Who's afraid of the Cyber-Wolf?on Wednesday 6 August 2014 Written by David Clarke
When the walls twice came tumbling down around the two little pigs, I imagine they had a brief moment to reflect on their short dancing careers as they dashed to the safety of their brother's safe house with bad old Wolfie's breath bearing down on their hind quarters.
Just as we all brush off a close shave the playful pigs probably chuckled as they sipped their tot of rum by the fire. Remarkably, even after this near hog roast experience, the handsome piggy wigs probably had no idea that it was not only the walls but the blazing fire their friend had prepared that would defend them from the unwelcome visitor.
The moral behind this classic fable featuring the anthropomorphic pigs is timeless and provides a good depiction of the current attitude of many businesses to the threat from fraud, cyber-crime and corruption.
Your personal data is at risk
I recently spoke about the crime threats to UK businesses at a conference hosted by IT Governance to set out the benefits of adopting the UK government's new Cyber Essentials scheme. The scheme is a health check that ensures businesses of all sizes have implemented "basic" cyber security measures. What was most worrying for me was to hear from the government lead for Cyber essentials that so many companies (even household names who we entrust with our personal data) have not implemented these "basic" measures and are regularly falling victim to hack attacks.
The consequences of such attacks can and are devastating with the average loss to a large organisation of its worst security breach being a staggering £450k to £850k. Of course this does not take account of the reputational damage, potential harm to customers whose identities are compromised and fines from the authorities.
The true harm from fraud and cyber-crime is hidden but what is visible is eye watering. Estimates suggest that fraud costs the private sector over £21bn a year and cybercrime a further £21bn. Putting this into context, in 2010, the value of the UK's internet-based economy was £121bn. Whichever way you look at it, a loss of £42bn is awful and the prospect that this sum is going to feed the lifestyle of criminals is sickening.
Crime capital of Europe
These disturbing figures show that the beast that is organised crime is truly on the prowl but like the playful pigs in the fable, many CEO's and entrepreneurs are simply not prepared for the threat.
What is the threat from organised criminals? Well, according to Europol there are over 3,600 organised crime groups active in the EU and they are exploiting the economic crisis; laundering money; trafficking people and drugs; counterfeiting passports and using the internet to facilitate serious crime. Worryingly, of the 600 major investigations being pursued by Europol, half have links to Britain. That would mean around 1,500 gangs are currently targeting the UK. The respected think tank RUSI says this makes the UK in line to become the crime capital of Europe.
Yet the streets in Britain are calm and not like some lawless town from the Wild West. So where are all those organised gangsters, the wolves that prey on the weak? The answer is the serious criminal is feeding his hunger with a complex diet of fraud and cyber-crime. Moreover, he and she has mastered the art of disguise. Meet the sophisticated Cyber Wolf in chic clothing. Like handsome Mathew Ames the 38 year old conman who fooled the brother of the Duchess of Cambridge to promote his bogus rainforest Ponzi scheme that stole £1.6m from investors without planting a single tree. Mathew is one of the cocky, less clever villains who didn't cover his tracks.
A filthy trade
The real human cost and level of damage to legitimate business as a consequence of cyber and financial crime is often as elusive as the scale of the financial losses. What is known is it is dirty and must not be given an air of respectability by referring to it as a white collar crime. It is a filthy trade that transports and sells human beings; makes people dependent upon drugs; steals identities; and intimidates and lures once noble employees into crime. At the corporate level the organised criminal can drive an honest company out of business with a barrage of electronic attacks or the flow of dirty cash into the tills of a bogus competitor.
This is a global problem and the good news is the UK is a pioneer in the field of prevention and enforcement. Security services and law enforcement agencies across the country and internationally are working together to protect citizens and organisations with new resources and initiatives such as the Cyber Essentials Scheme.
The police and authorities are raising their game and now it is the duty of business leaders to get their vulnerable houses in order. Cyber Essentials provides the assurance to companies and their customers that the firm has the basics in place such as firewalls and patches. These are the bricks and blazing fire that ensure the Cyber Wolf doesn't simply blow your house down with a few puffs or come down the chimney.
ISO27001 means you're serious
The business that is truly serious about protecting information looks beyond the basics and has verifiable procedures in place that are audited and certified to the IS027001 international standard. Today Translations are the first specialist language services consultancy to achieve the standard for their entire global operations and they can testify that it's not easy but it makes a big difference.
Over the past 18 months I have worked with members of the company and consultants from IT Governance to put in place 131 controls to manage physical and electronic information in this enormously data rich organisation. The process was challenging even with high levels of expertise. However, when Today Translations passed their audits with flying colours and picked-up a commendation from the assessor it demonstrated that with 100% commitment a company can secure the standard even in a complex environment. The firm have since won new contracts and invitations to tender based on their high levels of security assurance.
The message for CEOs of companies that do not have ISO27001's 130+ controls in place nor the basic Cyber Essentials is, "Beware, your house of straw may not protect you and your customers when the Cyber Wolf pays you a visit"