What's Changing? - Security

 

Please see below selected recent cybersecurity-related change. 

 

See also:

• What's New? - Security
• What's Changing? - Crime
• What's Changing? - Food
• What's Changing? - Risk

 

December 2022

• Further reading:
  • How aligning cybersecurity with strategic objectives protects your business - World Economic Forum
  • How Safe Do People Feel Worldwide? - Gallup Global Law and Order Research Center
  • Why billionaires are obsessed with bunkers - Financial Times

 

July 2022

• An anonymous hacker claimed to have stolen the police records of about one billion Chinese citizens, almost three-quarters of the population, in what could be one of the biggest data hacks of all time 

 

June 2022

• Further reading:
  • 7 Pressing Cybersecurity Questions Boards Need to Ask - HBR
  • 3 worrying trends in young people’s economic security - RSA
  • 55+ early-stage companies reimagining the cybersecurity landscape - CB Insights

 

April 2022

• Online working surged during the pandemic, and so did cybercrime, Ransomware attacks rose 151% in 2021. The World Economic Forum’s Global Cybersecurity Outlook found there were on average 270 cyberattacks per organisation that year, with each successful cyber breach costing a company $3.6m.

 

March 2022

• Many livelihoods today are more digital than ever: critical resources, including public services, healthcare, energy, and transportation are all online. And threat actors know this. Taking down a large supply chain or critical power grid can cause significantly more chaos than cyber attacks of the past. Despite headlines indicating a dire need for better protection against these attacks, there is still a cybersecurity workforce gap of more than 2.72 million positions. While that number has been steadily decreasing year over year, it’s simply not enough. According to the 2021 (ISC)² Cybersecurity Workforce Study, the global cybersecurity workforce needs to grow 65% to effectively defend organisations’ critical assets.

 

January 2022

• The World Economic Forum’s Centre for Cybersecurity published its Global Cybersecurity Outlook 2022, bringing together insights and key findings from more than 120 global cyber leaders, and highlighting their perceptions, concerns, and projections. The outlooked revealed three main perception gaps between security-focused executives and business executives - prioritising cyber in business decisions, gaining leadership support for cybersecurity and recruiting and retaining cybersecurity talent.

 

September 2021

• The UN released its most substantial recommendations to date for how governments can secure cyberspace from escalating conflict. The recommendations recognised that international law applies to state behaviour online and listed specific sectors that should be considered critical infrastructure and thus off-limits to attack, including healthcare, the electrical grid, education, financial services, transportation, telecommunications and electoral processes. 

 

August 2021

• EY's Global Information Security Survey 2021 report showed that 81% of organisations sidestepped cyber processes and did not consult cybersecurity teams at the planning stage of new business initiatives, even though 43% have never been as concerned as they are now about their ability to manage the cyber threat and 77% had seen an increase in the number of disruptive attacks, such as ransomware.
• With online attacks increasing exponentially in recent years, more and more companies are looking at purchasing cyber-liability insurance, which explicitly covers losses in the event of a cyberattack.
• Western intelligence services warned that universities and other knowledge hubs, such as hospitals and labs, have become the focus for foreign intelligence gathering efforts. Students and PhDs from Iran, North Korea and China have been used as an advanced guard by state services. To make things worse, educational institutions have also become lucrative targets for hackers and ransomware gangs.

 

July 2021

• A global cybersecurity labour shortage forced employers to look further than graduates from top-tier universities and offer roles to those with certificates, diplomas and even self-taught jobseekers, reported the BBC. The pathway to the industry also widened, with candidates from non-IT backgrounds with strong business acumen and ‘soft skills’ increasingly landing top roles, as employers search non-traditional pools for top talent. Jobs related to cyber attacks, data breaches and data leaks have seen a surge across the UK, Europe and US 
• The economic pain caused by cyberattacks hit an all-time high during the pandemic, according to an IBM report.

 

June 2021

• The Economist analysed what it calls the curse of growing cyber-insecurity. One threat is catastrophe. All countries have vulnerable physical nodes such as oil pipelines, power plants and ports whose failure could bring much economic activity to a standstill. The financial industry is a growing focus of cybercrime and regulators have begun to worry about the possibility of an attack causing a bank to collapse. Another threat is harder to spot. Computers are being built into cars, houses and factories, creating an industrial “internet of things”. 

 

January 2021

• A combination of low-probability but high-impact risks and inexorable technology trends will make 2021 the year that cyber conflict creates unprecedented technological and geopolitical risk in cyberspace.

 

September 2020

• Microsoft released the Digital Defense Report, covering cybersecurity trends from the past year. This report made it clear that threat actors had rapidly increased in sophistication over the past year, using techniques that make them harder to spot and that threaten even the savviest targets. For example, nation-state actors are engaging in new reconnaissance techniques that increase their chances of compromising high-value targets, criminal groups targeting businesses have moved their infrastructure to the cloud to hide among legitimate services, and attackers have developed new ways to scour the internet for systems vulnerable to ransomware.

 

July 2020

• When preparing for a crucial video conference, a remote worker will click on any link that gets them into a meeting on time. Yet that’s the trojan horse criminals are using to breach defences during the coronavirus pandemic. People aren’t the only ones being infected; devices are too, with COVID-19-themed phishing and malware. It’s no wonder cybersecurity is now topping the business-risk agenda.

 

January 2020

• The majority of hostile cyber operations by states amount to low-level intrusion, below the threshold of use of force. In a research paper, Chatham House explored how the principles of non-intervention and sovereignty apply to such cyber-operations, and provided suggestions on how to make progress towards building international consensus on the legal framework.

 

December 2019

• Over the last decade, notes WIRED, cyber-hacking became less of a novelty and more of a fact of life for billions of people around the world. Regular people lost control of their data, faced invasive surveillance from repressive regimes, had their identities stolen, realized a stranger was lurking on their Netflix account, dealt with government-imposed internet blackouts.

 

November 2019

• The Paris Call for Trust and Security in Cyberspace launched in 2018 with the commitment of signatories to stand up to cyber threats like election interference, attacks on critical infrastructure, and supply chain vulnerabilities. By the first anniversary of the call, the number of signatories had nearly tripled to more than 1,000 and now includes 74 nations; more than 350 international, civil society and public sector organidations; and more than 600 private sector entities. 

 

July 2019

• A hacker stole the personal and financial information of as many as five million citizens and foreign residents in Bulgaria, a country of about 7 million people. 
• A research paper claimed that cyber-enabled information warfare provides the tactics, tools, and procedures - in short, the means - to replace the pillars of logic, truth, and reality with fantasy, rage, and fear. In a world of ubiquitous cyber-enabled information warfare, communication and information inflame passions rather than informing reason, play to the worst in people’s cognitive architectures rather than the best, and divide rather than unify. Deliberate corruption of the information ecosystem could be seen as an analog of poisoning water supplies that can be done remotely, inexpensively, and anonymously.

 

June 2019

• More than 50 countries signed an international agreement on cybersecurity principles. Along with those countries and more than 200 companies, some Big Tech companies including Microsoft, Google and Facebook were signatories to a commitment to end malicious cyber activities in peacetime. While the agreement was non-binding, it was an attempt to develop norms and standards for the ways in which countries behave in cyberspace. Noticeably absent from the list of signers: Russia, China, North Korea, Israel and the United States, noted Future Today Institute.

 

May 2019

• Cybercrime caused an estimated $3 trillion in damages in 2015, according to research firm Cybersecurity Ventures. The company expected that figure to double to $6 trillion by 2021. Corporations face a “defender’s dilemma,” which a security manager inside Google, summed up this way: “The defender has to be strong everywhere, every day. The attacker only has to win once.” For each set of bad guys, the defence side needs veritable armies, beefing up armaments and rushing to the rescue at the first sign of an attack, yet, by the early 2020s, there could be roughly 3.5 million unfilled cybersecurity jobs across the globe.
• For GZEROMedia, one of the best moves is to take an attacker's weapon and turn it back on them. That's just what China did - in cyberspace: after American operatives used a particular bit of code to attack Chinese computer systems, Chinese hackers took it, repurposed it, and used it to attack a bunch of US allies, according to The New York Times.
• Kickstarter's co-founder thinks the internet is becoming a space of dark forests. As the internet becomes an ever more hostile space, real conversation is retreating into the perceived safety of private channels, invitation-only message boards, text groups, even newsletters and podcasts. These "dark forests" grow because they provide psychological and reputational cover. They allow us to be ourselves because we know who else is there.
• Inc.com notes that cyber risk insurance will increase because hacks can be so costly to businesses. In recent years more insurance companies have begun offering coverage for security-related expenses like liability and data recovery costs. The trend may go further to include more protection against hacks, such as reimbursing revenue that's lost while a company is recovering from an attack or repairing reputational damage that occurs as a result of it. Underwriting policies will be a challenge, though, since it will likely require getting businesses to agree to provide a lot of access to their infrastructure.

 

March 2019

• The School of Life believes that what most of us long for above all else is ‘security’, the sense that we are – at last – safe on the earth. We pin our hopes for security on a shifting array of targets: a happy relationship, a house, children, a good profession, public respect, a certain sum of money. We may mock the term ‘happily ever after,’ synonymous as it is with naive children’s literature but in practice, we do indeed tend to live as if we could one day, somewhere over the horizon, reach a place of rest, satisfaction and safety. However, we can never properly be secure, because so long as we are alive, we will be alert to danger and in some way at risk. The only people with full security are the dead.
• The #SafePlaces movement had by 2019 seen more than 300 restaurants and bars in Mexico City commit to offer women shelter if they found themselves in danger. #SafePlaces was a response to rising rates of femicide, harassment and kidnapping in Mexico. Participating establishments trained their staff on how to attend to women in dangerous situations, and committed to let victims call the police or a taxi from their business. Women can find a local #SafePlace in a public Google doc.  

 

February 2019

• Further reading:
  • Cloud security needs to be your organisation's top priority - Raconteur
  • Cybercrime is learning from business, and earning trillions doing it - Raconteur
  • Cybersecurity landscape: How to thwart cyberattacks - McKinsey
  • Germany: why is the powerhouse so behind with cybersecurity? - Raconteur
  • Improving Cybersecurity Means Taking More Care with What We Digitize - Harvard Business Review

 

January 2019

• 2018 was full of cybersecurity disasters, from the revelation of security flaws in billions of microchips to massive data breaches and attacks using malicious software that locks down computer systems until a ransom is paid, usually in the form of an untraceable digital currency. We’re going to see more mega-breaches and ransomware attacks in 2019, warned MIT. Planning to deal with these and other established risks, like threats to web-connected consumer devices and critical infrastructure such as electrical grids and transport systems, will be a top priority for security teams. But cyber-defenders should be paying attention to new threats, too.
• Over the last decade, cybercrime has evolved from a niche technological concern into a global epidemic that imposes substantial preventative and remedial costs on both businesses and individuals. Though its activities are illicit, cybercriminal networks are highly complex, extremely organised and globally interconnected, according to Chatham House.
• Further reading:
  • Privacy and Cybersecurity Are Converging. Here’s Why That Matters for People and for Companies - Harvard Business Review
  • Artificial Intelligence Is a Threat to Cybersecurity. It’s Also a Solution - BCG
  • Cyber Criminals: How businesses can use psychology to protect - Raconteur
  • Cyber-risk is now on the CFO's agenda as cyberattacks loom - Raconteur
  • Cybersecurity Series: Inside the Cyber Mafia - Chatham House
  • Exclusive: Hackers Take Control Of Giant Construction Cranes - Forbes
  • Five worrying cyberthreats to connected tech - Raconteur
  • IoT security startups: top five to watch out for in the New Year - Raconteur
  • Japan plans to hack into millions of its citizens’ connected devices - MIT Technology Review
  • Pentagon's Cybersecurity Found Unable to Stay Ahead of Attackers - Bloomberg
  • The Great Game of (Cyber) Nations - Forbes
  • With mass connectivity, how will governments respond to new cyber threats? - EY

 

December 2018

• As connected technology develops, potential threats to cybersecurity multiply. Major areas of concern include smart supply chains, data manipulation and social engineering, reported Raconteur. Meanwhile, in this age of digital connectivity, energy networks are increasingly vulnerable to crippling cyberattacks by criminals, rogue hackers or hostile states.

