The recent release of confidential US government cables on WikiLeaks has set more than a few companies wondering about the security of their critical information infrastructure and business data. And as the dust of the WikiLeaks saga was only just settling, an international trading platform with high and multiple levels of security was hacked. Since then, few companies can confidently claim they aren’t worried about a potential cyber attack.Download an Insight
With an increasing amount of confidential and sensitive client information on the cloud, most companies of course are justifiably concerned. The impact of a cyber attack or even leakage of important information could be disastrous for the company, customers and shareholders.
The severity and frequency of these attacks is only getting worse, notes the ‘Financial Management of Cyber Risk, An Implementation Framework for CFOs’, ANSI 2010i.
American businesses alone lost over a trillion dollars in intellectual property in 2008 and 2009 due to cyber attacks.
Why worry about cyber security
Hackers have spared few, from energy companies, to financial institutions, news sites, social networking sites and government sites, have all been vulnerable to attack, and the WikiLeaks incident has only proved how high the stakes can be.
- Organizations need to worry about cyber security as an increasing number of vital services are being delivered over the internet, and this holds true not just for the private sector but public sector, government services as well.
- As companies rush to leverage the benefits of cloud computing it is important to remember that a lot of information on the cloud is susceptible to hacking and theft, and needs additional layers of security.
- Social media and the growing uses of mobile devices and networks are only raising more concerns around the daunting issues of privacy and access.
- In a hacking incident it is the intellectual property that is jeopardized and in many cases even lost,. If a company loses its USP, it is a given that it will get marginalized in this highly competitive business environment.
Thus far, technology has helped engineer ways to make life easier and better. The real value of the Web has been towards creating and building networks that disseminate information and facilitate collaboration. Should customers lose their trust in online privacy and security, it would deeply impact the current global network and information exchange, and the associated economic model.
How cyber security affects banking and financial service, health care and energy industry
One industry that has been at the receiving end of much phishing attacks is the banking and financial sector. In fact, 73% of phishing attacks have been on the financial sector in the quarter from April - June 2010ii.
However, things are rapidly changing for sectors that offer critical infrastructure like health care and energy too. Till not so long back many of the systems in these sectors worked in isolation. As information sharing and networking, be it in the health or energy sector, is getting fast, sophisticated and complex, these sectors are experiencing the need to hook up to the internet and this makes them vulnerable. In fact there is mounting evidence that numerous energy companies across the world have been brought to a grinding halt due to cyber attacks.
Insurance plans alone cannot ensure business continuity for all contingencies, particularly those involving cyber attacks and hacking, since these factors erode consumer confidence. It is therefore important to put in place deep and well structured systems that not only help combat a cyber attack from a regulatory perspective but protect against theft of intellectual property as well.
Strong cyber security, need of the hour
As cyber attacks get more sophisticated, organizations need to begin planning on how to address the growing challenge of cyber attacks. These may be carried out by a variety of actors with different motivations, but whether it is a recreational hacker, activist, criminal or a state-sponsored attack, they can all be just as serious with long term consequences.
PricewaterhouseCoopers’ “Global Information Security Survey 2011” points out; those companies following best practices have zero downtime and zero financial impact from cyber attacks. If a company is to effectively deal with a cyber attack it needs to put in place a strong information security program. The program needs to focus on risk management, business intelligence, organization wide integration and should have streamlined automation across the entire organization. Smart private companies are going beyond the call of regulatory requirements and putting in place tighter cyber security systems, and using it as a key competitive differentiator.