FANews
FANews
RELATED CATEGORIES

The ugly truth about the connected world

14 February 2019 Myra Knoesen

Research from Juniper Research, suggests that the rapid digitisation of consumers’ lives and enterprise records will increase the cost of data breaches to $2.1 trillion globally in 2019, increasing to almost four times the estimated cost of breaches in 2015.

The research, entitled ‘The Future of Cybercrime & Security: Financial and Corporate Threats & Mitigation’, found that the majority of these breaches will come from existing IT and network infrastructure. While new threats targeting mobile devices and the IoT (Internet of Things) are being reported at an increasing rate, the number of infected devices is minimal in comparison to more traditional computing devices.

The report also highlights the increasing professionalism of cybercrime, with the emergence of cybercrime products (i.e. sale of malware creation software) over the years, as well as the decline in casual activist hacks. Hacktivism has become more successful and less prolific – in future, Juniper expects fewer attacks overall, but more successful ones.

According to the report the average cost of a data breach in 2020 will exceed $150 million by 2020, as more business infrastructure gets connected.

Cyber threat landscape

FAnews spoke to Junaid Amra, Associate Director, PwC Forensic Services about the cyber risk landscape.

According to Amra the cyber threat landscape is a rapidly evolving space. “A key factor in this regard is the dependency and high adoption rate of technology across industries and in our personal lives.” 

“Based on our Global Economic Crime Survey conducted in 2016 we found that 32% of South African organisations who participated in our survey had been victims of cybercrime. Also based on the type of investigations we are seeing at the moment it is apparent that all industries are being affected by cybercrime – it is not only confined to the financial services sector,” continued Amra. 

“In terms of losses at a global level as per our Global Economic Crime Survey, 3% of respondents that were victims of cybercrime had experienced financial losses greater than $100 million. Again, a sobering statistic is that 14% of respondents don’t know or were unable to quantify their financial losses even though they had been victims of cybercrime,” said Amra.

Legislation and the sea of data 

When asked what the implications are of outsourcing data processing to cloud providers and the growing use of personal devices to conduct business Amra said, “There’s pro’s and con’s to both these areas. However, the key point is that organisations need to weigh these factors in their context, considering the criticality of the information being stored on these platforms, the implications if issues are experienced, compliance with privacy legislation across territories they operate and how these risks will be managed.”

When asked how legislation and regulation should apply to the seas of data that constitute the heart of the new digital economy Amra said, “We are seeing countries already adopting various legislations in an attempt to regulate this space. Globally privacy legislation is in place in a number of countries, the South African equivalent of this is the Protection of Personal Information Act (PoPI). This will go some way in driving the manner in which technology is deployed where personal information is involved even though the Act is much wider than this. One of the key aspects of this is that organisations will need to disclose to the Regulator in the event of a breach where personal information was potentially compromised. In addition, the Cybercrimes and Cybersecurity Bill will strengthen law enforcement agencies’ capabilities to prosecute in cybercrime matters.” 

Reducing cyber vulnerability  

In reducing cyber vulnerability Amra said at an organisational level some basic elements which need to be considered are: 

  • Executive training and awareness around the subject, especially in the context of their organisation;
  • Implementation of a cyber security strategy that is built on an understanding of the threats facing an organisation based on the technology they deploy and utilise;
  • Up-front due diligence on business partners and third parties who the organisation will interact within the cyber world;
  • Address risks associated with operational (non-financial) systems;
  • Another key risk often ignored is ensuring that all new technology undergoes appropriate security reviews by qualified experts in that particular area – generic work programs and methodology can no longer be used in reviewing the complex technology organisations are deploying. And, last but not least;
  • Address lingering audit issues which we are well known but have not been addressed. Also, it is key for audit committees to revisit technology risks which were previously accepted by the organisation – technology has moved rapidly over the last few years, some of the risks which we previously accepted are no longer acceptable in the current context.

Editor’s Thoughts:
Unfortunately, cybercrime, like any other crime, is here to stay. The risk landscape for businesses is substantially changing. Don’t wait for law enforcement to come knocking at your door. Even though it is not possible to mitigate risks, they can be managed with the right strategies in place. Please comment below, interact with us on Twitter at @fanews_online or email me your thoughts myra@fanews.co.za.

Comment on this post

Name*
Email Address*
Comment
Security Check *
   
Quick Polls

QUESTION

Is 30 the new 65?

ANSWER

Yes, it is becoming inevitable that retirees need to save for a 30 year time horizon when it comes to retirement
No, why change a model that has been working for many years
At least if a retiree reinvests their pot of cash compound interest will resolve the longevity problem
A E fanews magazine
FAnews August 2019 Get the latest issue of FAnews

This month's headlines

Create designer policies through AI
Are advisers in a precarious position?
A claim, COIDA and a dog bite
Non-disclosure never an innocent fraud
Prescribed assets: The threat to pensions
Cannabis and the issue of trust
Getting the most from disability claims
Subscribe now