 

November 2018

• Cyberattacks that rip across the internet at light speed, election meddling and disinformation that tears at the fabric of democracy, the brazen theft of personal data and trade secrets – it’s the Wild West out there in cyberspace, warned GZEROMedia. French President Emmanuel Macron called for an international agreement to bring some order to the electronic frontier.Figuring out who launched an attack is hard when hackers from one country can launch viruses from servers in another. The boundaries between state-sponsored cyber operatives and criminal hackers are often fuzzy, giving governments plausible deniability when using these tools.
• Further reading:
  • Cyber security efforts turn proactive after sophisticated attacks - FT

 

October 2018

• A year after organisations were rocked by a series of large-scale cybersecurity breaches and ongoing recriminations over state-sponsored interventions, this year’s EY Global Information Security Survey 2018-19: Is cybersecurity about more than protection? showed cybersecurity continuing to rise up the board agenda. The survey found that 87% of organisations surveyed operate with limited cybersecurity and resilience; 77% currently work with basic cybersecurity protections and are seeking to move toward fine-tuning capabilities and 82% of boards fail to make cybersecurity a strategic agenda item.
• October is National Cybersecurity Awareness Month in the US and a new Microsoft survey of 16 countries revealed consumers have developed a healthy scepticism about unsolicited contact from technology and software companies. They’ve become savvy to flagging such contact as a potential scam. If faced with unsolicited contact from a reputable tech company, 38% would try to block that company from making contact in the future and 33% would look up the issue online. But that doesn’t mean the danger is any less. People are still losing money - and time, warned Microsoft.
• According to Hackmageddon research into the motivations behind cyberattacks during just one month during 2018, some 81% were driven by cybercrime. 
• For WIRED, the first step in solving any problem is admitting there is one, but it warned that US Department of Defense remains in denial about cybersecurity threats to its weapons systems. Specifically, a recent report concluded that almost all weapons that the DOD tested between 2012 and 2017 had“mission critical” cyber vulnerabilities. 
• A North Korean hacking group has penetrated 16 heavily defended banks in 11 countries with a series of ongoing attacks that has netted them more than $100 million. In total, the group has attempted to steal an estimated $1.1 billion over the past four years, according to cybersecurity firm FireEye Inc, reported GZEROMedia.
• The biggest opportunities and threats in finance these days come from the cyber sphere, argued CEPS. Fintech firms have made big inroads in financial intermediation, and some new companies are valued more than large banks. Blockchain and robo-advice are expected to revolutionise the ways banks interact with their clients and structure operations internally.
• Further reading:
  • Asia-Pacific countries fight back after wave of cyber attacks - FT
  • Why is Cyber Security Everyone’s Responsibility? - Cisco

 

September 2018

• EY warned that the explosion of data generated by devices is causing a multiplying effect, drastically increasing the attack surface. Cyber criminals now have a larger target area for malware, ransomware or phishing attacks, and disgruntled employees find it relatively easy to extract their revenge via digital sabotage. On average, the number of breaches per organisation increased by more than 27% from 2016 to 2017.
• Cybercrime is on the rise throughout the world, but the vast wealth of the GCC states (Saudi Arabia, Oman, UAE, Qatar, Bahrain and Kuwait) makes them especially vulnerable, warned Chatham House. In response increasingly stringent laws governing online activity have been enacted, but do these measures encroach too much on the rights of individuals?  See Cybercrime legislation in the GCC countries: fit for purpose? 
• As one of the most highly-valued jobs currently, cybersecurity now has reportedly 300,000 job openings, creating cottage industries to pull altruistic “white hat’’ bug-hunting hackers from dark chat rooms toward "respectable" employ.
• Indeed, recruiting cybersecurity experts is becoming a challenge for companies, as skilled staff are in short supply, reported the FT, but AI is coming to the rescue. While AI is already taking the pressure off overstretched cybersecurity teams, the skills required from professionals are changing rapidly as the technology evolves. This is forcing companies to choose between retraining existing staff or hiring fresh talent. Machine learning is ideally suited to monitoring growing volumes of data for potential security breaches and cutting cybersecurity teams’ workloads. 
• Almost every aspect of our lives is shaped by digital technology and its immense efficiency, argued Raconteur. Many countries have now turned to various forms of e-voting, either by adopting electronic voting machines or offering people the chance to cast their vote online. While some privacy and security concerns remain, advocates say electronic voting helps uphold the accuracy and integrity of the result by preventing miscounts or any other mix-ups. As well as cutting election costs, internet voting offers the chance to boost turnout by engaging parts of the electorate not usually interested, or able, to get out to their polling station.
• Further reading:
  • Can Cybersecurity be Entrusted with AI? - Vinod Sharma's Blog
  • Cyber Security Series: Comparing Best Practice Across Europe - Chatham House

 

August 2018

• 2018 has been an intense year so far in cybersecurity, with an array of breaches and threats hitting headlines. A new report from Accenture sheds some light on the five cybersecurity trends influencing the modern threat landscape, from supply chain threats to cryptocurrency mining. 71% of organisations surveyed by Accenture Security iDefense saying they still have a lot to learn when it comes to threat mitigation, 

• Machine learning can transform threat detection and monitoring beyond a time-consuming manual process, said Security Brief. It can not only detect malware, but also suspicious user behaviour. A robust cybersecurity solution that uses machine learning should therefore provide actionable threat intelligence without overburdening security teams with false alerts.

• Financial services saw more cybersecurity incidents than any other industry last year. Now financial firms are shifting their strategies from passive to active cyber defence. CB Insights took a look at how financial services companies are stepping up their cybersecurity game.

• With the proliferation of more and more sensitive data, expanding connectivity, and the adoption of automated processes, new research from Accenture reveals that C-suite and IT decision makers need to embrace a different approach to cybersecurity to effectively protect against future cyber risks. While most companies have a chief information security officer (CISO) or assigned cybersecurity to a C-suite executive, such as a chief information officer (CIO), often, these leaders have limited influence on cybersecurity strategy outside their departments. Additionally, nearly half of CISOs acknowledge that their responsibilities for securing the organization are growing faster than their ability to address security issues.

 

July 2018

• The military and civil cyber-security market grew from $3.5 billion in 2004 to $120 billion in 2017. The conflicts of the future will be fought in invisible trenches, warned GZEROMedia.
• Over the last two years, major attacks on high profile corporations have inflicted damage to business confidence and compromised the data of millions of consumers, warned Chatham House. Malware attacks such as WannaCry and Petya have demonstrated the capability of both non-state and state-sponsored actors to cause significant disruption across a host of different sectors, exposing a variety of different vulnerabilities.  
• 45% of chief information officers (CIOs) fear that they will lose their jobs because of a data breach in the year ahead, and 67% believe that such an incident is likely to occur. In this context, Shaping Tomorrow analysed the future of cybersecurity and action to take accordingly.

 

June 2018

• Cybersecurity will become increasingly important in protecting against digital criminal activity, noted CB Insights, listing the top emerging companies shaping the future of cybersecurity in its 2018 Cyber Defenders Report.

• According to CB Insights, since late 2013, a band of cybercriminals has infiltrated the digital security of 100+ banks in 40 nations to steal about $1.2bn. The string of thefts, known as Carbanak, is said to be the biggest digital bank heist in history.

• Cyberattacks are a real and present threat to any organisation and its customers today, and The Economist predicts that cybercrime will become an even bigger problem throughout 2018. To maintain the faith of customers and protect businesses from catastrophic data compromise, companies will need a comprehensive cybersecurity plan, warned getabstract, recommending Beyond Cybersecurity: Protecting Your Digital Business – a manual on how to develop “digital resilience” in an organisation.

• More than two months after a cyberattack hobbled many of its critical municipal systems, the city of Atlanta is still sorting through the wreckage of what is likely the worst cyberattack targeting a U.S. city to date.

• A speaker at the Latitude 59 startup 2018 event in Tallinn, Estonia argued that society is now basically a cyber system that can be hacked and disrupted with the dependency we have on mobile phones, digital systems and other aspect of tech integrated throughout our life. The speaker reconceptualised Maslow’s Hierarchy of Needs to illustrate how every part of the pyramid relies on cyber today. 

• Why is Cybersecurity so hard?, asked Harvard Business Review. Short answer, according to Wired - because individual, not machines or corporations, are ultimately responsible and of course, infinitely fallible, as evidenced in its overview of some of the largest attacks of 2017. 

 

March 2018

• GZERO Media warned that there’s no Geneva Convention for cyberspace at the moment. Without global agreement on the distinction between online behaviour that is merely bad and what’s truly unacceptable, it’s difficult to determine proportionality in the cyber realm. Does large scale IP theft, for example, demand the same response as hacks or disruptions of critical infrastructure?  
• See also: Cybersecurity: The role of the board of directors, ‘Cyberphobia’, by Edward Lucas - FT.com

 

Pre-2018

2016

• Cybersecurity defence measures are not what they used to be, particularly when cyber criminals are inventive and tech savvy. In a new series of videos, Accenture outlined a way forward for banks, insurers and capital markets institutions hoping to ward off cyber attack.

 

 

 

May 2016

 

 

• Compared with the US and Israel, the UK has been slow in developing a cybersecurity industry. But it's catching up, thanks to growing recognition of cyber defence as both a business and a national - security imperative. In late 2015, the government announced a £165 million fund to support innovative cybersecurity strategies, part of plans to spend £1.9 billion on a viable cyber strategy over the next five years. The move followed the creation of the Academic Centres of Excellence in Cyber Security Research initiative in 2011.

 

 

 

April 2016

 

 

• As the Internet of Things (IoT) ramps up and 'smart' devices using wireless technology to talk to us and each other become more common, so too will the malware attacks targeting these new connected gadgets. According to Gartner, predicted global spending on IoT security will reach $348m (£239m) in 2016, a modest 23.7% increase from the 2015 spending of $281.5m.

 

 

• Accenture is expanding its global security presence by opening a cyber centre in Bangalore, India. The new state-of-the-art facility uniquely brings together interdisciplinary capabilities, ranging from the innovation, incubation and development of new solutions to strategic consulting and transformation, and the managed delivery of a broad range of cyber defence services, enabling clients to tap into the latest strategies and technologies to address their toughest cybersecurity challenges

 

 

• Computer scientists from the Michigan Institute of Technology (MIT) and a machine learning startup, PatternEx, have reportedly developed a new system that can correctly detect 85% of cyberattacks using artificial intelligence merged with input from human experts. At the moment, security systems are closely monitored by humans and programmed to pick up on cyberattacks that only follow very specific rules, as such missing any attacks that do not follow those rules. But, there are also systems autonomously run by computers that practice anomaly detection – i.e. the identification of items, events or observations – that do not conform to an expected pattern or other items in a dataset. This method often leads to false positives, meaning that humans doubt the reliability of the system and are forced to go back and check all the results anyway. To improve this, researchers from MIT and PatternEx developed the AI2 artificial intelligent platform, which merges three different machine learning methods that enable computers to learn unsupervised.

 

 

• The latest report from business intelligence provider visiongain found that the cybersecurity market is going through a period of rapid growth and innovation as industry leaders and policymakers struggle to contain the effects of cyber attacks and data breaches, hence the high rate of mergers and acquisitions in the sector. (The highest valued acquisition to date in the cyber security sector was in October 2015 when Dell announced the takeover of EMC.)

 

 

• Cybercriminals are no longer solely attacking big corporations but are increasingly turning their attention to smaller firms, it has emerged, sparking fears that there is a new “back door” through which hackers can steal reams of data and cash. Nearly half of the global attacks logged during the course of 2015 were against small companies with fewer than 250 staff, as criminals sought to exploit their digital weaknesses to steal information, bring down websites and send spam. The research by internet security firm Symantec found that over the past four years, small firms have become a more attractive target, especially as larger companies have improved their cybersecurity systems, locking out hackers.

 

 

• EU countries lack a harmonised framework to respond to the challenges of a large-scale cyber incident, according to a report by security agency Enisa, which is urging decision-makers in the region to take action to avoid a major cyber crisis. The call came as Enisa published a report recommending more efficient cyber crisis co-operation and management based on an analysis of current crisis management frameworks.

 

 

 

March 2016

 

 

• A national industry association for protecting cybersecurity, chaired by a leading figure in China’s internet censorship effort, has been set up on in Beijing. The newly founded Cyber Security Association of China - the first of its kind in the country -consists of companies in related industries, such as internet giants Baidu, Alibaba, Tencent and telecom firms China Mobile and China Unicom. It also includes top universities and research institutes in the field, including the National University of Defence Technology, Peking University and some institutes under the Chinese Academy of Sciences.

 

 

• The UK government announced it will invest £1.9 billion over the next five years into protecting Britain from cyber attack, in addition to developing the UK's sovereign capabilities in cyberspace. The move is part of the second National Cyber Security Strategy, to be published later this year, with funding to be used to support those working towards protecting the country from cyber attacks. This includes a national cybersecurity centre that will work with industry professionals, academics and international partners. The government will also explore how it can work with internet service providers to protect users and businesses from malware and other threats.

 

 

• Spending on security is still not at a level that matches the changing threat landscape. While cybersecurity budgets are growing, this increase is not in line with rising threats, according to a majority of security professionals. Two-thirds of members polled by the UK's Institute of Information Security Professionals (IISP) said security budgets have increased, while 15% said budgets have stayed the same.

 

 

• While 2015 was a boom year for cybersecurity start-ups, the market has cooled in early 2016. The reason seems to lie in the general downturn facing the technology industry as well as the attitude of investors towards the cyber defence sector. The Financial Times analysed why this should be when the number of high-profile hacks of major companies keeps growing.

 

 

• Accenture formed a new alliance relationship with Endgame Inc. – a provider of cybersecurity software solutions to actively hunt adversaries – to integrate the company’s sophisticated capabilities with Accenture’s cyber defence services. As part of the relationship, Accenture has also taken an equity position in Endgame. Terms of the investment were not disclosed. Accenture will resell Endgame’s solutions as part of its portfolio of holistic cyber defence servics that include strategy, transformation, managed security services, the Accenture Cyber Intelligence Platform, automated threat intelligence, monitoring, advanced analytics and real-world adversary simulations, as well as incident response and remediation.

 

 

• Companies are pushing ahead full force into the Internet of Things, but a new report has revealed a potentially major problem. AT&T's Cybersecurity Insights Report, which included a survey of more than 5,000 enterprises worldwide, found that 85% of enterprises are in the process of or are planning to deploy IoT devices, but only 10% feel confident that they can secure those devices against hackers.

 

 

• The internet economy generates $2-3 trillion annually. However cyber crime extracts 15-20% costing businesses $400-500 billion a year. A new Raconteur report explored the Deep and Dark Webs, the best way to protect reputation in the wake of a cyber attack and how cyber attackers may be closer than people think. It also maps the growing world of cybersecurity and how companies could be caught in the crossfire of cyber warfare.

