Cyber security becomes non-negotiable in the modern business environment
Transcendence is a theory whereby fictional theories transcend from their world of existence into reality. We have already exposed this when we pointed out how Science Fiction has influenced the development of many technological advancements we enjoy today. This is still being done in the medical field where scientists are exploring the possibility of designing medication which will allow people to live longer.
But nowhere is the transcendence theory more evident than in the world of technology. It seemed ludicrous in the past that a computer would have the ability to change the world, yet almost every aspect of our lives is currently being controlled by computers. This is the reality that we live with.
While this has opened many doors for entrepreneurship and global trade, one of the risks it creates is cybercrime, which is a modern risk factor that companies need to protect themselves against in the digital business environment.
The true extent of the risk
The risks of this have been explored by many media forms, but have been dismissed as an over exacerbated look at what the worst case scenario would be if such an attack ever occurred. The general consensus though was that the likelihood of this happening is very remote.
However, we are not aware of the true extent of the risk. A recent report released by Zurich Insurance shows that data breaches are today's top concern and a serious risk. 2013 was the worst year thus far, with 740 million data files potentially viewed or stolen worldwide.
Axel Lehmann, Zurich Group Chief Risk Officer and Regional Chairman Europe, says that governments and forward-looking organizations need to take a holistic view and look beyond these issues to broader risks, including the increasing danger of global shocks initiated and amplified by the interconnected nature of the internet.
"The internet of tomorrow will both initiate and amplify global shocks in ways for which risk managers, corporate executives, board directors, and government officials may not be adequately prepared,” says Lehman.
As the world moves towards a paperless society where all documentation is kept on computers, and stored on the cloud where you are unsure where the information sits, risk becomes a serious consideration. Intermediaries run the risk of having clients information accessed and possibly manipulated if it is not stored in a safe and secure manner.
Learning from our mistakes
Most of these attacks are aimed at destabilising governments or defrauding companies and individuals. Both motives are aimed at the financial services sector, and the world cannot afford to face another financial crisis that it did in 2008. With this in mind, industry participants need to find out what can be learned from the recent financial crisis.
"Prior to the financial crisis, risks were assessed by financial institutions individually. For example, a bank with significant exposure to certain risks – such as those associated with a large portfolio of sub-prime mortgages – might have had to set aside a reserve and perhaps expect to have a bad quarter or two if the underlying risk led to a meltdown. There was little assessment by either regulators or the market participants themselves of the complex interconnections among the financial risks of different institutions. The resulting shock started with those who made the riskiest decisions, but soon cascaded to everyone, even those who had invested wisely and conservatively,” says Lehmann.
He adds that not only were the chances for a cascading catastrophe widely ignored, but many experts insisted at the time that the system was sufficiently diversified so that linkages between risks were impossible.
"The system's very complexity allowed risk to be spread to those most willing and able to deal with it. But it was this complexity, magnified by attendant lack of transparency and limited understanding, which contributed to the ultimate crash of 2008.”
If one looks at this in the South African context, a major reason why we were protected from the full effects of the crisis was the fact that government introduced the National Credit Act which made it hard for certain people to access credit. However, international approaches to crisis' does affect South Africa as we do adopt international best practice principles.
With the imminent establishment of the Twin Peaks model of industry regulation, companies need to become more vigilant towards the possibility of cyber-attacks as they will be held more accountable for their actions.
Ignorance is not an excuse for innocence
One aspect which has been made very clear by the Financial Services Board and the offices of various industry watchdogs, is that ignorance can no longer be used as a valid excuse for innocence. A number of key rulings by the Financial Advisory and Intermediary Services Ombud have gone in the favour on complainants because brokerages did not have sufficient mechanisms and procedures to combat fraud enacted by unscrupulous brokers.
Investing in systems and processes to combat this may come at a cost, but it is better than facing a determination by the Ombud.
This is also apparently rampant in society. Lehmann points out that both financial sector and cyber security risks are passed along to others to become concentrated in places far removed from the companies or entities where the risks originate. "Because the system has been incredibly resilient for several decades, the underlying expectation is that it will stay safe indefinitely, a belief that is often most pronounced among professionals who are part of the system.”
Editor's Thoughts:
The risk of cyber-attacks was blatantly illustrated in 2013 when a number of US media agencies were hacked over reports about Chinese issues. This shows that companies are not infallible and that protection methods need to be employed in order to prevent these attacks from happening. Please comment below, interact with us on Twitter at @fanews_online or email me your thoughts jonathan@fanews.co.za.
