9:06am UK, Wednesday June 01, 2011
As the second global Cyber Security Worldwide Summit starts in London, William Beer, director of information security services at accountant PwC underlines the importance of tackling online security.
L William Beer
William Beer: Any reputation damage is ‘very hard to repair’
Those that underestimate the cyber security risk do so at their peril.
And with IT security experts from across the world congregating at the Cybersecurity Worldwide Summit in London this week, it’s an opportune time to discuss the global cyber threat.
To date, the industry’s response has been very strongly biased to improving protection, reducing risks and mitigating issues by further investment in technology. In essence, the industry is solving what is perceived to be a technical issue with a technical solution.
But technical solutions are too frequently being prescribed for people problems. Although technical defense is vital, and without security technology our systems and networks would be vulnerable, systems are inherently vulnerable to both negligent and malicious acts. There is always a human element; negligence, ignorance, confusion, anger or even curiosity can give rise to incidents.
The reality is that financial losses due to cyber-crime are continuing to grow despite major steps forward in technical defenses like firewalls and anti-malware. Credit card and online fraud are on the increase while identity theft has become an everyday problem.
Often, such breaches are the result of simple human error in which case no technical defense could have prevented the inadvertent loss or disclosure of valuable data.
What is required is a new approach in which an investment in understanding and influencing the behaviors of all those concerned is balanced against the continued investment in technology and processes. Investment in security awareness pays for itself many times over.
Furthermore, the issue of tackling the risk of security breaches is often undermined by a potentially damaging breakdown in communication between the key stakeholders in any organization in that they rarely speak the same language.
Instead of working together toward common goals, different parts of the organizations often fail to understand—or even respect—each others roles.
The cost of rectifying problems after a data breach can be immense – and often surpasses the amount that, if invested wisely, could have mitigated the risks.
The reputation damage to any organization – public or private, large or small – that demonstrates an inability to protect personal and financial data is very hard to repair and in many cases has put an organization license to operate at risk.
It will take all teams within an organization to sustain a meaningful dialogue. Similarly, it will take regulators, governments, businesses, and technicians across the globe to come together to answer the threat at an international level.
William Beer, director of information security services, PwC.