 

 

• See also:

 

 

• New cyber crime unit will help business build defences
• How law firms can fight cyber attacks from the front line

 

 

 

February 2016

 

 

• Authored by Dennis Nally, PwC's newest CEO Insights blog post discussed cybercrime as a major threat to businesses according to our Global Economic Crime Survey.

 

 

• Deloitte India announced the expansion of its Cyber Intelligence Centre (CIC) in Gurgaon. This facility integrates technology with industry insights to provide round-the-clock business-focused cyber and operational security. With 24x7 coverage, the CIC has the capability to monitor and assess threats specific to clients, enabling Deloitte to effectively mitigate risk and strengthen cyber resilience. Deloitte’s Gurgaon CIC will be part of a globally interconnected set of cyber intelligence centres to provide leading insights and services to its clients.

 

 

 

January 2016

 

 

• In 2015 62% of UK law firms reported suffering a cybersecurity incident with 50 of those firms suffering losses of up to £2 million. These incidents continue to increase year on year and the attacks are becoming increasingly sophisticated. With imminent regulatory changes, such as mandatory breach notification, many clients are now routinely including comprehensive IT security and information protection as a must have from their legal provider. For law firms, the lure of significant client money balances is hard to resist for fraudsters, meaning that PwC believes that material loss of client money is one of the most significant risks a law firm now faces - see also Cyber threats - a real and present danger.

 

 

• Cyber breaches and insider threats, which include malicious insiders stealing, manipulating or destroying data, are the fastest-growing risks according to executives, finds EY’s '2016 Global Forensic Data Analytics Survey, Shifting into high gear: mitigating risks and demonstrating returns'. The survey was conducted with 665 executives globally across nine industry sectors, including financial services, life sciences, manufacturing and power and utilities. When looking at the current use of tools to investigate incidents or manage risk, the survey found that internal fraud risk ranks highest for the application of FDA at 77% and cyber breach or insider threat risk ranks second at 70%.

 

 

• Firms supplying essential services, e.g. for energy, transport, banking and health, or digital ones, such as search engines and cloud computing, will have to take action to improve their ability to withstand cyber-attacks under new rules approved by EU Internal Market MEPs. The new directive for a high common level of security of network and information systems (NIS) across the Union aims to end the current fragmentation of 28 national cybersecurity systems, by listing sectors in which critical service companies will have to ensure that they are robust enough to resist cyber-attacks. These will also be required to report serious security breaches to national authorities.

 

 

• As financial services institutions pursue digital strategies, their operations become part of an evolving cyber environment, explained EY in 'Digital  innovation? Cyber Secure?' In this connected ecosystem of entities, people and data, your organisation is increasingly using web, mobile and social channels to transact with your customers and partners. This means the perimeter of the organisation is disappearing. Mobile computing is blurring organisational boundaries, taking IT closer to the customer. and opening up new avenues of cost saving, agility and speed to market.

 

 

• Unsure of who to turn to for cyber advice, many small business owners ignore the issue until they are forced into action, by either becoming, or knowing, a victim of cyber crime. The Confederation of British Industry argues that the actions SMEs will need to take are small but make a considerable difference. They can be as simple as clicking the “update” button on software instead of putting it off for later, or avoiding the classic pitfall of using the same password for all devices in a company. It also means applying the same thinking and security practices to all devices, not just PCs, especially in a small business where members of the team work remotely using mobile devices containing business critical information.

 

 

• In Cybersecurity for Public and Private Healthcare – Kennedy Vanguard Leader, PwC was rated as the Outright Advancing Vanguard Leader with the greatest depth of capability of any firm. (PwC has secured an external licence, allowing us to cite the rating externally in a variety of marketing and business development activities.)

 

 

 

December 2015

 

 

• In 'Cyber-security: bad and getting worse', The Economist warned that headline-grabbing breaches of computer networks mushroomed in 2015, from Ashley Madison to American government databases. The bill rocketed, probably into the hundreds of billions - a huge wealth transfer from law-abiding victims to cyber-criminals. Most attacks depended on exploiting carelessness with simple trickery, not computer wizardry. The online criminal economy is evolving fast, with crime-as-a-service businesses offering customers technical support and profit-sharing schemes. Though the internet is fundamentally insecure, the means to foil most attacks are readily available: keep data encrypted, on well-designed networks, with access and connections carefully managed—and stay vigilant for anomalies. The biggest vulnerability for managers is people (“carbon-based errors”), not machines. In 2016 politicians, regulators, insurance companies, credit-rating agencies, shareholders, customers, suppliers and employees will demand more care from those entrusted with other people’s data. But change will come only after a lot more pain.

 

 

• The number of attacks by cybercriminals against businesses doubled in 2015, research by Kaspersky Lab revealed. The research found that, in 2015, some 58% of corporate PCs were hit with at least one attempted malware infection, which represents an increase of three percentage points on 2014. Some 29% of business computers were exposed at least once to an internet-based attack, while 41% faced local threats, such as infected USB sticks. Additionally, there was a 7% increase in the number of attacks targeting the Android platform.

 

 

• UK bankers and market watchers place cyber crime at the top of their list of 24 possible risks, according to PwC's 2015 Banking Banana Skins survey. he threat list, compiled by us and the Centre for the Study of Financial Innovation (CSFI), highlights the top risks of UK bankers, observers and risk regulators. The list was highlighted at the annual risk management conference, RiskMinds 2015, in Amsterdam.

 

 

• According to Sourceforconsulting, the annals of consulting are packed with not-quite-blockbusters, but it does look as though we have a genuine one on our hands today: cybersecurity. With every successive news item about a company that’s seen its customer data hacked, public concern grows. It’s a new battle for executives to fight, and one in which no one can afford to relax or cut corners. And it’s big business for consulting firms, some of whom have seen their cyber practices triple in size in the last year alone. “There’s no limit to how much we’ll spend on this,” one worried CIO told Source. And unusually for even a blockbuster service, it’s hard to imagine that the end will ever be in sight: criminals kept out by a new lock on the door are simply going to find a new way in. The price of cyber security will be eternal vigilance.

 

 

• Technology firms and those running critical services will have to report cyber-breaches, under new rules proposed by members of the European Parliament (MEPs). The rules will also establish minimum standards of cybersecurity for banks, energy and water firms. It is the first time Europe has created EU-wide rules on cybersecurity. It comes in the wake of concerns that key infrastructure, such as airports or power stations, could be targeted by hackers. The proposed laws - agreed by MEPs and ministers from the 28 EU countries - will also apply to some tech firms. The details of this have yet to be worked out but the rules are likely to include online marketplaces, such as eBay and Amazon, and search engines such as Google.

 

 

• The era of the large-scale cybersecurity breach looks set to stretch into 2016, with new targets replacing the likes of as US-based Anthem Healthcare, Ashley Madison, a Canadian dating website for married people, and UK telecoms company TalkTalk in the headlines. Hackers have become experts in finding new vulnerabilities to exploit as soon as old holes are closed. In contrast, there has been no great leap forward in cybersecurity defences. Instead, security experts are predicting next year will see criminals abuse new technologies, such as the increasing reliance on mobile payments, and will see cyber attacks centred around political conflicts — from the battle with Isis to the US election.

 

 

• The 2015 Grant Thornton International Business Report, a global survey of 2500 business leaders in 35 economies, revealed that over the past 12 months more than 15% of businesses across the world have suffered a cyber attack, costing a total of more than US$300bn. That's just the measurable costs. Who knows what the reputational damage, loss of trust and custom adds up to. Just 52% of businesses globally currently have a cybersecurity policy in place.

 

 

• In Sydney, Deloitte launched the latest in its global network of cybersecurity centres. The firm has 3500 cyber specialists across 46 countries. Founder James Nunn-Price explained Deloitte’s globally distributed model, “Most organisations have one big security operations centre and they put all their data into that centre and employ people in that area who might be multilingual. Our operation is different as we've realised people who are in the country will know more about what's going on in their country more than those who are not and they will speak the local language, know the local customs, and they will understand themes of the day in that region. Our Asia Pacific centres are now live and strategically located in Japan, Singapore, Malaysia, and India, linking to our new centre in Australia – with HK/China due to come on line next year.”

 

 

• Capgemini added identity as a service to its cybersecurity offering. The firm’s Global Head of Cybersecurity commented, "Capgemini's IDaaS offering takes away the complexity of identity security, bringing critical components together in one managed package to deliver a more seamless process for both user and operator”.

 

 

• As access to the internet is growing, so are cyber crime rates in Africa where businesses and governments are starting to face a new type of threat for which few are currently prepared. Statistics show that 298 million people in Africa are active internet users, nearly 30% of the total population, a number expected to grow as internet penetration continues to improve in towns and rural areas. The financial sector is by far the most vulnerable sector. For example, every year Kenya's Commercial Bank loses $9.4 million to cyber perpetrated fraud. Resulting not only in economic loss but also affecting brand image and market reputation, there is a significant need for corporate entities to recognise these cyber threats and develop incident response strategies.

 

 

• The UK’s Government Communications Headquarters (GCHQ), warned that it has been identifying up to 200 attempted cyber attacks every month, twice the number observed in the summer period in 2014. These statistics include attacks on critical infrastructure as well as activities of nation state actors and serious organised crime groups.

 

 

 

November 2015

 

 

• The risk of cyber terrorism is rising fast. And the problem is that, if an attack did happen, it is unclear how the insurance cost might be handled, warned the Financial Times. In the past couple of years the insurance industry has started to offer policies against cyber hacking in a general sense; surveys suggest that between 30 and 50 per cent of large American companies now have such policies in place, but cyber terrorism is shrouded in legal uncertainty, and the costs of an attack are hard to model.

 

 

• The majority of professional services companies including accounting and law firms, have experienced a fraud incident in the past year, often connected to corruption and bribery, and incidents rates are running higher than in other sectors, according to research by risk specialists Kroll. The 2015 Kroll Global Fraud Report polled over 750 senior executives worldwide. The findings show 72% of professional services firms reported instances of fraud, with the most common type being corruption and bribery, experienced by 22%, a higher level compared to other industries. This was followed by internal financial fraud (14%), also the highest figure of any sector, and information theft (13%). Money laundering (9%) and theft of physical assets (7%) came lower down the list.

 

 

• Global demand for cyber security experts is forecast to outstrip supply by a third before the end of the decade, with companies struggling against what one senior industry figure has called the “largest human capital shortage in the world” . (ISC)2, the security certification and industry body, predicts that companies and public sector organisations will need 6m security professionals by 2019 but only 4.5m will have the necessary qualifications. Data from a range of security companies, recruiters and professional services groups show the extent of the problem companies face as governments prepare new regulation forcing them to improve their cyber defences.

 

• Tech Crunch warned that while cybersecurity debates tend to focus on theft of personal information and cyberattacks that damage physical systems like electric grids, there is less discussion about a very real threat posed by hackers who deface websites, apps and other sources to spread false information. Neither our legal system nor our private sector is adequately prepared to deal with such damaging acts.

 

• More than one-third (36%) of global organisations still lack confidence in their ability to detect sophisticated cyber attacks, according to the annual EY’s Global Information Security Survey 2015, 'Creating trust in the digital world'. The survey of 1,755 organisations from 67 countries examined some of the most important cybersecurity issues facing businesses today and found that 88% do not believe their information security structure fully meets their needs. When it comes to IT security budgets, 69% say that their budgets should be increased by up to 50% to align their organisation’s need for protection with its management’s tolerance for risk. The most likely sources of cyber attacks: criminal syndicates (59%), hacktivists (54%) and state-sponsored groups (35%) retained their top rankings. However, compared with last year’s survey, respondents rated these sources as more likely: up from 53%, 46%, and 27%, respectively, in 2014.

 

 

• 'Financial Services Firms Face Further Scrutiny of Their Cybersecurity Practices: Is Your Firm Ready?' examined structural deficiencies in how financial firms manage their cybersecurity efforts. According to the report, financial cybersecurity is lacking in three key areas: security policy - firms fail to be proactive in their auditing of IT and IT security; accountability when moving company data - employees are often able to move company data to personal and home devices without accountability or tracking measures in place;disaster recovery - firms lack business continuity plans in place in case of emergency. The report also found financial firms don't properly vet third-party vendors before taking them on or use ones with inadequate technology.

 

 

• Frost & Sullivan explored the changing global dynamics that are driving security stakeholders to re-evaluate resources and operational requirements to protect against a range of evolving threats - from traditional terrorism and crime to emerging threats from cybersecurity, information and unknown groups. In response to these challenges, Frost & Sullivan identified the top five mega trends in the security industry that it believes will shape the way in which governments will protect their citizens and critical assets in the future.

 

 

• PwC's recent EMEA FS conference in Barcelona dedicated one of its sessions to the 'Game of Threats'. To inspire executives to invest in the outcomes, Game of Threats engages players with high-intensity action and taps into their natural desire to defend their systems and defeat threat actors that target their companies. Players are divided into teams of 'company and threat actors', with intense competition on both sides, as our participants discovered after playing the game. The game challenges players to make quick, high-impact decisions with minimal information. This high-pressure environment is used by PwC to help executives assess their readiness to respond to a breach and practice striking the right balance between taking action and ensuring that the necessary cybersecurity resources are available and properly used.

