Cyber Crime can ruin your business and a potential bankruptcy can ruin your access to financial inclusion! Here is what BIIA contributing editor Alfred Rolington has to say about protecting SME businesses:
Synopsis
We are at the beginning of an electronic revolution that like earlier industrial revolutions will substantially alter and change our society, the way we live, our engagement with others and this one will alter us as individuals.
This revolution is a significant development and integration of digital, physical and biological systems which will change our individual, national and global electronics, which has been called a Cyber Innovation or Web 0.3, but is probably best described as the 4th Industrial Revolution.
This transformation will completely alter the way we live and experience life and it will happen far faster than previous industrial revolutions.
This new electronic revolution is developing by employing emerging computing technologies such as cognitive electronics and using advanced analysis, nanotechnology, biotechnology, and quantum computing to develop everything from new methods of commercial production, to specific recognition and robotic bio-technology.
This process will alter everything from enhance human brain thinking to automated avionics and robotics and this process will change all types of jobs within education, business, policing, the military and government.
By connecting even more billions of people using mobile devices, electronic connections, storage capability, information accessibility and processing power this revolution will substantially increase the size of the interconnected the world.
This interconnected world of cyber offers enormous opportunities to gain understanding, insightful data, commercial expansion and government interconnection. All of which can seriously improve an individual’s knowledge, jobs and potential. Perhaps more importantly this revolution is already positively and negatively altering our geo-politics and macro-economic development.
The benefits that arise from these relatively recent electronic developments, such as cloud and cognitive computing, are beginning to become enormously influential. However, cyberspace also includes hacker criminal threats, and the growing arena of cyber-warfare.
The potential for engaging with and countering cyber-crime comes in many new unique ways, one of which is Automated Content Recognition technologies. These can extract visual data from thousands of information streams. It can do this simultaneously and use new algorithms that can search these cloud-based indexes in seconds. This produces a specific relevant answer within seconds something that would have taken hours and probably days using a human analysts production process.
Some of the latest AI techniques allow users to identify specific moments or in-video elements with extreme accuracy. Whether it is facial recognition for national security purposes or tracking products to monitor ad spends, this technology has for instance the power to revolutionise how a range of industries use video to effect business and sometimes to monitor potential cyber-crime.
Everyone from governments, commercial organisations and you as individuals all need new understanding, strategies and specific tactics using Cyber’s outlook and potential. This requires a change in perspective, continued research and changes to working methods employing the relevant technology that projects into the new interconnected global future. It is very important that individuals, commerce, police forces, the military and all other aspects of government create and continually review an electronic cyber strategy ensuring that this is used in their tactics on the ground. The results will be far more effective, precise and relevant than can be achieved using traditional methodologies.
Each strategy should incorporate the different areas of electronic relevance to government, commerce and individuals that offer real opportunities for globally connected future progress, while ensuring that capable security is implemented and continually up-dated.
This 4th Revolution employs deep data analysis with interconnections and links to Bio-technology, Artificial Intelligence, robotics and the Internet of Things which will significantly alter us as humans and the places we work and live.
When used well these processes ensure our security, as well as significantly improving the broader issues of global and national macro-economics, intelligence, law enforcement and geo-politics.
When misused by criminals and cyber warfare activists this transformation has the potential for catastrophic outcomes – this book aims to reduce these potentials by informing and engaging with every reader to ensure that our positive potential and security is focused to build a very secure and opportunistic potential for the 4th Industrial Revolution.
Current Situation
This new expanding area known as CyberSpace can be visualised as a vital electronic layer, similar to a nervous system running through many national and international sectors and systems. The electronic arena offers us ways to understand and communicate with different communities, commercial activities and to have global conversations allowing us opportunities to change activities and to alter what we, as individuals understand, and the organisations we work for and with, will become in the future.
Cyberspace has already transformed many areas of an organisation’s operational and commercial engagement. It is evolving from a technical and often complex ecosystem, into a range of global and tactical actions, and has now broadened into a strategic systems planning requirement.
From an individual’s view point these systems, if used well, offer an enormous amount of connectivity, data sharing and analysis that can really expand their views on the governance, intellectual progress and potential for work specialisation and productivity going forward.
These cyber systems and their engagement require far more management and employee understanding and this involvement cannot be left just to technologists. Individuals, politicians and business employees and management must engage and understand the strategic plans, commercial opportunities and security implications.
The very nature of the Internet creates global collaboration that is changing the way in which we view social connections and national borders. Now the modern globalised society is increasingly dependent on an array of organised and sometimes randomly interrelated electronic infrastructures.
