Data/Cyber

Fifth column risks rise - EY

in , ,

BY Richard Summerfield

Cyber breaches and the threat posed by malicious insiders are two of the biggest risks driving investment in global forensic data analytics (FDA), according a new report from EY.

EY's 2016 global forensic data analytics survey, ‘Shifting into high gear: mitigating risks and demonstrating returns’, notes that insider threats  in particular offer the biggest risk to organisations becoming a victim of fraud, corruption or data loss. The most prominent forms of inside threat, according to respondents, include malicious insiders stealing, manipulating or destroying data.

The survey questioned 665 executives globally across a wide range of industries including the financial services, life sciences, manufacturing and power and utilities sectors. From the available data, it is clear that concerns around cyber security are helping to crystalise opinions across industry boundaries; indeed, companies are turning to FDA to try to counteract cyber threats.

Companies have been spurred into action by increasing activity among cyber criminals as well as aggressive regulatory pressure. Rising demands from both governmental bodies and the general public is driving much of the investment in FDA, notes EY. Forty-three percent of respondents claimed regulatory pressure was one of the main driving forces behind their FDA investment, second only to the burgeoning threat posed by cyber crime.

Of those executives surveyed, 44 percent reported an increasing level of concern over “bribery and corruption risk” while 62 percent noted an increasing concern over  “cyber breach or insider threat”.

Given the recent spate of major, headline grabbing cyber attacks, it is little surprise that breaches are weighing heavily on executive minds the world over. As companies take steps to protect their physical and digital assets from internal and external threats, the FDA will continue to play an important role in helping them navigate such risks. Given the size of the fines and sanctions imposed on companies and individuals in recent years, c-suites are understandably concerned about regulatory enforcement around cyber risk.

With the c-suite increasingly worried about the threat of cyber risk and malicious internal actors

Many companies have been pouring considerable resources into bolstering their FDA efforts in recent years. Spend is expected to continue throughout 2016. In 2014, 64 percent of those surveyed believed that their investment in FDA was adequate, while in the latest survey only 55 percent felt the same. Furthermore, three out of five respondents said they intend to increase their FDA spend over the next two years.

Report: Shifting into high gear: mitigating risks and demonstrating returns

Cyber jobs boom

in

BY Richard Summerfield

Thanks to the increasing sophistication of cyber criminals and the technological weapons available to them, instances of cyber crime and terrorism have increased exponentially in recent years.

Though firms have been aware of the nascent threat of cyber crime for some time, many of them are largely unprepared to tackle the problem. However, with more and more high profile cyber breaches occurring, firms are beginning to fight back.

Organisations worldwide are looking to bolster their cyber security defences, and though the demand for competent and effective cyber security professionals is high, there is still a serious skill shortage. In the US alone, more than 209,000 cyber security jobs are currently unfilled, and job postings for cyber professionals are up 74 percent over the past five years, according to a 2015 analysis from the Bureau of Labour Statistics by Peninsula Press.

Globally, the figure for cyber security job openings is believed to be around one million, according to a new report from Cisco.

Cisco’s report notes, however, that the hiring of a raft of new cyber security officials should form just part of a wider cyber response plan. The report recommends that all organisations establish a separate security incident response team. The importance of this response team is likely to increase as organisations become more reliant on technology.

The Internet of Things (IoT) will also have a profound impact on the way companies conduct business. With the IoT security market expected to grow from $6.89bn in 2015 to nearly $29bn by 2020, the opportunities for cyber security professionals in the near future will be plentiful. As more connected or smart devices find their way into our personal and professional lives, the size of the market will grow exponentially.

However, the growth of IoT will present a number of challenges in the years to come. Organisations will need to marry IT and operational technology, in turn giving adversaries new targets such as vehicles, buildings and manufacturing plants, according to Cisco.

Moving forward, the report recommends that companies look to appoint a varied and diverse number of cyber security professionals. The modern chief information security officer should have at her disposal skilled security professionals covering a range of areas. This is particularly important given consumers' growing awareness of cyber and data security issues.

Report: Mitigating the Cybersecurity Skills Shortage

NYC banking regulator reveals cyber security guidelines

in , ,

BY Richard Summerfield

Unless you have been living under a rock for the last few years, it will not have escaped your attention that instances of cyber crime have become increasingly prevalent in the business community. It seems not a week goes by without a cyber breach grabbing the headlines  along with a swathe of sensitive data.