 

 

 

October 2015

 

 

• The deputy director of the US National Security Agency (NSA) warned of the increasing danger of destructive cyber attacks by states. He told the BBC: "If you are connected to the internet, you are vulnerable to determined nation-state attackers." He said nations would need to identify red lines that should not be crossed. and also said that agency targets, numbered in "the high hundreds", had discussed leaks by contractor Edward Snowden, with some changing their behaviour.

 

 

• Organisations in the Asia-Pacific region were forecast to spend $230 billion to deal with cybersecurity breaches in 2014 — the highest amount for any region in the world, according to International Data Corporation (IDC) and the National University of Singapore survey, as reported in Marsh’s “Cybercrime in Asia” 2014 report.

 

 

• Analyst firm Frost & Sullivan forecast the cybersecurity market in Australia and New Zealand to reach revenues of more than $1.6 billion (USD) by 2019. This is up from a little over $590 million in 2012.

 

 

• India has the world’s second largest population, and a very small cybersecurity economy. But they are a nation to watch for cybersecurity market growth. According to a PwC report cited in The Economic Times, India’s cyber security market size will jump to $1 billion USD in 2015 (from an estimated $500 million USD last year).

 

 

• Cybersecurity experts criticised the safety of UK-based TalkTalk's systems after telecoms company was hit by a "significant and sustained" cyber attack which have put personal details of up to four million customers at risk. The broadband provider admitted some of the data was not encrypted, meaning the cyber criminals may have gained access to people's bank account details, passwords, home addresses and telephone numbers. The company said it had received a ransom demand from someone claiming to be responsible for the hack

 

 

• A key cybersecurity partner of EY, US-based iSIGHT, is expanding its Australian presence. It plans to double its Australian headcount (of 10) within six months, after opening its first office in September. iSIGHT will be hiring for research, analytical, sales support and channel management roles. ISIGHT’s intelligence products can be integrated with third party offerings and the firm says it is currently tracking over 70,000 ‘threat actors’ in 17 languages using “signals intelligence, open-source intelligence collection and feet on the street”.

 

 

• KPMG Capital announced that it had taken an equity stake in Norse Corp., a leader in live attack intelligence solutions which help companies pre-emptively block cyber-attacks, track emerging threats and detect compromises. Norse is the latest investment in KPMG Capital’s first global fund focused on accelerating innovation in data and analytics. KPMG Capital was the lead investor in California-based Norse’s latest Series A1 round of funding. The $11.4 million total raised in the round will be used by Norse to bolster the company’s product development efforts and accelerate expansion in high-growth markets.

 

 

• A rash of hacking attacks on US companies over the past two years has prompted insurers to massively increase cyber premiums for some companies, leaving firms that are perceived to be a high risk scrambling for cover. On top of rate hikes, insurers are raising deductibles and in some cases limiting the amount of coverage to $100 million, leaving many potentially exposed to big losses from hacks that can cost more than twice that.

 

 

• Women represent just 10% of the cybersecurity workforce, according to a report released by (ISC)², a nonprofit specialising in IT, and Booz Allen Hamilton. This figure has remained unchanged for two years. Despite the stagnant numbers, the report finds that great potential for women in the industry exists. Women make up 20% of all information security workers in governance, risk and compliance roles, an area of the industry that has been increasing heavily since 9/11. The survey additionally found that women are perceived to be stronger at balancing business objectives and risk management, a skill increasingly valued in the sector.

 

 

• Europol said in a new report that it believes bitcoin could become the go-to currency for digital criminals in the region. The European Union's top law enforcement agency released its Internet Organised Crime Threat Assessment for 2015, outlining its view of the top cybercrime threats facing the EU.

 

 

• The Federal Bureau of Investigation is looking to enlist teenagers in its fight against cyber crime before they are lured into high-paying private sector jobs or fail background checks by smoking marijuana.

 

 

• ETF Securities, a London-based issuer of exchange-traded funds, partnered with US-based index provider ISE ETF Ventures to launch the first European-listed ETF to offer pure-play exposure to the fast-growing cybersecurity sector. ETF Securities bring cyber security ETF to European investors. Listed on the London Stock Exchange, the ETFS ISE Cyber Security GO UCITS ETF is linked to ISE Cyber Security UCITS Index, providing investors with a simple, liquid and cost-effective way to gain access to this high profile and increasingly important sector, which is forecast to grow at a compound annual growth rate of 9.8% to $170bn by 2020.

 

 

• Capgemini announced a global alliance partner relationship with Fortinet®, a leader in high performance cybersecurity solutions. Through this relationship Capgemini will further reinforce its cybersecurity services portfolio leveraging Fortinet products to help reduce customer cybersecurity costs and increase the resilience of clients’ infrastructure and applications. This alliance allows enterprise organisations to benefit from the combination of Fortinet’s expertise in innovative and effective security products and Capgemini’s cybersecurity services, on a global scale.

 

 

September 2015

 

 

• For organisations across all industries and geographies, cybersecurity has become a high-priority topic over the past two years since Kennedy Consulting Research & Advisory last examined the cybersecurity consulting market. Cyber attacks are not only more prevalent and sophisticated, but also cost organisations more in damages – 23% more in 2014 over 2013, which has left them struggling to cope with the challenges that accompany greater cybersecurity vulnerability.

 

 

• A recent agreement by US and Chinese Presidents Obama and Xi marks for Eurasia Group a significant step forward in the relationship and makes the near-term risk of sanctions less likely. The two sides agreed not to “conduct or knowingly support cyber-enabled theft of intellectual property, including trade secrets or other confidential business information, with the intent of providing competitive advantages to companies or commercial sectors.” The fact that Beijing agreed to this language is an unexpected breakthrough only made possible because the Obama administration demonstrated that it was extremely serious and willing to move forward with sanctions imminently, unless Beijing made public concessions.

 

 

• Deloitte has "absorbed" Oracle-specialist cyber risk consulting firm Qubit and its 22 employees, with its founders becoming Deloitte partners as of October 1st. Qubit was founded in 2005 and last financial year had revenues of $5m. Deloitte's cyber risk services leader, Tommy Viljoen, indicated that Qubit won't be the last acquisition in this space,  "Acquisitions will be focused on all areas of the digital portfolio, but we have a massive investment happening in the cyber space, including a new cyber intelligence centre, which we are putting millions into. We just don't see the other large accounting firms as being our rivals these days. We see the broader tech group being the rivals. Our focus has changed as we have moved away from the others."

 

 

• The Securities and Exchange Commission needs to be “much more active” in pushing businesses to boost their cyber defences in the face of growing threats, according to one of the market regulator’s policymakers.

 

 

• Deloitte launched a Cyber Security Operations Centre in Malaysia, offering security monitoring, incident response and cyber war gaming. The security centre will work with Deloitte member firms around the world to provide around the clock protection across all time zones. In addition to bolstering cyber security, the centre has an advanced preparedness technique that simulates a potential cyber attack - allowing organisations to evaluate their cyber incident response preparedness and identify cyber incident response capability gaps.

 

 

• 81% of health care executives say that their organisations have been a victim of at least one malware, botnet or other cyber-attack in the last 24 months, according to the results of KPMG’s 2015 Healthcare Cybersecurity Survey. Only half feel that they are adequately prepared to prevent future attacks. Larger organisations appear to be better prepared than smaller ones. According to the study, the area of greatest vulnerability is external attackers (at 65%), sharing data with third parties (48%), employee breaches (35%), wireless computing (35%) and inadequate firewalls (2%).

 

 

• A strategic alliance between EY and Los Alamos National Laboratory will allow EY to offer Los Alamos’ unique behavioural analysis cybersecurity tools to respond and quickly counter attacks. An announcement stated, “The alliance comes at a watershed moment when increasingly sophisticated cyberattacks are inflicting significant economic, social and even political damage to US organisations. The tools developed by Los Alamos and delivered to the private sector exclusively by EY LLP can help counter these threats by detecting them before they do deep and lasting damage". “We are very excited to be working with Los Alamos as part of our overall mission to transition their heritage of national cybersecurity and innovation to the private sector, and arming our clients with the most advanced tools and resources to combat cyber-threats, added the EY Americas Advisory Vice Chair. "This collaborative approach is reflective of our global strategy to help organisations manage cybersecurity better and doing our part to build a better working world.”

 

 

• Cybercrime is costing UK businesses around £2.8bn annually, a report from insurer Allianz Global claimed. The global economy is also feeling the impact to the tune of £289.6bn annually, the insurer added. As a result, the cybersecurity insurance sector is forecast to be worth more than £13bn worldwide by 2025 according to the report, which stated that risks are evolving far beyond privacy issues.

 

 

• Cyber attacks are becoming more "technically sophisticated", often infiltrated onto networks in stages and lying inert before the cyber attackers strike, making them harder to detect, warned security software vendor McAfee. "The majority of security breaches during the past few years have been readily detectable. They were sophisticated in their planning, targeting, stalking, and execution; some were even highly technical or evasive," it claimed, adding that "we have seen a change during the past two years, with a significant increase in the number of technically sophisticated attacks. Many of these have been designed purely to evade advanced defences. They are infiltrating in pieces, hiding in seemingly inert code, and waiting for an unprotected moment to emerge".

 

 

• Historical, political, and societal factors have turned Israel an epicentre of security innovation, attracting companies like Microsoft. In recent months, and especially since the nuclear deal with Iran, there has been a strain between the U.S. and Israel. Despite this, one area where the ties remain close is cybersecurity, with the two parties even cosigning a statement committing continued cooperation on that front last month. A regional power devoted to ensuring its own survival, Israel has burgeoned into a high tech epicentre built around Internet security, anti-virus software, and other cyber defence technologies.

 

 

 

August 2015

 

 

• After recent high profile cyberattacks on businesses around the world, including the Ashley Madison data hack, the US Institute of Internal Auditors urged companies and organisations to take a more holistic view of cybersecurity, by recognising the critical role of internal audit. The institute, along with the Institute of Internal Auditors Research Foundation, published a report called the Internal Audit’s Role in Cyber Preparedness: The Importance of a Holistic Approach. This maintains that organisations must learn to anticipate, withstand, and recover from cyberattacks, and that a key element in this approach is for boards and audit committees to understand the tools and resources available to their organisations when crafting cybersecurity strategies, policies, and protocols.

 

 

• Deloitte and Exelon, a leading US competitive energy provider, announced their collaboration to protect the reliability of the Bulk Electric System with the implementation of the North American Reliability Corporation (NERC) Critical Infrastructure Protection (CIP) Version 5 standards. Cybersecurity is constantly evolving and regulatory requirements periodically adjust to update standards for security measures. The NERC CIP Standards are part of the utility industry's regulatory requirements designed to promote reliability of the Bulk Electric System, and are changing the way utilities address cybersecurity controls.

 

 

• Accenture acquired FusionX, a Washington, DC-based cyber security company that has a fundamentally differentiated approach to cyber attack simulation, threat modelling, cyber investigations and security risk advisory services. The acquisition will further strengthen Accenture’s Security practice and help clients accurately assess their ability to protect against, detect and, where necessary, respond to sophisticated and sustained cyber attacks.

 

 

• Cybercriminals are exploiting publicly available information and weaknesses in corporate email systems to trick small businesses into transferring large sums of money into fraudulent bank accounts, in schemes known as “corporate account takeover” or “business email fraud.” Companies across the globe lost more than $1 billion from October 2013 through June 2015 as a result of such schemes, according to the Federal Bureau of Investigation. The estimates include complaints from businesses in 64 countries, though most come from U.S. firms.

 

 

• PwC announced a strategic partnership with security and systems management expert Tanium which will see the firm offering specialist software to help major companies tackle cyber attacks and insider threats. PwC said it has been working closely with Tanium for two years, making use of the company’s platform which it says gives security and IT operations teams 15-second line of sight and control over every endpoint, even across the largest and most complex global networks. Under the new partnership, PwC will introduce Tanium Accelerators to its cyber security practice, helping organisations with everything from threat intelligence to incident response and remediation to data privacy impact assessments and integration consulting.

 

 

 

July 2015

 

 

• A new paper from Accenture, Business resilience in the face of cyber risk, questioned some 960 C-level executives, and 63% of them indicated that their company was hit by “significant cyber-attacks” on a daily or weekly basis. The vast majority of the executives, however, believed that their firm’s cyber-defence measures were robust enough to cope, with 88% claiming this was the case.

 

 

• The banking industry has poured hundreds of millions of dollars into securing its networks, claimed the Financial Times. They have hired thousands of the brightest tech minds, plucking former intelligence officials from spy agencies and combing the networks of the Chaos Computer Club, Europe’s largest association of hackers, for recruits. Besides the obvious financial incentives for hacking banks, the sophistication of their security makes them a tempting target. The Financial Times interviewed top security officers at some of the world’s largest banks, but none would speak on the record for fear of prompting reprisals from hackers. And yet serious breaches happen.

 

 

• In Why Cybersecurity Is So Difficult to Get Right, Harvard Business Review warned that it now seems like hardly a week goes by without news of a data breach at yet another company. And it seems more and more common for breaches to break records in the amount of information stolen. So HBR tried to answer key questions, for companies trying to secure their data, such as where do should they start and what should they think about?

 

 

• EY US acquired Mycroft, a leading provider of cloud-based identity-as-a-service (IDaaS) and identity and access management (IAM) services. EY says the deal will expand its ability to help clients safeguard corporate assets from the increasing threat of cyberattacks by supporting secure access to critical applications and data. EY will immediately go to market with a cloud-based IDaaS and IAM managed services offering. This US acquisition is the latest in a series of cybersecurity deals by the firm, with $20 million earmarked for EY’s recently-launched Managed Security Operations Center (SOC), a global initiative designed to provide 24/7 tools and support to secure businesses around the world. The Mycroft team will join EY’s global cybersecurity group, which the firm expects to increase by 600% through 2020.

