Home » Business » Biz Commentary
Forewarned is forearmed in war on cyber crime
By Kenneth Wong |
February 23, 2012, Thursday
|
Print Edition
Print Edition
IN 2011, the World Economic Forum cited cyber attacks as one of the top five threats, and even highlighted the danger that governments and businesses are underestimating the risks.
In China, a large number of e-commerce companies, including those in online shopping, micro-blogging, social networking and online gaming, had their websites compromised late last year, and information from millions of customer accounts was leaked.
Since those incidents, a number of affected e-commerce companies have issued public apologies and urged customers to change their passwords immediately. However, since people often employ the same user names and passwords for accounts across multiple websites, there may still be a portion of them still at risk of having their account information compromised.
Mobile devices and mobile apps represent new chances for firms to increase employee productivity and customer interaction, but there are inherent risks associated with these new tools.
From the work that we have done concerning mobile apps, we have seen serious security flaws in leading mobile apps. Social engineering, which is the act of using clever techniques to trick people into divulging confidential information about their personal lives or their employers, is prevalent on social networks. Cyber security is still seen as an IT issue, a communications gap between business managers and security teams. To overcome cyber security challenges, executives need a different mindset - one that ensures cyber awareness and responsiveness are infused into every employee, every decision and every interaction.
According to the latest PwC Global Information Security survey, a large percentage of respondents agree that one of the most dangerous cyber threats is the "advanced persistent threat" or APT attack, which usually refers to a group of highly skilled individuals with the capability, resources and intent to persistently and effectively target organizations with high-value information.
New thinking
To address these new threats, many organizations will need to transform the way they think and make decisions in the cyber world. There are five key factors that businesses should consider:
1. CEOs and senior executives will need to have a better understanding of the threats from the cyber world. The leadership of a cyber-savvy CEO and top team will enable the whole organization to pursue opportunities in a secure and sustainable way.
2. Organizations already have IT security functions that may be doing a good job in protecting against traditional threats. As new risks emerge, the focus needs to turn to upgrading and continuously transforming existing capabilities.
3. Many businesses already have an incident response team, but the speed and unpredictability of cyber threats mean procedures need to be adapted, in order to enable information and decisions to flow more quickly up, down and across the business, from board level to IT and business operations, and sometimes to and from other organizations.
4. The importance of recruiting and retaining people with relevant cyber security skills is important. Given the limited supply of such experts, employers must find new ways of attracting and keeping these people.
5. A more active, transparent stance needs to be taken toward cyber criminals. They must be pursued more aggressively through legal means, and more needs to be done to communicate with the public about their activities. Cyber forensic specialists should be employed to help detect possible breaches and retaining proper evidence.
Kenneth Wong is a partner with PwC.
In China, a large number of e-commerce companies, including those in online shopping, micro-blogging, social networking and online gaming, had their websites compromised late last year, and information from millions of customer accounts was leaked.
Since those incidents, a number of affected e-commerce companies have issued public apologies and urged customers to change their passwords immediately. However, since people often employ the same user names and passwords for accounts across multiple websites, there may still be a portion of them still at risk of having their account information compromised.
Mobile devices and mobile apps represent new chances for firms to increase employee productivity and customer interaction, but there are inherent risks associated with these new tools.
From the work that we have done concerning mobile apps, we have seen serious security flaws in leading mobile apps. Social engineering, which is the act of using clever techniques to trick people into divulging confidential information about their personal lives or their employers, is prevalent on social networks. Cyber security is still seen as an IT issue, a communications gap between business managers and security teams. To overcome cyber security challenges, executives need a different mindset - one that ensures cyber awareness and responsiveness are infused into every employee, every decision and every interaction.
According to the latest PwC Global Information Security survey, a large percentage of respondents agree that one of the most dangerous cyber threats is the "advanced persistent threat" or APT attack, which usually refers to a group of highly skilled individuals with the capability, resources and intent to persistently and effectively target organizations with high-value information.
New thinking
To address these new threats, many organizations will need to transform the way they think and make decisions in the cyber world. There are five key factors that businesses should consider:
1. CEOs and senior executives will need to have a better understanding of the threats from the cyber world. The leadership of a cyber-savvy CEO and top team will enable the whole organization to pursue opportunities in a secure and sustainable way.
2. Organizations already have IT security functions that may be doing a good job in protecting against traditional threats. As new risks emerge, the focus needs to turn to upgrading and continuously transforming existing capabilities.
3. Many businesses already have an incident response team, but the speed and unpredictability of cyber threats mean procedures need to be adapted, in order to enable information and decisions to flow more quickly up, down and across the business, from board level to IT and business operations, and sometimes to and from other organizations.
4. The importance of recruiting and retaining people with relevant cyber security skills is important. Given the limited supply of such experts, employers must find new ways of attracting and keeping these people.
5. A more active, transparent stance needs to be taken toward cyber criminals. They must be pursued more aggressively through legal means, and more needs to be done to communicate with the public about their activities. Cyber forensic specialists should be employed to help detect possible breaches and retaining proper evidence.
Kenneth Wong is a partner with PwC.
- About Us
- |
- Terms of Use
- |
-
RSS - |
- Privacy Policy
- |
- Contact Us
- |
- Shanghai Call Center: 962288
- |
- Tip-off hotline: 52920043
- 沪ICP证:沪ICP备05050403号-1
- |
- 互联网新闻信息服务许可证:31120180004
- |
- 网络视听许可证:0909346
- |
- 广播电视节目制作许可证:沪字第354号
- |
- 增值电信业务经营许可证:沪B2-20120012
Copyright © 1999- Shanghai Daily. All rights reserved.Preferably viewed with Internet Explorer 8 or newer browsers.
