This page contains a Flash digital edition of a book.
C


Inf rm


yber security presents a major challenge for businesses of all


shapes and sizes. Leaders ignore it at their peril.


As the Commissioner of the City of London Police and Chief Executive of an 1100-strong workforce, I am wrestling on a daily basis with a host of conflicting priorities, threats and opportunities. Society and business are moving at such a fast pace that success or failure is inevitably dependent on the ability of organisations and those that run them to adapt and change, more than their ability to conform to established norms.


However, the need to balance risk against threat and opportunity remains a constant. At board level we look for reassurance through a combination of professional advice and established information, whether that is rules and regulations, best practice or the competition.


Cyber security creates a conundrum, as there are so little of the established norms to draw upon. We therefore naturally lean back on what we know in terms of processes and structures. Yet there is a risk in simply allocating the task and responsibility and allowing ourselves to become reassured that all that needs to be done is being done.


This is one of those areas where the corporate hairs on the back of your neck should stand up causing you to ask a lot more questions.


Cyber to most of us means the Internet. Growth opportunities are about maximising the use of IT and the Internet to create more profitable business; therefore risk mitigation in terms of cyber security must be about shoring up our IT infrastructure, or so we assume. Of course protecting against malware intrusion is clearly a key component, but the risk is far greater and needs a more holistic approach centred on the culture of an organisation and its approach to information security.


Clearly the threat is very real, as highlighted by the recent 2013 PricewaterhouseCoopers (PwC) survey of Information Security conducted on


2 © CI TY S ECURI TY MAGAZ INE – SUMME R 2014


The new commodity of choice for the virtual thief


by Adrian Leppard, QPM Commissioner – City of London Police


behalf of the UK Government’s Department of Business, Innovation and Skills. This identified that:


87% of SMEs and 93% of large corporates had experienced an information security breach in the last year, with losses of each incident averaging between £50k for SMEs and £500k for large corporates.


Scary figures, which unfortunately correlate with the assessment that cyber crime is costing the UK some £27 billion annually and the McAfee sponsored study for the Centre of Strategic Analysis earlier this year, which put global losses between $300 billion and $1 trillion.


The scale and nature of the threat we face is diverse and growing, and unfortunately, as criminals learn their new trade, becoming ever more sophisticated. The cyber threat over the last 12 months is already more refined than two to three years ago. I’m afraid that is the nature of criminality and with society and businesses increasingly going ‘online’, the threat we face increases also.


City of London Police hosts the UK's National Fraud Intelligence Bureau, gathering reports of crime and intelligence. More than 70% of reports concerning fraud that we now receive indicate that the crime has been enabled through use of the Internet.


In addition to disseminating reports and helping shape the UK threat assessment, City of London Police, with the help of our industry partners, is using this information proactively to protect our community. Each month we close down more than two thousand websites, bank accounts and


telephone accounts used by fraudsters. This is saving UK businesses more than £200m a year.


We also host our own investigations teams working with other agency partners, investigating fraud ranging from corruption and insider trading, and we actively support the new Economic Crime Command of the UK National Crime Agency. Dealing with the cyber threat is a clear priority of the UK Government supported in the form of policy and new investment. Through our work with the National Crime Agency and other partners at home and abroad, we are increasingly gaining a better understanding of the threat and successfully targeting the people responsible both in the UK and overseas. But it’s not enough.


What we see is a growing problem comprising more sophisticated international organised crime groups targeting individuals and businesses in the UK.


So, what can businesses do to protect themselves?


For that we need to better understand what is happening with these security breaches and cyber attacks. Whilst some of this might fall within the many different collective expressions of cyber, the reality is that a proportion of these criminal losses are simply old-fashioned fraud using emails and online forms in place of documentary processes. What is more interesting is to understand how the wider use of the Internet in society and the manner in which data is stored electronically is enabling the fraudulent access to personal information and how this is then being accessed, stolen and used by criminal groups.


Page 1  |  Page 2  |  Page 3  |  Page 4  |  Page 5  |  Page 6  |  Page 7  |  Page 8  |  Page 9  |  Page 10  |  Page 11  |  Page 12  |  Page 13  |  Page 14  |  Page 15  |  Page 16  |  Page 17  |  Page 18  |  Page 19  |  Page 20  |  Page 21  |  Page 22  |  Page 23  |  Page 24  |  Page 25  |  Page 26  |  Page 27  |  Page 28  |  Page 29  |  Page 30  |  Page 31  |  Page 32  |  Page 33  |  Page 34  |  Page 35  |  Page 36  |  Page 37  |  Page 38  |  Page 39  |  Page 40