 

 

• Investors are eager to gain exposure to the cyber security industry as they expect it to boom following high-profile attacks, such as the recent data breaches at the US Office of Personal Management, Anthem healthcare and Sony Pictures, according to the Financial Times.

 

 

• Selected recent cybersecurity headlines from our competitors: Consumers rate energy providers higher on data security than energy-consumption advice (Accenture); EY launches first-of-its-kind managed security operations centre; EY and University of Technology, Sydney (UTS) form alliance to tackle financial services issues such as cybercrime, customer retention and risk; Financial services firms to increase risk-management investment during next two years in response to emerging cyber-security and fraud risks (Accenture) and Senior security heads do not trust cyber insurance products (KPMG).

 

 

• China's parliament published a draft cybersecurity law that consolidates Beijing's control over data, with potentially significant consequences for internet service providers and multinational firms doing business in the country. The document strengthens user privacy protection from hackers and data resellers but elevates the government's powers obtain records on and block dissemination of private information deemed illegal under Chinese law. Citing the need "to safeguard national cyberspace sovereignty, security and development," the proposed legislation will allow China to bolster its networks against threats to stability and better regulate the flow of information.

 

 

• PwC US and CSO released the 2015 U.S. State of Cybercrime Survey. The survey revealed that despite a year of highly public and destructive cyberattacks, few organisations’ cybersecurity policies and processes are providing better protection than a year ago. However, this year’s findings show government agencies and corporate board of directors are taking an increased role when it comes to cybersecurity practices. More than 500 executives from U.S. businesses, law enforcement services and government agencies share their views in the survey.

 

 

• Cyber risk is the top concern for UK insurers, followed closely by the global concern of burgeoning regulation. This is according to the annual ‘Banana Skins’ survey of perceived risks to the sector by the Centre for the Study of Financial Innovation and PwC.

 

 

• The latest PwC Central Cluster Master class was run at the end of June, delivering two days of Cyber Security training to 20 directors and senior managers. Some of the highlights include: cyber Security is one of the top three topics in most CIOs agenda; there is huge opportunity in cyberecurity FS across EMEA and globally; it is estimated that the annual cost of cyber crime to the global economy is in excess of $375billion; our largest banks have budgets in excess of 100m € to build their cyber security defence capabilities and 79% of B&CM CEOs see cyber risk as the biggest threat to growth. The session covered the following key topic areas: what is the cybersecurity challenge? security assessment, strategy and transformation programme; identity and access management; threat intelligence, network monitoring & incident response; data protection and privacy and digital channel security.

 

 

 

June 2015

 

 

• Investors have this year pumped more than $1bn into an exchange-traded fund that tracks cyber security stocks as they clamour to bet on a booming industry following high-profile hacks and data heists. The passive investment vehicle, with the appropriate financial ticker HACK, was only launched in November but crossed the $1bn mark in size this month, according to ETF.com, a data provider, as investors ignored its relatively expensive fees and placed bets on the online security industry’s future.

 

 

• Chris Gould was appointed to head EY’s cybercrime group in the UK. Prior to joining EY, Gould led PwC’s Cyber Security practice in Central and Eastern Europe. EY’s Forensic Technology practice was launched in 2008, and has grown to a £30m business with 130 staff. EY expects to nearly triple the size that practice in the next five years to meet client demand. Paul Walker is the lead Partner and Head of Forensic Technology in the UK.

 

 

• Cybersecurity isn’t what it used to be, argued Deloitte. Safeguarding the information of companies and customers used to be the sole concern for those in the IT security profession - but no longer. Now, the user experience must be considered, as well. Digital is poised to pervade every facet of life not only because it makes living easier, but also because it’s fun - by design. Likewise, to do security right, companies have to ask not just whether it works, but if it’s user-friendly - simple to navigate, reliable and pleasurable to use. To get there, cybersecurity professionals might ask what they can learn from other professions.

 

 

• Still in the UK, a Tripwire survey asked which cybersecurity events had had the most impact on the awareness of boards. A security breach came first with 35% - not surprising perhaps - but specific external incidents also seem to have had a major impact.The Heartbleed vulnerability was mentioned by 19% the Sony Pictures and Target breaches by 17% each, and the Snowden leak by 8%.

 

 

• The UK public is increasingly concerned by the threat of cyber-attacks and terrorism to the UK, according to the results of PwC's latest report – Forces for change: the public’s view of defence. We surveyed 2,000 people and found that ten times as many people (65%) think terrorist and non-state groups and cyber-attacks are the biggest threat to the UK – just 6% believe the biggest threat is war with another state.However, the results also show that the armed forces tops the list of the UK’s most trusted institutions.The report found that a majority of people (53%) would like to see the UK’s military strength increase in the next 20 years.

 

 

• EY is investing $20m to create a central Managed Security Operations Centre capable of predicting and mitigating cyber attacks. The five-year investment will provide the facility with several technical upgrades and increase the security team's size six-fold to have upwards of 1,200 skilled IT security professionals. The centre will aim to offer traditional log aggregation and monitoring capabilities, and a "unique integration of commercial off-the-shelf tools" designed to offer "deep insight into a wide range of technologies within customers' networks". EY will also offer customers an advanced security analytics platform "with a client portal to help ensure its team has full visibility of the operation of the managed centre".

 

 

• EY identified a number of key findings about the CFO’s role in managing cybersecurity: threats are increasing in volume and sophistication, and breaches can have multimillion dollar implications; cyber attacks are highly strategic, and increasingly target manipulating shareholder value; 66% of CFOs make cybersecurity a high or very high priority; 35% of CFOs who say that cybersecurity is a “very high priority” report much greater collaboration with the CIO (only 18% of those that don’t make cybersecurity a very high priority report the same increase in collaboration with the CIO).

 

 

• Inside PwC, a team from the Netherlands won the PwC Europe Innovation Challenge with its 'Cyber Business Review' proposition. This found that it is becoming clear that cyber risks have a strategic impact and will never be completely eliminated. Our clients need to protect their crown jewels by combining cyber defences and risk finance solutions. With Aon we provide a unique combination of cyber assurance and insurance expertise. The Cyber Business Review is aimed at CFOs and CEOs and gives insight in cyber defence and insurance maturity, quantification of cyber impact using key (non-)financial indicators, and a roadmap to improve cyber risk mitigation through a combination of “improving” and “insuring”.

 

 

 

May 2015

 

 

• Cybersecurity isn’t what it used to be, Deloitte's global chief information security officer told the Wall Street Journal. Safeguarding the information of companies and customers used to be the sole concern for those in the IT security profession - but no longer. Cybersecurity professionals need to ask what they can learn from other professions.

 

 

• China’s state secrets are set to be more effectively secured with a far-reaching five-year state-run cybersecurity programme, announced against the ever-growing cyber confrontation with the US, The plan is expected to refocus software purchase of the national government agencies and institutions to domestically-developed products. State-owned enterprises, financial institutions and government departments should improve software security, said the director of the ministry's software bureau.

 

 

• Many CIOs across industries struggle to answer questions about cyber risk posed by their executive teams and boards of directors: How likely are we to experience a damaging attack? How effective are our existing risk mitigation measures? If we spend $20 million more on cyber risk mitigation, how much would that reduce our risk? In the interest of helping organisations answer these and other questions, members of the World Economic Forum’s Partnering for Cyber Resilience initiative recently proposed a working model for measuring and quantifying the impact of and exposure to cyber threats. Known as cyber value-at-risk , the model provides a starting point for quantifying risk and attempts to inject more discipline into that process, although it requires further refinement and field testing.

 

 

• According to KPMG, cyber criminals are increasingly focused on information. They will be eyeing what data you have, what it’s worth and how they can extract it. It’s important to understand that mentality so you can better protect against potential attacks. It’s equally important that everyone takes ownership of cyber security. For KPMG, cyber security is not an IT problem. Whilst IT is a key component of any solution, it is a strategic risk issue that should be considered from the board level down. It has to be tackled with a ‘Tone from the Top’ approach.

 

 

• Cybersecurity is the top concern for nearly half of the companies in the global financial services industry (46%), with 80% of respondents from the sector rating it as a top five risk overall, according to the Depository Trust & Clearing Corporation's Systemic Risk Barometer Study. The cybersecurity rating has almost doubled in just one year as security incidents continue to rise across the financial markets and other key industry sectors, with specific respondent feedback citing the growth in the “frequency and sophistication of cyber attacks”.

 

 

• Some 42% small and micro businesses in the UK report having experienced cybercrime, according to a study by the Association of Accounting Technicians. However, the research also revealed that many of those businesses are not taking the precautions they should to protect themselves. Of the respondents affected, 23% had suffered virus infection to their business computers and 22% had been victims of phishing – where sensitive information such as passwords are stolen by someone pretending to be a legitimate organisation.

 

 

• Capgemini asked the question: who exactly is responsible for cybersecurity? Is it government's responsibility in the laws, policies and guidelines it creates? Are businesses in the private sector, which take our credit card and personal details and store them, to be held accountable for both internal breaches and external attacks? Or is it down to us, the consumer, to choose our passwords wisely and keep our information safe? The truth, concluded Capgemini, is that for a security policy to be successful, everyone involved at each stage of an online transaction has to take a certain amount of responsibility and work together to achieve the common goal of protecting society from malicious hackers.

 

 

 

April 2015

 

 

• Accenture analysed three key areas in which "leapfrog companies" excel and explained how to improve a company’s information security stance, read The Cyber Security Leap: From Laggard to Leader.

 

 

• PwC published a new deck capturing telecom sector trends in 2015 and the cyber risks that could potentially emanate from such trends. The implications of these telecom trends and the triggers to telecom security breaches are identified. The deck concludes with respective enablement and opportunities that can be recommended to Telecom clients.

 

• According to EY, cyber criminals have changed and the CFO now needs to approach cybersecurity as they do other major risks.

 

• Cybercrime may now be bigger than the drug trade, and the police do not have enough resources to tackle it, according the City of London police commissioner. Detectives believed that only one in five cybercrimes was reported, and of those only another one in five received a proper response from law  nforcement agencies, Cybercriminals were also becoming more proficient in stealing and extorting money online.

 

• Cybersecurity start-ups raised more than $1bn for the first time in a single quarter as investors bet on them benefiting after several high profile attacks by hackers on large companies. Venture capital firms including Andreessen Horowitz and Kleiner Perkins, as well as VC arms of banks and technology companies, are pouring money into the sector as they anticipate rapid growth in cyber security budgets. Funding for cyber security companies hit $1.02bn in the first quarter, up from $540m for the first three months of last year and almost double the same period of 2014, according to data from private company research firm PrivCo.

 

• A new Financial Times report on cyberseceurity argued that technological advances, rising global tensions and human failings are making it ever more vital to improve cyber security.

 

• Corporations are desperate for support against fast-changing cyber threats but, so far, many feel they must rely on private cyber security companies rather than government or law enforcement. The answer lies not only in technological solutions, which governments often find difficult to implement, but also in people and processes, cyber experts argue throughout a new Financial Times special report.

 

• Deloitte and Verizon Enterprise Solutions announced a strategic alliance to deliver a comprehensive set of security and risk-management solutions to help businesses prepare, respond and recover more efficiently, effectively, and thoroughly when a cyberattack occurs. The Deloitte/Verizon alliance will leverage the strength of Verizon's global computer forensics, incident response, and investigation services in conjunction with the breadth and depth of Deloitte's cyber risk advisory services designed to fortify businesses in the areas of governance, strategy, business operations, risk and compliance, and remediation to deliver an end-to-end incident response experience.

 

• The role of sanctions is expanding to deal with cyber-crime explained that the US is authorising sanctions to penalise individuals, businesses and governments that "engage in malicious cyber-enabled activities"  that undermine U.S. security and financial stability. "Cyber threats pose one of the most serious economic and national security challenges to the United States, and my Administration is pursuing a comprehensive strategy to confront them," President Obama said in a written statement announcing the new sanctions regime.

 

 

 

March 2015

 

• EY published Cybersecurity and the Internet of Things, which found that the number of connected devices in circulation being used for the vast amount of interactions has created further challenges in data privacy, data protection, safety, governance and trust. Taking all of these factors into consideration, EY sees both opportunities and challenges which require close attention and, in particular, the need for a comprehensive strategic approach to cybersecurity. This report highlights why being in a proactive position to anticipate and mitigate cyber threat is one of today’s most important business objectives.

 

• Transforming cybersecurity: New approaches for an evolving threat landscape, which found that cyber attacks on financial services companies are both increasingly diverse - and therefore unpredictable - and are also here to stay. Many of these continue to be driven by financial gain. However, the ranks of attackers have increasingly grown to include others with social or political agendas that seek to destroy systems or create market havoc.

 

• PwC Singapore launched its own new Cyber Security Centre of Excellence. The centre aims to serve the business community both locally and in the region through the provision of research, training and skill development, information sharing, communication, awareness and policy, standards and international cooperation. It will be headed by Vincent Loy, cyber leader, PwC Singapore, whol added that as Singapore moves closer to becoming a Smart Nation, the need for the right talent to ensure that the nation and our systems are well guarded against threats will become a growing imperative. PwC is working to build capabilities that will support businesses as they "go digital", he added.

