Cyber crime is on the rise, and each year, attacks escalate in terms of severity, frequency and impact. Preventative tools and measures are proving ineffective weapons in the war against cyber crime, and many businesses have neither the knowledge nor the resources to fight skilled and sophisticated adversaries.
Alongside the increase in attacks, technological changes continue to disrupt how businesses compete and create value in ways that change their operating models. Trends such as big data and data analytics, digitisation and the blurring of boundaries between service offerings across industries, are also creating more and more risk.
These and other issues illustrate why cyber security risks have become critical for leaders across the private and public sector, says Junaid Amra, associate director of PwC Cyber Security and Incident Response.
During the ITWeb Security Summit 2016, to be held at Vodacom World from 16 to 20 May, Amra will deliver an overview into the global state of cyber crime, using stats from the PwC Global State of Info Security Survey 2016 as well as the Global Economic Crime Survey 2016.
Amra says the surveys will give insight into people's perceptions on aspects of cyber crime as well as some hard data surrounding the issues. "We will also bring in practical experience from assisting clients with implementing IT governance, security and conducting digital forensic investigations."
Speaking of key themes from the Global Economic Crime Survey in terms of Cybercrime, he says the report revealed that cyber crime is not based on geographic location, and it permeates across all industries - no industry is safe. "Moreover, it is no longer limited to financial risk alone, and executive / board awareness and action in this space is still lacking."
In terms of SA specific statistics, Amra says 32% of SA organisations say that they have been victims of cyber crime. "Fifty-seven percent of those surveyed believe that they will be victims within the next two years, and only 34% of first responder teams said they have adequate training."
During his presentation, Amra will not only discuss the stats but will also provide some practical examples of how these factors influence things on the ground. For example, he says we are seeing first responder teams still heavily weighted towards IT staff and IT security professionals - digital forensic investigators are lacking and are included in only 28% of teams.
"How this plays out is that attackers are remaining longer on networks because our teams are primarily focused on bringing systems online and not giving sufficient attention to rooting out attackers."
In the Security Survey PwC found that most organisations (91%) had aligned to good practice frameworks but in spite of this we still see large scale breaches. "The take away here is that we require common sense in implementing this and are at this point putting a lot in place for compliance purposes."
Amra will offer real-world examples where basic security 101 type of controls are not properly implemented at organisations and thereby causing breaches. In addition, based on investigations he has been involved in, he will touch on the interrelationship between IT Governance and organisations who have been breached.
Share