Tuesday, 13 December 2011
PWC Report on Cybercrime. Personal Reflections
PWC has recently launched its research Cybercrime: protecting against the growing threat
This is a wide ranging study into the causes, reactions and responses to cybercrimes. Having overcome the normal issue of finding an appropriate definition of Cybercrime it outlines a number of interesting points that will be of concern, and more importantly value, to Business and Public sector alike
Some initial surprises include that respondents fear the reputational damage as much as the financial damage, probably reflecting how sensitive everyone is to adverse comment or being seen to fail.
The paucity of a review function within an organisation and appropriate methods of control is surprising. Clearly outlining a need of the CEO to get a grip, the report focuses on a range of ideas to keep any organisation in a state of better safety (complete safety is probably not possible in today’s globally connected digital world)
Of immediate concern was the number of executives who could not state whether their organisation had suffered a loss or an attack.
Some simple comments such as “advancements in technology make it easier to commit cybercrimes” litter the document.
Creating a balance between the Risks, Harm and Threat is clearly much easier if there is an adequate supply of quality
The report suggests that planning for known threats including having, for example, an agreed approach to investigation and media would be of serious value
What was surprising was the impact of attacks on staff morale which was at 28% a high score as collateral damage. This is not something that seems to be covered elsewhere to a large extent.
In terms of who causes these attacks or crimes, the preponderance of ex or current customers, vendors and agents is clear. Look inwards before you look outwards is probably the message
The report shows an interesting change in the detection methods used, from audit to intelligence led proactivity. In other words, don’t rely just on simple audit processes to reveal attacks or concerns, link it to existing active investigation.
In summary a very useful addition to the Cybercrime agenda
I would personally add the value of greater Social Media monitoring and seeking feedback. Perhaps having a clear compass for what is acceptable and what is not (see my comments on the Police Code of Conduct)
I would also support the creation of a Company/Organisation/Force-wide Cyber Security Board headed by a senior executive to cover all aspects of digital connectivity. This works well in Cumbria
Remember as well that the risk is not just digital. Written documents can equally be subject to “offensive activity” or loss/ Social engineering should also be a major issue for future plans.
Finally in the light of other documents hitting the headlines I have not been paid, invited or rewarded for this piece by anyone, including the authors. I do, however, value their contribution to cyber-safety
Labels: cybercrime police pwc
Popular Posts in last 7 Days
Ransomware Seminar 19th May 09.30-11.30 Ransomware is now one of the biggest threats to industry, charities, health and citizens. Fin...
The company Wethersoons seems to have been hit by the next in a long series of hacks. See http://www.computerweekly.com/news/4500260119/Wet...
The guy behind the swim is Najib Belhadi Here is his swimming CV http://openwaterpedia.com/index.php?title=Nejib_Belhedi A remarkable and...
I am helping Leeds University with a business Cybercrime Survey go to www.bit.do/cybersurvey to complete it or use the QR code. Many tha...
Last week I had the pleasure to visit Franconia, Bavaria and Berlin. A week of museums music and magic. Beautiful sights, churches buildings...
So Saturday was the Big March. Anywhere between 300 and 500,000 peaceful protesters protesting. All magnificently managed by the Met suppo...
Yesterday I cycled around the Isle of Man, not for any charity or other worthwhile endeveour but as some might say "for t'beans&quo...
The Apple FBI saga The disagreement over Apple and the FBI has become a microcosm of the world of cyber and digital crime. Warrant...
Many people are told when they call the police to report a fraud, especially a cyber based one that they should call ActionFraud or report ...
An issue for us and many others is how you offer guidance to staff about their use of social media. Should we create a new set of rules to c...