 

• KPMG Australia will acquire Asia Pacific cyber security technology solutions business, First Point Global, as part of a global strategy to expand the firm’s cyber capabilities.  The announcement marks the fourth cyber acquisition by the KPMG international network in the past five months. First Point Global specialises in identity and access management (IAM). Founding partners John Havers and Jan Zeilinga will join KPMG’s Cyber security leadership team and bring with them 30 professionals - the largest specialist IAM team in the country. The combined team, to be known as KPMG First Point Global, will offer clients a full spectrum of cyber services spanning consulting, systems implementation and ongoing support.

 

• The Financial Times claimed that while the concept of stealing money from a bank used to call up images of armed robbers breaking into a building to raid tills for cash, the reality now is that theft is largely undertaken by sophisticated hackers breaking into the digital channels of banks and their customers. As lenders open more digital routes through which people can bank, hackers have more pathways to target to siphon off money and steal customer data. The threat of cyber crime is pernicious.

 

 

February 2015

 

• In Cyber Security: The Thorn That Can Cripple The IoT. Capgemini argued that, as the Internet of Things continues to grow, internet enabled systems will become an increasingly attractive target for cyber attacks. The IoT is estimated to grow into a $600 billion industry by 2019, however growing security risks could undermine its business opportunities. In a survey conducted by Capgemini Consulting, 71% of the respondents agreed that security concerns will influence customers’ purchase decisions for IoT products.

 

• PwC's TICE group found that while TICE CEOs are optimistic about growth, they share the concern about the looming presence of cybersecurity threats. As we saw with the hack of US health insurer Anthem, these attacks are becoming increasingly sophisticated, and demand equally sophisticated security practices, as well as investment in data protection. In addition to the TICE findings from the CEO Survey, you can explore PwC’s cyber insights in the Entertainment and Media Outlook hot topic article on cybersecurity, the 2015 Global State of Information Security Study, the US State of cybercrime survey, and PwC's Cybersecurity blog.

 

• Kaspersky Lab, the Moscow-based cybersecurity firm, reported that a criminal gang with members from Russia, China and Ukraine had hacked into bank systems in 30 countries and stolen up to US$1 billion. It did not name any of the banks that it says were targeted, and none has come forward to confirm they were robbed.

 

• PwC UK partnered with Lloyd’s syndicate, AEGIS London, to launch the first cyber insurance product, CyberResilience+. CyberResilience+ allows PwC to provide cyber incident response and forensic services to existing insurance policies provided by AEGIS London such as property damage, bodily injury, environmental pollution and cyber terrorism.

 

• Capgemini has introduced a consolidated security service called Cybersecurity Global Service Line, integrating its expertise in cybersecurity. The service line includes 2,500 consultants, ethical hackers, auditors, architects, and R&D specialists from the company, along with its network of five Security Operations Centres and technology partners. The new portfolio is designed to allow organisations to use SMACT technologies (social, mobile, analytics, cloud and internet of things) in a better way and embrace the digital transformation.

 

• How to fight cyber crime is a new presentation from the London Business School.

 

• Security professionals warned businesses not to rely on cyber insurance in the face of increased cyber attacks. The warning came after the head of the largest Lloyd’s of London insurer said cyber attacks are now so dangerous to global businesses that governments should step in to cover the risks. The founder of insurer Catlin Group said cyber security presented the biggest, most systemic risk he has come across in all of the 42 years he has worked in insurance.

 

• When a company’s suppliers get it right, they provide good value and innovation to go with the product or service. When they get it wrong, however, they can become a source of financial and reputational damage - or even a back door for cyber criminals. It is risk to which few boards seem to be alert, according to a partner at Socia, a leadership organisation. But with companies becoming more reliant on third parties to deliver products and services, acquiring that overview is a strategic imperative.

 

• Deloitte opened a national Cyber Intelligence Centre in Australia which will link in with existing centres in the UK, Europe, Canada and the United States. Deloitte now has 17,500 cyber risk service staff globally, with 4,000 in the Asia Pacific. James Nunn-Price, who will lead and establish the Australasian arm of Deloitte’s chain of Cyber Intelligence Centres, established the firm's Cyber Intelligence Centre concept, overseeing its implementation in the UK in 2013. He was responsible for Deloitte’s overall information security, resilience and cyber advisory services to the UK Government. He also personally assisted the London 2012 Olympic Games leadership team with cyber incident response, crisis management and forensics.

 

• Embezzlement, blackmail, teams of undercover agents and the hacking of classified defence secrets are among the war-gaming scenarios being used to attract recruits and tackle the skills shortage in the UK’s cyber security industry, according to the FT. The scenarios, modelled on real incidents in the UK during the past six months, highlight the sensitivity of the issue. The UK is facing a critical shortage of skilled cyber professionals, experts warned, and the deficit is widening. At a government-backed competition organised by PwC, teams of would-be cyber security experts from a range of professions practised coping with an attack on a fictitious FTSE company whose systems had been the subject of a highly sophisticated attack.

 

• Terrorists will soon be able to launch advanced cyberattacks on critical national infrastructure, a leading security figure warned. World governments are “scared” of cyberwarfare and are not yet capable of deflecting cutting-edge hacks, according to Eugene Kaspersky, the founder and chief executive of Kaspersky Lab.

 

January 2015

 

• Executives at some of the world’s largest banks are pressing government officials to pursue cyber criminals more aggressively or let the industry off the leash to fight them directly. The topic shot up the agenda at the World Economic Forum in Davos this year; partly because of a series of high-profile incidents in the past 12 months, including the theft from JPMorgan Chase of data belonging to 75m US households.

 

• The World Economic Forum and its partners have developed a new way for organisations to calculate the impact of cyberthreats. The framework, called “cyber value-at-risk” comes at a time when cyberattacks are increasing in velocity and intensity, and when 90% of companies worldwide recognize they are insufficiently prepared to protect themselves against them. The proposed framework is part of a new report, Partnering for Cyber Resilience: Towards the Quantification of Cyber Threats, which was created in collaboration with Deloitte and with the input of 50 leading organisations from around the world.

 

• According to KPMG's Information Protection & Business Resilience, over the years states have learnt to settle their differences using diplomacy and arbitration. However, the cyber sphere is new and evolving and new approaches to solving disputes will need to be thought through. A question arises as to how these long-established and proven intergovernmental channels could be developed. Ensuring that low level cyber skirmishes do not escalate into full scale attacks on countries infra-structure in this "new global context” raises the question of whether we need a UN “Cyber Security Council”.

 

• According to Forrester, 2014 was a watershed year for cybercrime, and companies of all sizes have noticed. Executives are now placing renewed emphasis on cybersecurity, and budgets are increasing accordingly.Chief information security officers (CISOs) must now apply these additional resources effectively, because there are also requirements to show that new expenditures will create positive results.

 

• KPMG made its third cyber security acquisition in four months  KPMG Finland has acquired 100% of Trusteq Oy, a 45 strong Finnish cybersecurity consulting company specialising in identity and access management services and security transformation projects. The move comes shortly after KPMG’s acquisition of two other security businesses - Qubera, a leading identity and access management consultancy operating in the US and UK, with an offshore capability in India and P3 Consulting, a Frankfurt based security boutique.

 

• PwC's Richard Horne and Chris Potter were part of a panel that presented at the UK's Royal Institution on developments in technology and IT security over the last 20 years and what that means for the future.

 

• The Wall Street Journal warned that companies face an emerging threat: cyberextortionists. Hackers are increasingly stealing data from companies and holding it ransom.

 

• Targeted cyber attacks are up 91%, and over 552 million identities have been exposed via cyber breaches, claimed KPMG, looking at how cyber security attacks are on the rise, what kind of attacks are out there and how financial services, and investment banks in particular, can prevent and prepare for these attacks.

 

• The Economist cautioned that, after a traumatic year of spectacular cyber breaches, including the theft of the details of 83m JPMorgan Chase customers and of 56m credit- and debit-card records from Home Depot, few businesses should need reminding of the importance of computer security - yet working out what to do about these attacks is harder.

 

• A new breed of cyber security company is trying to lay traps to catch hackers and prevent damage, as old ways of preventing attacks are failing.  High-profile attacks on companies show hackers have become master hurdlers, able to jump both the firewalls erected around a corporate network and internal fences. But companies are starting to use new approaches to deceive cyber criminals into attacking fake computers - complete with decoy software and files - to trap them. Hackers will be easy to spot because there is not meant to be any activity on the computers.

 

 

• PwC US has developed “Game of Threats,” an interactive role-playing game for clients that lets players gain experience honing their cyber-defence by participating in scenarios designed to mimic real-world attacks. The game underscores a practice becoming more common in the business world: assessing cyber readiness. PwC hopes the game will raise awareness of cybersecurity across all layers and divisions of a company.

 

 

December 2014

 

• There is a specific type of threat today for which many companies, in the view of the Boston Consulting Group, are significantly underprepared: the risk associated with IT and information management. As digitisation’s role in companies’ operations continues to grow, then, according to Wired  magazine, “Cyberspace is becoming the dominant platform for life in the 21st century” - companies’ vulnerability to data theft, leakage of intellectual property, corporate sabotage, denial-of-service attacks, and the like is growing apace.

 

• Cyberattacks launched through toasters, dishwashers, watches and refrigerators are among the threats information security professionals anticipate as the “internet of things” becomes a reality. Consumers can already buy products that turn their smartphones into increasingly powerful remote controllers and there have already been recorded instances of home appliances being exploited by hackers. Earlier this year, 750,000 spam e-mails were traced back to a “thingnet” of more than 100,000 gadgets that included televisions, home entertainment centres and even at least one refrigerator.

 

• 2014 was a year for revelations about cyber attacks and data breaches at major companies like Sony, JP Morgan Chase , Home Depot and a host of others. But there also have been a lot of incidents at NGOs and government agencies, according to the chief research officer of SecurityScorecard, a US-based firm that analyses clients’ security vulnerabilities.

 

• The UK is particularly at risk when it comes to cybercrime, argued PwC. It is rich, its infrastructure for moving money around is slick, and it is saturated with technology. Over 60% of the population use smartphones. More than 80% of households are connected to the internet. Three-quarters of them shop online. According to PwC, 69% of companies in Britain experienced a cybersecurity incident in the past year, compared with 59% globally.

 

• A report by CloudEntr, which canvassed the opinions of 438 IT pros across 20 plus different industries, found that 77% believe staff members are the weakest link in their security infrastructure, and a liability when it comes to cloud usage. Just over half of those surveyed also said that employee use of cloud-based services had made their organisation less secure – and when questioned about what their foremost worry was when it came to cloud security, 75% said it was the possibility that staff might be unwittingly exposing company data - details.

 

• Cyber attacks on the rise, so are private companies doing enough to protect themselves, asked PwC's Private Company Services (PCS) practice Cybercriminals are increasingly targeting midmarket companies and startups in hopes of easy access. The cost to a business can be high, ranging from financial loss to reputational damage. With heightened awareness, however, private companies can fight back.

 

• PwC France's recently launched X-LoS Cybersecurity Hub brings together the skills of Consulting (including Luxembourg) and Risk Assurance. It addresses the growing need for companies to address cybersecurity, and aims to help them better manage the risks associated with their activities. As part of this initiative, a new lab has been created to enable the team to carry out intrusion tests amongst other things. Some of PwC France's clients have already visited it to witness simulations of cyber attacks.

 

• Cybercriminals are increasingly targeting midmarket companies and startups in hopes of easy access, according to new PwC research. The cost to a business can be high, ranging from financial loss to reputational damage. However, with heightened awareness, private companies can fight back.

 

• EY research found that most organisations (67%) are facing rising threats in their information security risk environment, but over a third (37%) have no real-time insight on cyber risks necessary to combat these threats. EY encourages organisations to embrace cybersecurity as a core competitive capability. This requires keeping the organisation in a constant state of readiness, anticipating where new threats may arise and shedding the “victim” mindset of operating in a perpetual state of anxiety.

 

• Cyber criminals have been discovered hacking more than 100 companies, investment advisers and law firms in search of market-moving information about deals, according to researchers at cyber security company FireEye. The ‘FIN 4’ group uses targeted emails containing malicious links and downloads to get passwords for board level executives and corporate development teams, most of them US-based, as they conduct talks concerning mergers and acquisitions. Up to five organisations per deal have been hacked to build a picture of the chance of a deal’s success.

 

• Businesses in China and Hong Kong face increasing losses from information security breaches, said PwC's Global State of Information Security Survey. Average losses from security incidents increased by 33% this year to US$2.4 million. "While the survey confirms our concerns that the financial impact of detected security incidents is increasing rapidly, many more attacks are either going undetected or unreported," claimed Samuel Sinn, PwC China risk assurance partner.

 

November 2014

 

• In the UK, EY launched a 20-strong team, including accountants, to support businesses pursuing private prosecutions for fraud and economic crime. EY’s head of fraud investigations and disputes, John Smart, said that cases brought by overstretched prosecutors like the Serious Fraud Office can take 4-6 years, while private prosecutions can be much quicker.

 

• In Leading cyber risk management in a smaller, more perilous world: A secure, vigilant, and resilient approach, Deloitte claimed that, by bringing the cyber element into an integrated risk management approach, it is helping clients around the world protect their data, their brands, and their organisation's value. When its member firms’ Security and Privacy practices became Cyber Risk Services in 2014, it was more than a name change, Deloitte claims; it signalled a new dialogue and approach to the problem, distinguished by member firms’ abilities to bring the cyber element and a deep regulatory understanding into an integrated business risk management approach.

