Tackling Cyber Security
The rapid growth of the Internet in the last decade of the 20th century has provided immense benefits for humankind, but as we know, it has also has created plenty of opportunities for criminals too. As more of our professional and personal lives take place online, so too does criminal operation and it has now become imperative for us to play a role in protecting our data.
Shockingly enough, it was estimated that in the 2010s, cyber-crime cost the global economy billions of dollars yearly and to combat this crime, businesses have been forced to invest in cyber security. Today, the global cyber security market today is worth over $71 billion (USD) and is estimated to grow to $170 billion (USD) by 2020 (Wedutenko & Chung 2015). The growth of this crime is largely due to the transition of the business value proposition away from tangible products into services. This trend inevitably means a business’ value is increasingly tied to their data, technology and web presence.
Technology Driving Cyber-Security Adoption
Our partner Check Point researched cyber-crime trends in their 2018 Security review and found that 2017 was a very pivotal year for technology, especially in regards to cybersecurity. From the resurgence of destructive ransomware, IoT botnets, data breaches and mobile malware to sophisticated multi-vector technologies, a lot happened and it highlighted some important areas of concern.
Changes in attack vectors are currently creating major topics of discussion, primarily around the continued adoption of cloud and mobile services. Although cloud usage is now widespread among businesses, it is still a relatively new technology and continues to evolve. Businesses will, however, continue to move their data to the cloud as they look to make their operations ever more agile and profitable. According to Check Point, this rapid adoption of a relatively new technology allows hackers deeper into enterprise systems. In addition, there are fundamental misconceptions about the levels of security required in the cloud and who is responsible for that security.
AI Vs. Cyber Crime
Artificial Intelligence (AI) has been growing in importance in cyber-crime detection and prevention in recent years. With the increasing number of cyber-attacks daily, human intervention is simply not sufficient enough for timely attack analysis and appropriate response. AI as a field of computing, of which machine learning is a part, is routinely used in cyber security for the following purposes:
- Pattern recognition (identifying phishing emails based on content)
- Anomaly detection (spotting unusual activity, data or processes)
- Natural language processing (converting unstructured text such as a webpage into structured intelligence)
- Predictive analytics.
The utilisation of AI to provide flexibility and learning capability will assist humans in fighting cyber-crime in new ways in the near future. Similarly, to AI, we will see an increase in the use of Machine Learning technologies to assist in cyber detection also.
Did you know that the UK is thought to be one of the most secure places to conduct business in cyberspace?
This was decided so after the country made updates to the Computer Misuse Act 1990, where offenders would face much tougher penalties for committing cyber acts intended to damage. This new Act is also being used to prosecute foreign citizens who use the UK as a base. In this way, the Act somewhat removes the borders from cybercrime reflecting the fact that the internet operates across jurisdictions. This example of the legislative change to address cyber-crime is just one of many though, here in Australia, our new mandatory data breach reporting laws came into effect on 22 February 2018 and they tackle the same issues.
Australia’s legislation largely mirrors similar laws recently introduced in other countries including the USA (Pandagoda 2018). Perhaps the most topical legislative change in recent history is the General Data Protection Regulation (GDPR) which was adopted on 14 April 2016, and became enforceable beginning 25 May 2018. The GDPR is a regulation in EU law on data protection and privacy for all individuals within the European Union (EU) and the European Economic Area (EEA). It aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. Controllers of personal data must put in place appropriate technical and organisational measures to implement the data protection principles. This means that business process that handles personal data must:
- Be designed and built with consideration of the principles,
- Provide safeguards to protect data,
- Use the highest-possible privacy settings by default, so that the data is not available publicly without explicit or informed consent,
- Not be used to identify a subject without additional information stored separately.
In some cases, violators of the GDPR may be fined up to €20 million or up to 4% of the annual worldwide turnover of the preceding financial year in case of an enterprise, whichever is greater. Such rapid legislation change is actually an attempt by governments to provide further powers and controls to assist in tackling cyber-crime.
The increasing complexity of cyber-attacks and the growing awareness of the security risks have compelled organisations to increase their cyber security budgets. This, along with; rapid legislation change, cyber security education for employees and regular updates/reviews of your cyber security strategies, you can protect yourself from cyber crime. If there was ever a time to have your cyber security evaluated and refreshed it is now.
By Jordan Barry | National Practice Manager – Connectivity & Security
Phone us on 1300 746 752 for more information on how we can help you.