David Ward – Protecting our businesses from Cyber attacks

David Ward, CEO at Ward Security

In his latest blog for infologue.com David Ward, CEO at Ward Security writes: “Cybercrime is a growing threat not only across the UK but across the globe. In a global criminal world, investigations are more complex than ever, with cybercrime-related activity rising by 14% last year. But whilst we consider Cyber as a threat from criminals from afar, we should also be cognisant of threats from Insiders whether that’s malicious or accidental, insiders are capable of inflicting severe loss or reputational damage.

“Cybercrime is essentially any crime that takes place online. While you may initially associate such crimes as being about stealing financial data, it is significantly more complex and more worrying than that.

“Cybercrime is constantly evolving. Businesses and individuals are equally at risk from criminals targeting networks, devices, looking to steal information beyond hacking to gain purely financial benefit. They will steal identities, cyber-stalk, abuse, harass, bully and basically use breaches to proffer from any form of exploitation they can. For example, instances of cyber attacks on critical infrastructure and industrial control systems targeted to disrupt services and the occurrence of “Cryptojacking” where victim’s browsers are hijacked or systems infected allowing them to secretly mine for information are just two of the most popular cybercriminal activities of 2018. Cyberspace is also a key playing field for terrorists, somewhere they collaborate, seek support and plan terrorist activities.

“Cybercrime is not restricted by business size or sector nor is it limited to businesses alone, cybercriminals do not discriminate by geographical location, social demographic, age, or any other preferences which mean being cyber secure and aware is everyone’s business. And, therefore, reasonable to say, it’s everyone’s responsibility to help mitigate against it.

“Yet surprisingly businesses continue to be under-protected. UK Government reported last year that 4 in 10 businesses suffering breaches during 2017 and estimated that 11% of the largest businesses in the UK were underprepared, failing to take action and therefore at high risk of a cyber attack. The National Cyber Crime Centre provides superb advice, guidance and threat updates.

“In the modern business and social environment, the word ‘security’ means two things; physical security and cybersecurity. Businesses and organisations understand only too well that they need to take each aspect of security seriously, but are these two disciplines working together closely enough to protect the data upon which our society and economy is now founded upon

“Our modern society is now entirely reliant on data. From our personal lives to our finances, businesses, organisations and even governments, all exist largely as binary code stored in, and transmitted between an increasing number of data centres around the world. Supply chains are so crucial to everyday business that any disruption can be disastrous.

“We are also increasingly moving towards a ‘cloud computing’ model – uploading our digital lives and economies to data centres and trusting them to both keep it safe as well as making the data available to us wherever we are. We use cloud-based software and applications whereby we don’t own and install hard copies of programs as we did in the past, we effectively rent and use software programs and applications that operate ‘from the cloud’. This is increasingly the case within the business environment.

“When you consider the speed and scale of this transition to cloud computing, it becomes obvious just how much our society now relies on data centres for both storage and distribution of business-critical applications. This makes facilities like data centres incredibly valuable and also incredibly vulnerable to threats such as terrorism and from serious and organised crime.

“Of course, we are months away from the inception and use of 5G infrastructure, which will again transform how we communicate and also how Safer Cities will develop and work. Security challenges posed by the emerging technology, are already under consideration as the cyber world becomes ever more infused with the physical security world.

“It’s a mistake to think of cybercrime as something that happens in isolation in cyberspace. The famous Ashley Madison hacking case of 2015 was, in the view of the company’s CEO, an inside job. “It was definitely a person here that was not an employee but certainly had touched our technical services.” While the hack did not involve an actual data centre, it illustrated the importance of considering real-world influence on cybercrime and cybersecurity.

“Part of the reason why people remain largely ignorant of data centres is that their locations are not publicised, purely because they are indeed so valuable and vulnerable. To give some idea of just how many data centres there are in the world; back as far as 2013 it was estimated that approximately 10% of the world’s total electricity use was used to operate data centres.

“It would be folly to think terrorists and criminals will not at some stage turn their attention to data centres. Their very value as critical hubs upon which our modern digital society is built will inevitably make them targets if they are not already. It is also folly to assume that keeping a low profile and not being noticed is a sensible approach to the physical security of the data centre, or indeed any other sensitive locations. Hence these and other targets are part of the new and emerging Critical National Infrastructure.

“The ‘best practice’ advice that is applied to data centre setup, operation and data recovery approaches needs to incorporate a strong emphasis on physical security where it doesn’t already. This is critical if we are to ensure that as a society our data is defended holistically. Ideally, cybersecurity and physical security should be as closely integrated as possible for corporate businesses whatever industry they are operating in.

“For the cybersecurity industry, this thinking presents an intriguing opportunity to strengthen its offer to customers. For major corporations, the technology of cybersecurity is phenomenally expensive and large firewall solutions can cost tens, if not hundreds of thousands of pounds. Yet that investment is all for nothing if all a criminal needs to do is walk into a branch office of a company that hasn’t invested in adequate physical security, sit at a vacant work station and download data or passwords.

“At the moment, there is not enough of a formal relationship between physical and cybersecurity. But there is some good thinking out there. That’s why Ward Security, as a Corporate Partner of the Security Institute, supported the launch of their new Cyber Convergence Special Interest Group (SIG) in February 2019. This SIG is intended to explore convergence and learning from both physical and cyber security. For instance, can we demonstrate how such convergence, will deal with threat, harm and risk holistically and add value to and not be a draw on the ’bottom line’?

“There is a clear opportunity here for business development that would deliver a more holistic solution to the marketplace. It is one that both industries should be looking to grow.”