 

• In Germany, KPMG acquired cybersecurity firm P3, which specialises in security assessments, mobile and fixed network protection and risk management to financial services clients. The acquisition adds four partners and 100 staff to KPMG's cybersecurity team in Germany, and comes hot on the heels of the firms of Qubera Solutions acquisition.

 

• PwC UK launched an all-encompassing emergency service for businesses under cyber attack called BreachAid. This new global data privacy and protection practice and accompanying website is now available to clients. Our cyber-security and crisis-management experts are often called in by organisations to simulate cyber attacks to help them identify their vulnerabilities and to respond to incidents identified. The new service offers immediate help to organisations globally facing a security issue, including identifying and responding to a breach or leak, crisis management in the event of an incident, tackling the aftermath and handling any legal requirements. We have moved quickly to establish a leading position in the market as we seek to help businesses prepare for new regulation – set to be finalised by the EU in 2015 – which will lead to greater disclosure of security incidents in Europe.

 

• Google, eBay, Facebook, Yahoo! foursquare and Microsoft allegedly want nothing to do with a proposed new EU cybersecurity law. In an open letter to Europe’s telco ministers, CCIA (the Computer & Communications Industry Association) said the proposed Network and Information Security (NIS) Directive should exclude internet enabling services and focus on “truly critical infrastructure”. When the law was first proposed by the European Commission, it included rules for so-called "enablers of information society services" aimed at online giants such as Google, Amazon, Ebay and Skype. However the European Parliament changed the text so that the rules will now apply only to companies that own, operate or provide technology for critical infrastructure facilities.

 

• EY noted that reports in the media regularly illustrate that cyber threats are increasing in their levels of persistence, sophistication and organisation: the damage caused by a cyber attack can severely impact a business. In its new Global Information Security Survey 2014 survey, EY discovered that organisations are making progress on building the foundations of cybersecurity - and this progress is important - however, most respondents report having only a “moderate” level of maturity in their foundations.  When it comes to cybersecurity, clearly there is still a lot to do.

 

• Symantec Corp, a security, storage, backup and software services provider, in alliance with Deloitte, announced a cyber threat vulnerability management service. The integrated offering will pair Symantec's cyber intelligence and information protection technologies with Deloitte's consulting services to help businesses address concerns around cyber security.

 

 

• The European Union vigorously attacked its own networks in what an agency called the “largest and most complex” cybersecurity exercise ever in Europe. The European Union Agency for Network and Information Security (ENISA) organised the event. A forthcoming report will show how well a new set of EU procedures on sharing cyber threat information held up during the test crisis.

 

October 2014

 

• Banks are among a new wave of companies including technology and industrial conglomerates taking stakes in cyber security start-ups in the hope that they could play a key role in the fight against hackers.Corporate venture arms have more than doubled their investment in cyber security in the past two years, according to data from CB Insights, with technology companies such as Google, Intel and Cisco leading the way. But financial services companies – which are being targeted by cyber criminals as can be seen from the recent JPMorgan Chase attack – have also been eager to invest in security start-ups.

 

• The Telegraph warned that cybersecurity attacks could be the next big banking scandal. If over-exuberance and risky lending has been the biggest threat to the sector in the last 10 years, the major worry over the next decade is that customers’ sensitive financial data will be compromised on a wide scale, or that hackers could bring down the financial system.

 

• There are only "around 100" cybercriminal kingpins behind global cybercrime, according to the head of Europol's Cybercrime Centre, who said that law enforcers needed to target the "rather limited group of good programmers. We roughly know who they are. If we can take them out of the equation then the rest will fall down".

 

• KPMG acquired certain assets of Qubera Solutions, a leading privately-held cybersecurity firm that provides identity and access management (IAM) services to large global companies. KPMG says the transaction strengthens the security transformation capabilities of network firms in Cloud Identity Federation, Identity as a Service, Identity Governance and IAM solution implementation. This transaction follows the acquisitions of Cincinnati-based technology-consulting firm Zanett Commercial Solutions, digital and mobile technology firm Cynergy Systems and Link Analytics.

 

• BCG warned that, as value creation becomes increasingly digitised across the corporate landscape, virtually all companies are becoming more vulnerable - and concerns are rising.  Healthcare companies, telecommunications businesses, media companies, public-service organisations, and industrial and consumer goods businesses rich in intellectual property are all increasingly likely targets that have much to lose if their IT systems and information are not sufficiently secure.

 

• Cyber attacks are causing painful headaches for companies large and small. But for one corner of the financial services industry, the electronic intrusions present a business opportunity. Insurers are expecting to write more policies that allow companies to manage the financial fallout when their systems are compromised.

 

• Corporate cyber security budgets are falling despite a huge rise in the number of attacks and an increase in the financial losses they cause, according to a new report from PwC. Global security budgets fell 4% in 2014, compared with the year before, according to the survey of almost 10,000 executives and IT directors. But the number of reported security incidents increased 48% to 42.8m, the equivalent of almost 120,000 attacks a day. PwC estimates the average cost of managing and mitigating breaches rose to $2.7m per incident, over a third more than in 2013.

 

 

September 2014

 

• According to the UK Management Consultancies Association, there is a boom in cyber and digital security: a quarter of all management consultancy in the UK now involves digital work - and firms are redeploying their consultants to meet the demand.

 

• According to the recent Cyber Security - insights from GRP Hot Topic call, PwC now has approximately 1600 cyber specialists working in over 60 labs around the globe. This is a US$250m business globally with ambitions to reach $1bn by 201. Goal is to capture 4% of the addressable market in various aspects of cyber as a global business, through both organic and inorganic growth (eg. acquisitions including technical skillsets, activity around joint business relationships).

 

• In Cyberrisk: What Lessons Have We Learned?, Deloitte noted that cyberattacks at various enterprises have put cybersecurity and the steps companies can take to prevent and mitigate the damage front and centre, and discussed how organisations and boards can broaden their approaches to cybersecurity.

 

• Software security provider McAfee reported that cyber crime is a growth industry with high returns and low risks. The company estimates the likely annual cost to the global economy from cyber crime is more than $400bn, a figure higher than the national income of most countries. Yet governments and businesses tend to underestimate how much risk they face from cyber crime and how quickly this risk can develop.

 

• The latest wave of cyber attacks against US banks highlights the persistent threat facing the global financial sector, as the number of so-called financial Trojans targeting banks more than tripled last year, noted the FT. Cyber security experts have warned of a constant threat of organised cyber criminals on the financial sector after the US Federal Bureau of Investigation and the US secret service announced an inquiry investigating recent cyber attacks against several financial companies including JPMorgan, the largest US bank by assets.

 

 

August 2014

 

• A global watchdog sounded the alarm about the growing danger of cyber attacks on financial markets, warning that companies and regulators around the world need to address the “uneven” response to the threat of online assaults. The chairman of the board of the International Organisation of Securities Commissions (Iosco), predicted that the next big financial shock – or “black swan event” – will come from cyber space, following a succession of attacks on financial players.

 

• According to the FT, the cybersecurity market is now worth an estimated $15bn. It looks set to experience a considerable growth spurt as the rising number of high-profile cyber attacks pushes executives to boost security budgets. Earnings for cybersecurity companies are projected to grow 17 per cent for the next two years. A healthy pipeline of initial public offerings and mergers and acquisitions should also contribute to the growth of the sector.

 

• Deloitte warned that cyber crime is no longer the exclusive domain of computer prodigies. "Crimeware-as-a-service", a term used to describe the many ready-made services available to execute a variety of cyber attacks, has made perpetrating cyber crime easier—and cheaper—than ever. It advises CIOs to assess the threat landscape, understand their adversaries and know their networks.

 

 

July 2014

 

• Cybercrime has emerged as a major threat to businesses across India, with an overwhelming 89% of executives surveyed believing such attacks could hamper not only the financial dealings but also damage the brand value and market reputation, claimed a new KPMG report. Over the past few years, global cybercrime landscape has changed dramatically, with criminals deploying more sophisticated technology and having greater knowledge of cyber security. India has also been a target of such cyber-attacks. According to 'Cybercrime Survey 2014' that covered more than 170 participants from across India, most respondents said cybercrime has emerged as a major threat.

 

• In Cybersecurity and IP theft in China, EY warned that China’s rapid transformation from an agrarian society into an industrialised, high-tech economy created a fertile environment for hackers seeking to steal IP and other types of sensitive corporate data. Many corporations were so focused on growth that they failed to develop adequate controls and safeguards to protect corporate assets and IP against cyber attacks. More companies are putting those controls in place, however, as China’s economy matures.

 

• Deloitte argued that, in a world increasingly driven by digital technologies and information, cyber-threat management is more than just a strategic imperative: it’s a fundamental part of doing business. Yet for many C-suite executives and board members, the concept of cybersecurity remains vague and complex. Although it might be on your strategic agenda, what does it really mean? And what can your organisation do to shore up its defences and protect itself from cyber-threats? A common myth is that cyber-attacks only happen to certain types of organisations, such as high-profile technology businesses. However, the cold, hard truth is that every organisation has valuable data to lose. In fact, the attacks that happen most frequently are completely indiscriminate – using scripted, automated tools that identify and exploit whatever weaknesses they happen to find.

 

• In its Defending the digital frontier special report, The Economist warned that companies, markets and countries are increasingly under attack from cyber-criminals, hacktivists and spies, and that they need to get much better at protecting themselves.

 

• A global survey of 214 senior dealmakers by law firm Freshfields Bruckhaus Deringer found a worryinglevel of complacency toward the assessment of cyber risks during M&A deals. The survey found 90% of respondents said cyber breaches would result in a reduction in deal value, but 78% say cybersecurity isn’t a risk that is currently analysed in-depth or dealt with in deal due diligence. On the bright side, awareness of the threat posed by cyberattacks is growing, with 82% saying the risk of cyberattacks will change deal processes over the next 18 months.

 

June 2014

 

• In 4 Ways CIOs Can Help Fight Financial Crime, Deloitte argued that financial crime may not preoccupy CIOs, but those who pay closer attention may uncover significant financial savings for their companies. Financial crime can cost serious money. Large banks accused of failing to detect and prevent money laundering, for example, have paid anywhere from $160 million to nearly $2 billion in regulatory fines or forfeitures to settle those allegations, according to various media reports. One health care provider paid $1.7 billion in criminal fines, civil restitution, and other fees and penalties after being investigated for health care fraud and paying kickbacks to doctors. Then there are the costs associated with investigating suspected financial wrongdoing and bolstering compliance programs after the fact, both of which can easily enter the millions.

 

• EY's 13th Global Fraud Survey claims to provide new insights into perceived levels of fraud, bribery and corruption across the world and offers recommendations to companies to effectively manage long-standing and emerging risk. The survey shows that the risks businesses are facing are not receding. The incidence of fraud and reported levels of corruption are not declining. Six percent of respondents stated that misstating financial performance is justifiable in order to survive an economic downturn. This is an increase from 5% two years ago, and is driven by responses from emerging markets where, in some jurisdictions, a significantly higher proportion of respondents stated that they could justify such actions: in Singapore, 28% thought misstating performance is justifiable; in India, 24%; and in South Africa, 10%.

 

• Cyber crime costs the global economy about $445 billion every year, with the damage to business from the theft of intellectual property exceeding the $160 billion loss to individuals from hacking, according to research published by the Centre for Strategic and International Studies, which claimed that cyber crime was a growth industry that damaged trade, competitiveness and innovation.  A conservative estimate would be $375 billion in losses, while the maximum could be as much as $575 billion, said the study, sponsored by security software company McAfee.

 

• According to the FT, for the Big Four, cyber security is a potentially lucrative revenue stream. Large firms can charge clients up to tens of millions of dollars for cyber security assignments. For example, EY further strengthened its IT and Cyber Risk practice in May with the appointment of John Milne, the former head of operational resilience at the Bank of England. A few months earlier, PwC poached the former managing director of cyber security at Barclays Bank to be a partner in its own cyber security practice, while KPMG says specialist expertise is needed to tackle four main areas of potential cyber threats. These are: hacktivists, organised crime, company insiders – either intentional or unintentional – and state-sponsored entities.

 

 

May 2014

 

• The hackers are winning, according to a survey of 500 US business executives, law enforcement services and government agencies. The 12th annual survey of cyber crime trends found that online attackers determined to break into computers, steal information and interfere with business are more technologically advanced than those trying to stop them. Three out of four respondents said they had detected a security breach in the past year, and the average number of security intrusions was 135 per organisation, the survey found.

 

• A new study predicted that the cyber security market will grow from $95.60bn in 2014 to $155.74bn by 2019. The major forces driving this market are the rapid adoption of cloud-based services, wireless communication along with strict government mandates and increasing cyber crimes in public utilities industries.

 

• Business2Community examined the growing cybersecurity demands in a globalised network. The world economy does indeed depend heavily on online transactions, and that is the biggest reason why we need top-notch cybersecurity measures in place on a global scale, it claimed.

 

• Booz Allen Hamilton's new CyberTab is an anonymous, free tool that helps information-security and other senior executives understand the damage to companies inflicted by cyber crime and attacks. It will calculate the costs of a specific cyber attack - based on estimates of incident-response and business expenses and of lost sales and customers - and claims to estimate return on prevention.

 

• IBM introduced comprehensive new security software and services to help organisations protect their critical data in an environment where advanced persistent threats, zero day attacks, breaches and the financial impact on an organisation continue to rise. Through pervasive behavioural analytics and deep research expertise, IBM claims it can help organisations stop attackers from exploiting these vulnerabilities.   

