 "Greatest Cyber Risk Driven By Remote Network Access: Deloitte Poll")
More than 40 percent of executives polled by Deloitte believe remote Internet access to corporate systems, embedded malware in computers, applications and devices, and little visibility into the security protocols of suppliers and business units are the greatest cyber risks today. The executives were polled recently during the Deloitte webcast, ‘Combating Cyber-Threats from the Underground Economy: A View from the Front Lines’.
“Cyber attacks today are not only about identity theft, but about stealing information behind companies’ firewalls,” said Mark White, Principal, Deloitte Consulting LLP and the webcast moderator. “An entire underground economy has been built for the purpose of stealing, packaging, and reselling electronic information. Never before in history has the threat landscape been as deeply penetrated or more rapidly evolving. Never before have nations, corporations or individuals been more electronically exploited.”
Richard Baich, a Principal in Deloitte & Touche LLP’s Security & Privacy practice and a webcast presenter, noted that security programs need to be strengthened as it has become increasingly evident that criminals with advanced cyber skills continuously invent new and insidious ways to perpetrate criminal acts. “The cyber crime landscape has evolved into a set of highly-specialised criminal products and services that are able to target specific organisations, regions, and customer profiles by using a sophisticated set of malware exploits and anonymisation systems, which routinely evade present-day security controls,” said Baich.
Baich also stated that cyber criminals are now able to target specific individuals within an organisation, such as a payroll clerk, and misuse that role to steal information for direct monetary gain. Nation-states are also able to recruit and leverage cyber criminal resources to target organisations or other nations for the purposes of espionage, monetary gain, or to gain military advantage.
“This leaves executives asking what they can do to quickly identify and contain malware and then protect their data. This is after they already spent a good deal of money on traditional protection programs,” said Baich. “Companies should consider establishing cyber threat intelligence programs as well as leveraging existing technology and architecture investments to help detect and prevent these problems.”
“Data is more valuable than money. Once money is spent it is gone. Data can be re-used and can give you the ability to access online banking applications, use credit cards and penetrate firewalls over and over. A famous bank robber from the 1900s was asked why he robbed banks. He said ‘because that is where the money is.’ Cyber criminals today go to where the data is, because it allows them to access money. Executives need to develop cyber programs to stay ahead of criminals and stop old cat and mouse games,” added Baich.
Other polling results included:
• Only 2.8 percent of the participants indicated they did not need a type of cyber threat intelligence or detection program.
• 62.2 percent of respondents did not know how their organisation understands what data is leaving the company’s network, though 14.1 percent did confirm that their organisations were using a data loss prevention solution.
• 41.4 percent reported that they did not know how their organisations found compromised devices inside of their network.
• More than a quarter (27.4 percent) indicated their organisations rely on some type of antivirus and intrusion detection system.
Peter Makohon, Senior Manager, Deloitte & Touche LLP and a webcast presenter, told participants that “cyber crime may already be in their neighbourhoods” and cited the following issues facing executives:
• Current signature-based information security controls are not effective against sophisticated cyber threats and exploits, which are evolving at a phenomenal rate.
• Companies lack the automated systems and skilled analysts to rapidly analyse, identify, contain, analyse, and remediate compromised devices.
• Information provided by various cyber intelligence sources is often outdated and high level; therefore, companies cannot take effective counter-actions based on that information alone.
• Organisations lack expertise, resources, technology, and process capabilities for taking timely action on these near real-time cyber threats.
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
 "Israel targets top Hamas leaders in Doha; Qatar, Iran condemn strike as violation of sovereignty")
 "Nepal: Oli to continue until new PM is sworn in, nation on edge as all branches of govt torched")
 "Who is CP Radhakrishnan, India's next vice-president?")
 "Israel informed US ahead of strikes on Hamas leaders in Doha, says White House")
