By Rob Lay, Solutions Architect for Enterprise and Cyber Security, UK & Ireland, Fujitsu
Research from Experian has revealed that the amount of personal data traded by cyber criminals has trebled in the last two years[i]. This significant growth not only indicates an increase in the amount of data created, but also highlights that it is still too easy for criminals to obtain private information. Given that the threat is not going to disappear, what can individuals and companies do to combat this and what tactics can be taken to ensure data is kept safe? Moreover what threats should businesses be most worried about and how should they be addressed?
Cybercrime is now well-established criminal activity and it is a threat faced by businesses and consumers alike. When consumers provide a company with their data, be it credit card information, an address, financial records or healthcare information there is a trust from the consumer that the business will keep this information private and secure. If a business loses that information, be it due to error or from cybercrime, it has a significant impact on not only the consumer but the company itself. Consumers want to feel secure and that they are not at risk. Thus the impact of cybercrime on a business can lead to poor market reputation, the loss of customers, and by extension reduced profits.
The volume of data being traded illegally is growing hugely, yet the cost of individual information on the black market has come down quite considerably. This indicates that A) businesses and consumers are sharing more data, and B) not enough is being done to look after this data when it is shared. Put simply, if businesses made it harder for criminals to access private data, its price on the black market would be much, much higher.
We will never reach a point where all data is 100% secure, but we must pursue all avenues to ensure accessing this information is harder and harder to do each year.
This is especially true in a world where businesses themselves are data-led with employees accessing data from all over the world and via all kinds of devices. While consumer data breaches often make the biggest headlines, it is not just consumers who are at risk. All businesses have data that is of great value, be it internal files and information or highly valuable intellectual property. As such, they need to take active steps to improve cyber defences – whether they store consumer data or not.
One of the first actions all businesses should take when addressing these threats is to identify what data is critical. What data, if lost, would have the biggest impact on the business? In understanding this, businesses can review their actual risk and can then position themselves so that they can act quickly in the event of an attack and try to limit the impact of any breach. Equally, auditing data in this way means the businesses are not only able to react more quickly, it means they are better prepared for an attack.
A challenge to putting this kind of practice in place is that this understanding requires input and insight from all areas of the business to ensure the correct decisions are made. This means constant cross-company communication and may also, in the case of business partnerships, mean working closely with other companies. This collaborative and cooperative approach to cybersecurity by a business may seem a foreign concept with sharing knowledge and insight not always coming naturally in a corporate world. But working together will be absolutely vital to keeping data safe and, as such, businesses need to put in place clear communication standards to ensure they are able to battle cybercrime effectively.
The hacker community and threat landscape is constantly changing and so businesses must change with it. Keeping up with the rate of change will be challenge in itself. But the most successful and secure organisations will be those with a consistent, clear and watertight security programme in place, which can be adapted and honed over the years. The evolutionary nature of cybercrime calls for this very adaptable approach. If we cannot achieve this, we will only continue to see cyber-attacks rise in the coming years. Businesses must act now to combat this.