 

• According to PwC's Information Security Breaches Survey 2014, for the UK Department for Business, Innovation and Skills (BIS), has found that the number of both small and large businesses to suffer breaches is down compared to 2013. But the costs they’ve caused are almost double. The majority of organisations have stepped up their IT security investments and while they are experiencing fewer breaches overall, the severity and impact of them has increased. The next steps for our Cyber Security team are to help clients to mitigate against this. The average cost of an organisations’ worst breach has risen significantly for the third consecutive year. For small organisations costs are between £65,000 and £115,000 on average and for large organisations between £600,000 and £1.15 million.

 

 

• Monadnock Research published its Cybersecurity Consulting Practice Leadership Quadrants, where the consulting and advisory practices of 59 leading firms have been analysed and the results presented. Cybersecurity services within the scope of this analysis included organisation-level and operational security strategy; fraud prevention, and risk mitigation and management; governance, standards and compliance; assessment, breach mitigation and cyber defence; identity authentication, malware detection, software woe development; and support of information assets across on-prem and cloud environments, hardware and software infrastructure, and business application portfolio.

 

 

April 2014

 

• A new FT report (which also cites PwC) found that, as many of the world’s largest companies are beginning to realise, the threat to their margins, their brands and even their continued existence from cyber attacks is no longer an abstract risk they can ignore. Indeed, safeguarding the interests of the business community has become a critical national security issue for some of the West’s biggest powers.

 

• The potential for a global cyber catastrophe was also examined in the FT. With Systemically Important Technology Enterprises (SITES) so deeply embedded in business productivity that they pose a serious risk to the overall economy, the article questioned whether greater diversity of data architectures should be explored to reduce that risk - details.

 

• The UK government launched its Computer Emergency Response Team (CERT-UK), with the aim of bolstering the UK's defences against cyber threats ranging from hackers to state-sponsored attacks. The body will deal with "cybersecurity incidents" of national significance. It will also provide advice and alerts on cyber-threats to government, industry and academia - see details.

 

 

March 2014

 

• The increasing frequency, sophistication and business impact of cyber-attacks have pushed cybersecurity planning and protection from an operational concern of IT departments to a key theme on the strategic agenda of senior leaders. Some key findings of Bain’s recent “” report: The median per-organisation cost of cybercrime jumped 56% to $5.9 million in 2011 over 2010, the most recent data available; Web-based attacks during the same period increased to 4,500 per day, a 36% increase; Mobile malware quadrupled in 2013, with Android attacks increasing exponentially by an 26 times; Distributed denial of service (DDoS) attacks increased 27%; and Financial motives now drive nearly 95% of cyber-attacks,  targeting strategic assets that can be quickly monetised after a breach, according to Bain.

 

• PwC's own Global Economic Crime Survey 2014l ooked at the causes and  effects of fraud worldwide, the most common types of economic crime, and the impact fraud is having on business processes, reputation and integrity. Overall, this year's survey shows economic crime is persistent and that organisations need to be vigilant and proactive when fighting fraud. Visit the microsite for a detailed look at the findings, business leaders' views on economic crime, and an archive of past surveys.

 

• Google acquired start-up Spider.io as part of its initiative to stamp out fraud in online advertising.  Spider.io has exposed several high profile scams within the past year and posted detailed accounts of the activities on its website. Among these was the identification of the infamous Chameleon bot, which is estimated to have generated more than 9m false advert impressions each month across more than 200 websites - more details.

 

• Further related links in March 2014:

 

• Financial services sector attracts most cyber crime, says PwC study
• Can your brain get you convicted of a crime? Not yet.
• Cybercriminals Are Coming For Your "Medical Identity"
• Economic crime on the rise worldwide
• A New Radar Scanner Can Detect 3D-Printed Guns
• New Plane-Based Surveillance System Sees Practically Everything
• NYPD Test Driving Google Glass To Fight Crime on the Streets
• Reflections in the eye contain identifiable faces

 

February 2014

 

• PwC's own Global Economic Crime Survey 2014 looked at the causes and effects of fraud worldwide, the most common types of economic crime, and the impact fraud is having on business processes, reputation and integrity. Overall, this year's survey shows economic crime is persistent and that organisations need to be vigilant and proactive when fighting fraud. Visit the microsite for a detailed look at the findings, business leaders' views on economic crime, and an archive of past surveys.

 

• PwC's Forensic Services discussed the implications for clients of our latest report into how the fraud landscape has changed, in a webcast. If you’re interested in finding out what our respondents said in The changing face of fraud and what it means for organisations in the UK, you can watch the webcast here. The report, part of the Global Economic Crime Survey 2014, reflects the changes in economic crime over the last few years, the major trends we’ve identified from the 372 respondents in the UK, and comparisons against the opinions of over 5,000 global respondents. If you’d like to read the report and take a more in-depth look at the findings please go to www.pwc.co.uk/crimesurvey.

 

• The extent of corruption in Europe is "breathtaking" and it costs the EU economy at least 120bn euros annually, the European Commission said. EU Home Affairs Commissioner Cecilia Malmstroem presented a full report on the problem. She said the true cost of corruption was "probably much higher" than 120bn. Three-quarters of Europeans surveyed for the Commission study said that corruption was widespread, and more than half said the level had increased.

 

• Audit committee members are becoming increasingly concerned by cyber threats but the quality of information they receive has declined over the last year, according to a new survey by KPMG. Globally, 45% of respondents did not feel that their committee devoted enough agenda time to the issue. But this rose to nearly six in 10 (58%) in the UK.

 

 

January 2014

 

• InHow good is your cyberincident-response plan?, McKinsey warned that many organisations must face a troubling fact: defending their digital perimeter is not enough. They should assume that successful cyberattacks will occur- and develop an effective plan to mitigate the impact.

 

• PwC US and Ridge-Schmidt Cyber LLC, announced the signing of a new agreement to help leaders in business and government navigate the increasing demands of cybersecurity. The strategic relationship with Ridge-Schmidt Cyber enables us to leverage our collective experience and cyber capabilities, working together, around the world, to better understand, adapt and respond to enterprise risks and complex cyber challenges that are a reality in today’s business environment.

 

 

November 2013

 

• Nearly half of business executives lack sufficient resources and critical skills to implement enterprise fraud and misuse management in their organisations, despite the competitive advantage that a fraud risk management program can provide, according to a new Deloitte survey.Enterprise fraud and misuse management, or EFM, involves the use of analytical technology and services to address fraud at a company-wide level. Survey results from a poll of nearly 1,900 business executives by Deloitte indicate that nearly one-half of executive respondents (47 %) are adopting or evaluating an enterprise view of fraud managemen

 

• An elite battalion of largely twentysomething experts are on the front line of corporate cyber defence, reported the FT. Somewhere deep within PwC’s More London office, a projection flickers on the whitewashed wall of a meeting room. Its uniform multicoloured dots form an image that would not look out of place on one of Damien Hirst’s production lines. But this is not art; it is science.

 

• Cybersecurity has moved from operations to a concern of the C-suite and the board, EY found. EY divided cyberattackers into three buckets: Nation states looking to steal intellectual property, organised crime, sometimes with backing by some other entity, and 'hacktivists' aiming to disrupt an organisation often on behalf of a cause.

 

• UK banks took part in a simulation to test their cyber security. Richard Horne, a PwC UK Cyber Security partner who recently joined us from Barclays, was interviewed by the BBC and quoted widely in the press. We featured in The FT, The Times and Reuters and in trade/regional press such as Computer Weekly, SC magazine and the Irish Examiner. Commenting on this exercise puts us, and our Cyber Security practice, in a great position with the media on what is a Tier 1 national security threat.

 

• What are the responsibilities of the modern state in providing cybersecurity for individuals, organisations and itself? How can cybersecurity priorities be matched to user needs in a given national context? Oxford Analytica hosted an expert panel and reception to answer these questions and launch the report Hierarchy of Cybersecurity Needs: Developing national priorities in a connected world in partnership with Microsoft.

 

 

October 2013

 

• For the seventh year running, the EIU, commissioned by Kroll, surveyed senior executives from around the world across a wide variety of sectors and functions. This year’s 901 respondents report that fraud remains a widespread problem regardless of the industry or region in which their businesses operate. It is also as protean, and hence unpredictable, as ever. The results of our 2013 report reveal a number of key insights: 1. The incidence and costs of fraud rose markedly in the past year, in turn driving up companies’ sense of vulnerability. 2. Information-related fraud is common and evolving, but many companies are not prepared if things go wrong. 3. Fraud remains an inside job, but so does its discovery. 4. Global business practices often increase fraud exposure. 5. Those with local knowledge see fraud risks everywhere.

 

• Cyber security is just one of the areas that the world has yet to take sufficiently seriously, argued Pascal Lamy. It is one of the themes considered by the Oxford Martin Commission for Future Generations – together with climate change, economic inequality and chronic disease – as needing particular attention and addressed in its new report, Now for the Long Term.

 

• Risk Angles: Five questions on the evolution of cyber security, Deloitte argued that, while cyber security used to be considered an issue primarily for the IT team, these days it is an agenda item for the entire C-Suite. What’s changed? It’s not just the frequency of media reports on cyber security breaches -  if anything, these are merely symptomatic of a larger shift underway. Cyber crime is fuelled by increasingly sophisticated technologies along with relatively new trends in mobility usage, social media and rapidly expanding connectivity - all in the hands of more organised online criminal networks.

 

• In How good is your cyberincident-response plan?, McKinsey warned that many organisations must face a troubling fact: defending their digital perimeter is not enough. They should assume that successful cyberattacks will occur- and develop an effective plan to mitigate the impact.

 

• PwC US and Ridge-Schmidt Cyber LLC, announced the signing of a new agreement to help leaders in business and government navigate the increasing demands of cybersecurity. The strategic relationship with Ridge-Schmidt Cyber enables us to leverage our collective experience and cyber capabilities, working together, around the world, to better understand, adapt and respond to enterprise risks and complex cyber challenges that are a reality in today’s business environment.

 

September 2013

 

• PwC joined the World Economic Forum's Partnering for Cyber Resilience, an initiative to promote a coordinated approach to managing the risks and opportunities. “In the hyper connected digital age, cyber risk and resilience is a fundamental issue facing the global economy. We are committed to supporting these global principles which will contribute to global economic stability and prosperity by helping businesses better manage the risk of ever increasing threats to their data," said PwC global chairman Dennis Nally.

 

• Security incidents detected at companies globally rose 25% in the past 12 months, but many are defending future threats with yesterday's strategies, says PwC's Global State of Information Security Survey 2014. Despite a rise in security spending, firms have been outpaced by their adversaries, the report found. Said PwC Advisory Principal Mark Lobel, "It is essential that executives actively re-evaluate and update their security strategies and practices on a continual basis to keep pace with today's threat actors."

 

• Demand for advice on issues such as cyber security has led to professional services firm EY's latest recruitment drive. In the UK, EY is looking to hire 2,400 experienced people in the next 12 months to meet growing demand from its clients for advisory services. It will also hire 700 graduates, 500 undergraduates and 150 school leavers.

 

• Global operations of companies often involve complex layers of business partnerships in countries around the world. Companies that strive for sustainability already know very well that most of their operations’ impact happens in these supply and distribution chains, often in countries far removed from the corporate headquarters. That is true when it comes to environmental and labour standards but it is equally true in the area of fighting corruption.In today’s world, value chains – i.e. networks of suppliers, distributors, and other business partners – often stretch across countries with varied legal structures, enforcement mechanisms, and business cultures.

 

 

July 2013

 

• Thousands of companies worldwide plan to update systems and policies that act as their first line of defence against fraud and other hidden risks. The action will follow a sweeping overhaul of the most widely used guidelines for those safeguards. The new guidelines, which many companies expect to adopt by the end of next year, are for internal controls which the US government has required  at public companies for the past decade.

 

• Malicious cyberattacks increasingly are aimed at core infrastructure of the securities markets and could present risks to the entire financial system, according an International Organisation of Securities Commissions report. It warns that cybercrime has become significantly more sophisticated and more challenging to defend. Hackers now focus on destabilising attacks, particularly at financial exchanges, with the aim of damaging public websites and online services.

 

• Around half of the world's securities exchanges were the target of cyber-attacks last year, according to a paper based on a survey of 46 exchanges. The prevalence of attacks along with the interconnected nature of the markets creates the potential for widespread impact, said the joint staff working paper by the International Organisation of Securities Commissions' research department and the World Federation of Exchanges Office.

 

• Transparency International published its 2013 Corruption Barometer, which reports the findings of a survey of 114,000 people in 107 countries on their interactions with corruption, the institutions and sectors they see as most corrupt, and their perceptions on whether they have a role in combating corruption. The report captures a number of trends, including the view that corruption is worsening across many sectors; it also calls for governments to strengthen their accountability platforms and enhance standards for procurement and public financial management. This year’s survey found that 27% of people report having paid a bribe in the past year, nearly the same percentage as in the 2010/2011 report (26%). This indicates that more than a quarter of people surveyed have been touched by bribery.

 

• In a special report, the FT warned that cyber security is a dominant feature of the global political agenda, with the focus having changed from weapons of mass destruction to a “credible threat of cyber attack capability”. Industrial-scale theft of intellectual property has undermined competition and strained relations between China and the west. Meanwhile, security experts have made the humbling admission that the sophistication and evolution of the attacks are outpacing the defence.