According to the BAE Systems Applied Intelligence 2014 study titled Business and the Cyber Threat: the Rise of Digital Criminality, 69 per cent of respondents said their critical operational systems represent a very significant or significant risk to their organisation. 84 per cent of respondents worldwide said the number of cyber attacks will increase.
It is little wonder, then, that management and Boards have become more aware of the risks of cyber crime, fearing threats like loss of customer data and intellectual property. However, the same BAE Systems Applied Intelligence study found that 28 per cent of US companies and 30 per cent of Canadian companies surveyed do not have, or are not aware of having, crisis plans in the event of a cyber security attack.
With the number and variety of threats growing daily, and the cyber criminals becoming more sophisticated, it can be difficult for organisations to know where the next threat is coming from, let alone how to protect against it.
To help understand where cyber threats are emerging, BAE Systems Applied Intelligence has identified three major cyber security trends for CEOs to be aware of and factor into their strategy and planning:
1. Fragmentation of cyber criminal activities will pose new challenges to detection and investigation
The past five years have seen an increasing industrialization of the cyber criminal marketplace. Specialisms such as malware authoring, exploit kits, spamming, hosting, money muling, and card cloning are becoming miniature markets of their own. Crime as a service is a reality, lowering the barrier to entry for budding criminals and fueling the growing threat, year after year.
This will present a greater challenge for companies who will need to find ways to drive efficiency and automation into their ability to detect and disrupt these activities. Companies will need to remove silos between risk, compliance and information security departments – when these departments work more closely together, they can combine their detection capabilities and strengthen the organisation’s security posture.
2. The next industrial revolution will be accelerated by built-in security
The Internet of Things (IoT) will be one of the most disruptive forces in the coming generation. It is expected to precipitate the next industrial revolution whereby automation and orchestration of many tasks in manufacturing, retail, transport and the home lead to greater efficiency and massive productivity gains.
The IoT seems unstoppable and security professionals are concerned about the systematic risks of greater connectivity. They are also concerned that connected machines such as cars and medical equipment can present a threat to human life.
We should now be seeing an increased focus on building in security-from-the-start for the next industrial revolution; security professionals must find solutions for protecting critical systems and national-scale infrastructure. They will look at techniques such as segmenting high-value systems away from high-risk activity, whilst retaining connectivity and trusted data flows.
With a broader attack surface stemming from greater use of connected networks, it is likely that criminals, activists and spies will continue to penetrate networks. To realize the benefits of broader connectivity, organisations must find a balance between limiting the potential impact of attacks and enabling the myriad of advantages connectivity brings.
Rather than being an impediment, good security can actually speed up the realization of this next industrial revolution.
3. Commercial espionage and infocrime will continue to grow through cyber
Espionage and infocrime are increasingly effective ways for cyber criminals to achieve goals including sabotage, market manipulation, and rapid advances in capability without incurring the time or cost penalties of research and development.
Competitive advantage and trust relies on a system’s security and on having the right information and data; the future belongs to those that control the information.
The business ramifications of cyber security breaches are significant and not limited to disabling IT systems. Businesses can suffer significant financial loss and reputational damage, making cyber security a top-of-mind concern for business leaders and Boards. This means responsibility for IT security must not rest with the IT team but be shared throughout the entire organisation via a top-down cultural imperative. By doing so, organisations are more likely to be able to protect themselves from attack.
Rajiv Shah is regional general manager at BAE Systems Applied Intelligence. He has more than 16 years’ experience in the technology industry, working with commercial and government sector customers to design and implement leading edge information intelligence solutions which help organisations in the hyper-connected world to protect and enhance their critical assets.