Many organisations see Cyber as a growing intellectually connected strategic and tactical policy network that has current and evolving opinion, news analysis and opportunities, but with significant security issues that can be used to steal and monitor an individual’s and an organisational data.
Networks leave “exhaust” data, which relates to the activities and transactions of network traders and collaborators, which in turn tells us forensically much about what happened with the data’s use. We are unable to trap and reutilise this in the physical world. But in the cyber world we can. This is the powerful data that makes networks more efficient, individuals, customers better served, companies more knowledgeable. It is also a huge source of insecurity, and we have tended to trade off these disadvantages against the upside but we should do so no more.
The process now requires thoughtful planning, tactical implementations and far more electronic security and thoughtful analysis and potential opportunity understanding than it did even a few years ago.
The changes that this technology brought to individual analysis processes has been incredibly significant, however the revolution will really occur once the digital cyber inter-connectivity is fully employed.
All of these issues need to be understood and engaged with at an individual through to a senior management level and this certainly includes those who are not necessarily completely engaged with IT issues as aspects of this change will affect all individuals, their social engagement as well as their working and national life no matter what type of work, research or social life they are part of.
From a strategic and tactical point of view you should imagine that all or even some of your company’s confidential information becoming released into public knowledge. How would your customers, clients and employees, react?
This type of overwhelming information release would compromise the reliability of your entire business and all current and future opportunities. As organisations of all sizes increase their dependency on information technology, potential technology breaches increase.
Most large commercial organisations have actively included cyber risk management into their business strategy and within these businesses there is a wider understanding and awareness of the need for an inclusive and holistic cyber security threats analysis.
Cyber systems damage, failure from hacking or malware attacks can take down an organisation’s operations and ruin its relationships with clients and customers and have sever public relations and media coverage.
However, unlike large organisations, small and medium-sized enterprises (SMEs) generally do not regard cyber risk as a strategic component in their business model despite the fact that cyber risk for SMEs is a real and growing phenomenon.
These attacks affect the confidence of suppliers and employees in the current and future business operations. Large organisations have, in most cases, now included cyber security into their management planning. However, unlike the larger examples most SME’s – Small and Medium Sized Enterprises have not clearly understood or analyised their own cyber risks.
Unfortunately, cyber, as a risk is not reducing, in fact it is a growing invasion of all areas of commerce, non-profit, charity and government sectors.
SME’s make-up over 99% of the UK economy and are unsually defined as each having less than 500 employees – many with much less. SME’s have not adequately understood the risks, security issues and implications, or in fact the commercial opportunities that cyber analysis and discussion makes available for current business activity and future strategies.
We suggest that CyberSecurity teams are created that includes the CIO/IT Director must regularly report about Cyber directly to the main board of organisations, for them to fully understand and engage with the expanding Cyber security implications, threats and opportunities.
From an operations perspective we propose that independent teams should be used to review and randomly check security processes, procedures and data and market opportunities on an irregular and regular basis.
The security teams would be similar in concept to the Annual Financial Audits that are now legally required by most organisations. The Cyber Security Audits team would be independent of the IT department and its day-to-day operations. It should act as an independent Audit Team on an irregular basis throughout the year and frequently report back to senior management on changes to security and current and future Cyber plans and the team should produce current Cyber Security Audit Reports.
In the world of SME most have not clearly understood the risks, security implications and are often unaware of current cyer attacks on their own business information or attacks on their commercial sector.
They do not train staff to recognise phishing emails and their management tends to think that the whole issue is an IT problem or a Cloud provider issue.
Also the senior management often think that they have reduced the problem by using cyber insurance however effective cyber insurance for most SME’s does not currently exist and less than four percent of SME’s have effective cyber insurance cover whereas over half larger corporates have very effective insurance cover.
Conclusions
Cyber must be put on the agenda of Board Meetings of SME’s and should be discussed and training and analysis implemented across the organisation as an on-going activity.
GDPR will begin to focus some attention but the Board must be made aware of the risks that this legislation highlights for their organisation.
Most businesses require a Chief Information Security Officer (CISO) either on the Board or directly reporting to it.
In the near future GDPR has a darker side for most organisations which is called Subject Access Requests (SAR’s) where the general public can ask an organisation what recorded information it has about the individual. If enough of these requests come together this could flood and take down an organisation’s ability to adequately respond and they will break the GDPR law.
Finally, if your organisation is still using unencrypted USB devices to store EU people’s data then article 32 and 34 of GDPR make it clear that data has to be encrypted to ensure compliance and to avoid expensive fines.
Courtesy of Alfred Rolington – Cyber Security Intelligence and GDPR Advisory Board
