
innovation, is a modern day organisational challenge.
As organisations mature from basic e-commerce offerings to more
sophisticated digital business models, and ultimately the advent of
robotics, the Board’s need for assurance around access control and
data security grows. In order to move along the digital maturity
curve, securing revenue streams and differentiation through digital
channels will require an aggregation of services, which do not
typically reside within traditional business models.
Risk vs. Agility
4. The amorphic nature of malware and ransomware-
some random, some targeted, some highly
sophisticated, andsome crude, require constant defence.
The need to understand where your data is coming from
and going to requires wider assets than most internal
organisational resource can provide.
Staying secure will necessarily require expert assistance
best delivered through trusted partners. The strategic
role of the CIO must ascertain what services and
expertise are required in order to balance the security
risk without destroying innovation.
The Role of the CIO
5. Sergei Novikov, Head of R&D at Kaspersky Labs reiterated that the
threat landscape is becoming more pervasive and sophisticated. Both
the number, and complexity, of incidents for individuals and
enterprises is growing, not least with the increase in the use of
personal devices and cloud services, which are easier to infiltrate. The
targeting of cyber attacks is also becoming more sophisticated as high
profile attacks on critical infrastructure are more commonplace.
However, the exact scale of the problem is difficult to quantify as
many attacks go unreported for fear of reputational damage. One
estimate suggests the annual cost of cybercrime could be as high as
US$575bn (McAfee, 2014).
The Cost of Cybercrime
6. There are a couple of key challenges in combatting cybercrime.
Firstly, consumers and some enterprises, particularly SMEs, do not
fully comprehend the nature of the threat and therefore how to defend
themselves appropriately. Secondly, there is a global shortage of
cybersecurity expertise to fight against malware players who are
increasingly sharing their products to extend their reach.
The first step must be education and raising awareness levels. For
organisations, the weakest point will always be the employees.
Policies need to be dynamic and constantly communicated. CIOs have
a responsibility to own and mitigate the risk by implementing the best
available technologies and solutions,. This is no substitute for driving
a culture which behaves in an informed, cyber-secure way.
The Challenges - Awareness
7. The challenge of increased regulation around how businesses are
allowed to handle personal data (GDPR) elicited interesting debate
on the topic of who actually owns personal data, an issue made more
complex by the adoption of IoT. How an organisation handles
personal data is an intrinsic element of the relationship between a
company and its customers. Transparency is key to building trust
with consumers.
Younger generations don’t seem to show any particular concern for
who sees their personal data and have a similar disregard for
protection. This provides easier access for cybercriminals and
weakens the entire data ecosystem. Conversely older generations can
be ostracised from goods and services through a lack of
understanding of technology, and over-concern over the use of their
personal data. Again, education and awareness is paramount to
building a common sense based pragmatic and secure approach.
The Challenges - Regulation