• Gary Wright, C.E.O. at B.I.S.S. Research


• 16.06.2015 01:00 am
Cyber crime , security

At todays Innovation Finance event that was wonderfully attended and organised the topical issue of Cyber crime was presented. It amazed me that there are so many new vendors producing imaginative system solutions that cover cyber crime protection and prevention.

One thing that came over relentlessly during all the presentations was that anyone and everyone is open to cyber crime and the question is only when it will impact you not if.

It was made clear that firewalls alone offer very little protection and even sophisticated technology will not prove long standing security. A few presenters that are expert in ethical hacking gave very concerning scenarios how easy it is to get into virtually any organisations systems.

So what to do if your a Bank just hit with a huge fine?

Regulators and banks tend to operate in a tick in the box type check to see if the organisation is doing all it can to be protected. However in truth this will never be sufficient.

The number od cyber attacks is increasing exponentially year on year and with the growth of social networks and the range of mobile devices this cyber challenge will be with us for quite some time.

The solution is not just technology although this will naturally feature high on the protection list. Controls over attachments and innocent clicks on what appears to be an in-house communication will also be part of  security measures. This entails staff training and awareness from top to bottom in all organisations.

Cyber attacks can come from innocent sources in an organisation inadvertently opening up the side door for the hacker to do their deed. Firms need to have an integrated security policy that sensibly allows access to the internet but by people that understand the threats and backed up by technology aids.

The cost of cyber crime is going through the roof as is the security measures and the sanctions for failures. There is no alternative for Banks to introduce as stringent as they can procedures and systems that remain up to date and vigilant to the latest attacks. This will come at a high cost but at least no higher than being vulnerable and open to the hacker.

Employing ethical hackers looks a decent remedy that banks should deploy as part of their overall strategy.

Its a sobering thought that in the current generation of ten year olds we teaching programing and they all know how to hack. To date they might be tempted to hack out of some perverse  challenge and pleasure but not realise that to do so is a criminal act. They need to be trained into the ethical expectations and consequences of gaining this knowledge and skill. Perhaps creating ethical hacking as a career move might be the way forward?