Cyber crime is alive and thrivingDOWNLOAD
8 September 2010: With the Australian Bureau of Statistics reporting the fastest GDP quarterly growth in three years, professional services firm Deloitte has warned that successful organisations that are experiencing very fast growth may be at increased risk of cyber crime.
According to Deloitte National Security & Privacy partner Tommy Viljoen, the increased risks are often the result of security taking a back seat during periods of rapid growth, as IT departments contend with managing system availability and day to day issues.
“Resource and infrastructure companies are often considered most at risk from global hackers and are targets for industrial espionage, however we are also seeing retail, manufacturing and other industries now being targeted as business conditions improve,” said Mr Viljoen.
“Deloitte is increasingly working with organisations who were initially unaware that they were under attack.
“Importantly, for every organisation aware they are experiencing these types of attack, there are many more who are leaving themselves wide open. Ensuring information security is under control requires a mix of strategy, pragmatism, an alert culture and good technical skills,” said Mr Viljoen.
“Cyber attacks are more common than people think. With many organisations leaving themselves more vulnerable than they realise – or unaware of how their valuable information can end up in the wrong hands, it is important they have their security systems tested and then devise solutions to manage and prevent attacks,” added Mr Viljoen.
“If sensitive information is either leaked or accessed by competitors, this can have a critical impact on the outcome of sensitive contract negotiations. Cyber crime can lead to the loss of strategic advantage and can also result in organisations being shut out of contact renewals with key clients and suppliers,” said Mr Viljoen.
“Private data, intellectual property, cyber infrastructure, and even military and national security can all be compromised by deliberate attacks, inadvertent security lapses, and the vulnerabilities of a relatively immature, unregulated global internet.
Today’s challenge is applying risk management techniques to ongoing protection of cyber assets and understanding of IT vulnerabilities,” said Mr Viljoen.
Cyber security testing
Deloitte provide a range of cyber security tests that attempt to replicate most common types of threats and then advise on the outcomes.
Examples of findings at clients include:
“There are a number of way clients can be made aware of their vulnerabilities. External and internal penetration testing, reviews of practices and online monitoring facilities and more general cultural assessments all assist in shedding light on the extent of vulnerabilities that may exist within organisations,” said Mr Viljoen.
What’s important is knowing the level of risk faced by the organisation as a result and then taking remedial action to close the gap or address the issue.
“Finally, no matter how much testing you do, if you don’t have an overall framework and approach to security that focuses on creating and delivering a sustainable level of security, you may find yourself compromised, asking reactive questions and dealing with consequences,” concluded Mr Viljoen.