Cyber Crime – The Scale of The Problem

This is the first in a series of cyber-crime and cyber security blogs by Gary Peace, CEO and founder of ESID Consulting.

Cyber-crime and cyber security are intrinsically linked. The term “cyber” is now used daily by anybody with something to say about the risks and threats of doing anything online.

However, the term is just adding a gloss to an already existing problem faced by business and consumers. That problem is simply one of ‘crime’. It’s nothing but old-fashioned theft, criminal damage, and fraud. It’s just that its being committed with the aid of or over computer networks.

So, what is the scale of the problem?

The scale of the problem should not be taken lightly. It’s big and getting bigger. According to insurer Hiscox, its up in 2019 by 40% in the UK and the costs of it are increasing.

 “One of the most striking figures to emerge is the mean cost of the largest single incident. A year ago, this came out at $34,000. This year, there has been a near six-fold increase – to a fraction under $200,000. For companies in every size bracket the cost of the biggest incident is now likely to be anything from 3 to18 times what it was only a year ago.” Hiscox Cyber Readiness Report 2019 

Why is it getting worse?

Since we’ve all moved online, the checks and balances that existed in a manual, physical and hierarchical environment of 25 years ago now no longer exist.

Back then, if we wanted a file from HR or finance, we had to get up from our desks, go and find the ‘gatekeeper’ to that information and then persuade them (or not) that our request was a valid one and that we were authorised to have access to it. And only from that point onwards were we given access to it.

Today, the physical, personal and knowledge-based safeguards (the gatekeeper) are gone. All we do now is click into a folder from our desktop or mobile device and we get access to the information previously locked away. If things have been set up correctly and the governance systems are in place, then there won’t be any issues. However, our own employees are telling us that this is not the case!

Organisations do not understand the value of information and employee surveys have repeatedly shown that neither do their employees:

  • Over half of employees don’t understand the consequence of company information loss.
  • Half of employees have access to information that they themselves don’t think they should have.
  • Lack of understanding is also apparent in the boardroom too, where the value of data is poorly understood.
  • Senior managers do not see the threat.

Security Culture

As demonstrated within survey results there is lack of a security culture within organisations, with security all too often seen as an inconvenience as opposed to a benefit. There is also too much focus on technology and over-reliance on an already overstretched IT department.

What’s more worrying is that when surveyed UK employees stated the following:

  • 35% would sell your intellectual property for the right price.
  • 18% would sell information for £1,000.
  • 29% would sell your company information the £10,000.

The Solution

The solution can be found in more joined up thinking between HR, Security and IT, to improve what can be very fragmented reporting processes.

Without clear lines of communication, risks, threats and security issues will not be recognised and incidents will not be dealt with holistically.

Above all else employee awareness and education is imperative in the battle against organised crime.

The author, Gary Peace is the CEO & Founder of ESID Consulting, specialising in Insider Threat, Cyber / Information Security. For 18 years Gary worked as a Police Officer within New Scotland Yard and the Metropolitan Police. He is a former Head of Digital Forensics at the Competition & Markets Authority. Gary currently serves as a County Councillor and is also Vice Chair of Governors at The Island Free School on the Isle of Wight.

Email: garypeace@esid.co.uk Tel 07973 333 106 Website www.esid.co.uk

Is it time for Health and Social Care to be taking Cyber-Security more seriously?

by Gary Peace –  CEO & Founder of ESID Consulting

The National Cyber Security Strategy’s vision is that “the UK is secure and resilient to cyber threats, prosperous and confident in the digital world”.

The recently published progress report by the NAO has profound implications, and the impact on the Health and Care sectors could be significant.

Cyber Security is a major challenge for government. The risk of cyber-attack is increasing and the UK, with one of the world’s most internet-enabled economies is more vulnerable than most to the threat from hostile countries, criminal gangs and individuals. With over 4 in 10 businesses experiencing a cyber security breach or attack in the last 12 months.

To read this interesting and informative article in full please click here.