[BreachExchange] After high profile cyber attacks at firms like TalkTalk, companies ignore this risk at their peril

[Audrey McNeil]

http://www.cityam.com/238822/after-high-profile-cyber-attacks-at-firms-like-talktalk-companies-ignore-this-risk-at-their-peril

If you found your company to be the victim of cyber crime, do you know who
to call? Would you dial 999? Who would you speak to first – your customers,
or your insurers? You probably have a company plan for the event of fire or
power failure – but do you have a strategy in place to respond to the
fallout from a hack, data breach or cyber ransom? The chances are that you
don’t.

As cyber crime rises up the corporate and political agenda, survey after
survey reveals shocking levels of complacency and ignorance at board level
and among senior managers.

One of the government’s most recent estimates put the cost of cyber crime
to the UK economy at £27bn a year. The sectors most commonly targeted are
software and computer services, financial services, pharmaceuticals and
mining. Espionage and IP theft constitute the biggest risks (in terms of
costs to the economy) but lone wolf hackers and criminal expeditions pose a
huge threat to businesses of all sizes.

High profile hacks (such as that suffered by TalkTalk) can spell disaster
for a company’s share price, customer trust and brand reputation. Arrests
are still being made in relation to that attack, but it appears to have
been carried out by teenagers rather than a sophisticated network of cyber
criminals.

Meanwhile, experts suggest that the vast majority of cyber crimes go
unreported. Often this is down to ransoms – where even businesses such as
private dental practices find that their patients’ data has been accessed
and a cash payment is demanded in order to prevent publication and
subsequent reputational destruction.

Just as a new class of criminals has emerged to take advantage of the age
of data and online commerce, so too has a new breed of business aimed at
defending firms from this most modern of plagues. Crisis communication
consultants, cyber security specialists and former law-enforcement
professionals can command huge fees for cleaning up the damage or beefing
up security.

Undoubtedly, personal and corporate responsibility must feature prominently
in efforts to defend against cyber crime. After all, you wouldn’t leave the
house with the door unlocked.

One thing, however, is for sure: this breed of crime isn’t going away. It
will become more creative and more prolific. Ignore the risks at your peril.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.riskbasedsecurity.com/pipermail/breachexchange/attachments/20160415/dd1fa2cc/attachment.html>