Various regulatory bodies have taken steps to guide firms through the minefield of cyber security. This week, New York’s leading banking regulator – the New York Financial Department of Services (NYDFS) – became the latest to follow suit. The NYDFS felt motivated to act as, in its own words, it "considers cyber security to be among the most critical issues facing the financial world today".

In a letter to other state and federal regulators, including the US Office of the Comptroller of the Currency and Federal Reserve Board of Governors, the NYDFS revealed details about its potential new cyber security regulations for the banks and insurance companies which fall under its jurisdiction. These regulations could include a requirement for institutions to notify companies of data breaches. "It is our hope that this letter will help spark additional dialogue, collaboration and, ultimately, regulatory convergence among our agencies on new, strong cyber security standards for financial institutions," wrote Anthony Albanese, NYDFS’ acting superintendent.

Organisations would also be obliged to ensure that contracts with third parties included a set of rules designed to keep sensitive data safe, including the use of multi-factor authentication, both internally and on customer log-on pages, and data encryption. Two step authentication is becoming increasingly popular online. Social media giants like Facebook and Twitter, services such as Gmail, and even online video games now offer multistep authentication. As such, it seems only logical that financial institutions embrace the technology.

Firms would also be required to appoint a chief information security officer if they do not already have one. The CISO would be responsible for overseeing policy, while cyber security staff would be required to undergo mandatory training.

Under potential new regulations, third party vendors – such as law firms, data processors and auditors – would also be required to achieve compliance moving forward.

News: NY banking regulator unveils details on planned cyber security rule

 

 

Lessons not learned as cyber crime still rife

in ,

BY Richard Summerfield

Companies operating in the current business climate face myriad difficulties and obstacles. One of the most potent and potentially damaging of these challenges is the scourge of cyber crime and cyber terrorism.

One need only look at the attacks on Ashley Madison, Sony and Target to see the extent of the financial, personal and reputational damage that cyber crime can inflict on companies and individuals.

Given the size and scale of some the most recent cyber attacks, it is difficult to imagine companies neglecting their cyber security obligations. However, according to a new report from PwC, nearly 10 percent of UK companies do not know how many cyber attacks they have suffered in recent years.

Furthermore, 14 percent of companies do not know how the attacks occurred. This is particularly disturbing as detected breaches in workplace security systems increased by 38 percent in the past year, according to PwC.

Cyber attacks via mobile phones in particular are becoming much more common. Thirty-six percent of respondents reported an increase in mobile attacks, up considerably from the 24 percent recoded last year. The average cost of those attacks is around £1.7m, the report notes.

PwC’s annual survey took in the opinions of more than 10,000 executives in more than 127 different countries. Much of the damage caused by cyber crime, according to the report, results from the actions of current staff members. Former employees were also a major source of cyber criminality.

But attitudes toward cyber security are changing. According to Dave Burg, global and US cyber security leader at PwC, the survey demonstrated a burgeoning awareness among corporates, many of whom are starting to act and think seriously about cyber security.

“We are seeing an increase in awareness of the risk and opportunities, and more boards are becoming more actively engaged in cyber security preparedness," said Mr Burg.

Despite the increase in boardroom awareness, more can and should be done at board level. The survey noted that 55 percent of boards do not participate in the overall security strategy. Furthermore, 42 percent of companies do not have an overall information strategy.

Report: The Global State of Information Security Survey 2016

Cyber risks still overlooked in dealmaking

in ,

Cybersecurity is now one of the most pressing concerns among the spectrum of risks arising in the M&A process. Intellectual property, operational efficiency, and financial controls are all at stake when companies embark upon a transaction without properly managing this risk. Recent large-scale attacks and the notoriety they have gained may be increasing awareness of these issues, but understanding how best to address them requires expertise that may be lacking among dealmakers.

FW moderates a discussion on cyber-security risks in M&A between Adam Pang at Merrill DataSite, David Stanton at Pillsbury Winthrop Shaw Pittman LLP and Timothy J. Nagle at Reed Smith LLP.

TalkingPoint: Managing cyber-security risks in M&A

©2001-2025 Financier Worldwide Ltd. All rights reserved. Any statements expressed on this website are understood to be general opinions and should not be relied upon as legal, financial or any other form of professional advice. Opinions expressed do not necessarily represent the views of the authors’ current or previous employers, or clients. The publisher, authors and authors' firms are not responsible for any loss third parties may suffer in connection with information or materials presented on this website, or use of any such information or materials by any third parties.