Over the past year we’ve seen more businesses fall victim to security breaches. TalkTalk hit the headlines in late 2015 after an attack on its customer records saw thousands of files with personal information leaked. JP Morgan Chase, Target, TK Maxx, Home Depot, eBay — have all fallen victim to cyber attacks over the last two years.
Robert Masse, a partner at Deloitte, said you don’t put measures in place because you might get hacked, you prepare for the fact that you will. "Everyone gets hacked," he said. "We have to change our way of thinking to, ‘When will we get hacked? And how will we recover?’ "
Masse ran a workshop at the C2 conference in Montréal that took participants through the steps of a cyber attack. He also offered useful nuggets on how innovation and cyber security go hand-in-hand when it comes to protecting businesses.
Masse identified the root causes of infiltration as accidental, where things are published by mistake or by human error, hacking, or loss or theft of hardware; the "threat actors" are mainly hackivists; criminal rings; nation-states; insiders; or quite commonly, disgruntled employees.
Here are the top 10 cyber challenges for enterprises:
- Legacy systems that have not been patched or adequately secured
- Operating without central security policies and standards
- Lack of central management and monitoring of critical assets
- Focus has been primarily on looking down the perimeter
- Malware defenses are inadequate to address today’s threats
- Cyber incident response capabilities are basic or nonexistent
- Often ignoring or not considering insider threats
- Siloed operating model: lack of enterprise risk awareness
- Heavy reliance on technology without adequate operational processes and procedures
- Supply chain vulnerabilities are not measured or managed
The impact of cyber attacks is damaging. Consumers lose trust in the business; reputations are left in ruins; and in serious cases, financial fraud has a devastating outcome for consumers — and the business. But although things may be getting worse, businesses are beginning to take action and ensure they have proper response plans in place.
Apart from the obvious resolutions such as encrypting data, securing hardware and ensuring proper procedures are followed, cyber security will come with culture changes in our businesses.