Between the hacking of Emmanuel Macron’s campaign for the French Presidency, the WikiLeaks publication of thousands of CIA documents, and the exposure of 198 million voter records by Deep Root Analytics in the US, 2017 was truly an annus horribilis for cyber security.
With so many alarming, high profile attacks on some of the most secure institutions in the world, perhaps it was unsurprising when the World Economic Forum’s annual Global Risks Report listed cyber attacks among the highest risks facing the world today, right up there with weapons of mass destruction and climate change related environmental disasters.
The risks posed by cyber crime might not be new — hacking has been a serious issue for well over a decade — but in the past five years the sheer volume of attacks has reached previously unimaginable levels. And it isn’t just governments and presidential campaigns that are at risk: CNBC has reported that what one McAfee spokesperson has labelled a cybercrime ‘pandemic’ may have cost the world $600 billion in 2017 alone. So how can businesses protect themselves from this rising tide of online malfeasance?
A Constant Battle
Thirty years ago, cyber security was a fringe concern, and hackers were viewed as being a counter-cultural nuisance. But in a world where software evolves at record speeds and vast amounts of personal data pass through millions of different virtual hands every day, data piracy has become an extremely lucrative business, one that threatens just about every aspect of daily life.
A piece by finance journalist Stacy Cowley published in the New York Times earlier this year took the metaphor of combat to a new level. Cowley’s piece opened with a description of a company formed by a former Delta Force soldier who had served in Iraq and Afghanistan and was now using his technical knowledge to help Mastercard fight cyber thieves.
Cowley’s pieced noted that for many large banks, cyber crime has become the number one threat. It isn’t difficult to see why: now that most banking is done electronically, robbers don’t need to break into vaults to make off with large amounts of cash. Hacking into bank records and stealing personal data can be just as lucrative, and far more damaging to a corporation’s business. In order to resist these attacks, a comprehensive plan is needed.
Awareness Must Precede Action
As with most problems, understanding where the weaknesses and vulnerabilities lie is half of the battle. But unlike more traditional threats, truly grasping the risks posed by cyber security requires a degree of technical understanding that few executives have.
These problems are exacerbated by a commonly held (and fallacious) belief that cyber security is a matter for IT departments to worry about. In many organizations, there is only a rudimentary understanding even among members of the leadership that fending off data breaches and hacks and keeping malignant software at bay is a constant struggle. Likewise, many in leadership are not aware of just how vulnerable the most common communication tools are to hacking.
Private email and SMS were never designed to be particularly secure, and in many cases a well-equipped hacker can intercept and copy unencrypted emails and text messages in minutes. Encryption software can help, but it tends to do so at a serious cost to functionality, which is why most businesses rely on comprehensive IT strategies like firewalls to protect everyday communications.
If employees do not understand that their work email functions with different technical protections than their personal email does, there is the possibility that they will rely on familiar options that seem more convenient to them but open the door to attack.
This poses a particular risk at an organization’s highest levels, in communications between board members. Because board members may not be involved in the day to day running of the organization, they may not operate under the same protections as the rest of the team.
While there is a growing suite of tools available to provide reliable, bespoke solutions to these problems (for example, the Canadian company Aprio has developed software designed to make board communications more secure), all of them require companies to foster a culture of security in their organizations that takes the risk seriously — and makes concrete steps to address it.
Although cyber threats continue to multiply, the horizon is not uniformly dark. Devastating as the past year has been, cyber security is finally being acknowledged in the popular press for being the serious threat it is. Across the range of legacy and new media outlets the klaxon is being sounded in pieces like this one from the Huffington Post and companies of all sizes are finally starting to pay attention. An uphill battle might still be ahead, but with new tools and more information now available, businesses are at least equipped to enter the fray.