Cyber crime is proliferating at an alarming rate – and a completely new approach to tackling it is vital, warns Chaman Salhan, chief executive of legal firm 2ndOpinionNow
The figures are startling. According to a PwC report, the number of large companies experiencing cyber breaches in 2015 rose to 90 per cent from 81 per cent the previous year (the figure for smaller enterprises was 74 per cent, as compared to 60 per cent in 2014).
The 6.4 billion connected objects in use this year will rise to 20.8 billion by 2020, according to Gartner – news which came in the wake of an FBI public service announcement, issued last autumn, warning of the Internet of Things’ potential as a serious cyber security threat. The cost of being a victim is also rising, not just in terms of reputation and resources but revenue too (proposed EU legislation is set to impose fines of up to five per cent of global turnover as punishment for violations).
And yet, when it comes to cyber security, obliviousness, misunderstanding and denial still reign supreme: so much so that almost a third of businesses – 32 per cent – have not undertaken any form of security risk assessment. So rife is ignorance on the subject, the popular consensus remains that cyber crime is all about stealing money: what people, including business leaders, don’t realise is that the main target these days is information – pricing structures, client lists, strategy reports, various trade secrets. Even more alarmingly, criminals are pilfering this stuff to order.
Emails alone contain a wealth of this data. Think what access to the complaints a business has received could be worth to the right bidder? Or the damage emails showing that a company’s insurance premiums shot up because of potential product failure, or that an advisory firm had been reported to their professional body, could do? Imagine what a recruitment firm’s rivals might pay for its list of potential candidates for placement – and, crucially, the package they intend to offer them? Think what a lucrative ruse it is these days for a dubious customer to spoof a “free WiFi location” in a restaurant, then syphon off company pricing structures, client lists and strategy reports at will from surrounding devices. All of this is why data is the main commodity in this shady underworld. Thousands upon thousands of data breaches are happening without business leaders even knowing about them.
Protect your business
So what can be done? Nearly all of the players out there operating in the cyber crime milieu are coming at the problem from one of two perspectives. You’ve got the insurance company viewpoint: “Cyber crime’s a problem, buy yourself a premium against it.” Then you’ve got the cyber crime protection industry, which is saying: “We can help you with penetration, volatility or probability testing, firewalls and so on.”
But everything on that market is all about retrospective action – measures that tackle the methods which the criminals have long since discarded. This is why IT departments spend vast amounts of money on firewalls and so on which are not effective. In most cases, the proverbial horse has already bolted.
There needs to be a third way: one which involves giving business leaders a thorough, industry-specific and constantly updated education as to the criminal activity. I’ve been a serious fraud supervisor for the Legal Services Commission, and this kind of experience is requisite to telling people what’s going on out there, as is a solid network – we have access to over 10,000 lawyers worldwide. Based on that experience, we’re informing leaders that this is what the criminals are doing, this is how their nefarious activities are specific to you, these are the ways in which you’re vulnerable, this is what to do about it – and we’ll keep you up to date regularly.
We educate people on what imminent threats might be lurking, with a bespoke approach based on the client’s industry, commercial circles, existing resources, operations and so on. In tandem with our IT specialist partner LAN2LAN, we also offer specialist legal knowledge through a dedicated point of contact 24/7, so that subscribers can seek expertise on any specific problems, such as suspect transactions, as and when they arise.
Workable solutions won’t be found without a full understanding of the problem. Our goal is to furnish clients with that vital awareness. Because in the world of cyber-crime combat, the phrase “knowledge is power” has an altogether more resounding ring of truth to it.
Worried about cyber crime and need expert legal advice?
020 7936 3177
Chaman Salhan is a member of IoD Central London