Cyber security

Our Head of Information Technology, Sanjay Sood, explores how identity management is playing a crucial role in protecting firm and client data.

It is not hyperbole to say that the Covid-19 quarantine era is one of the most stressful and uncertain times in recent history.

To take advantage of emerging trends in both technology and cyberspace, businesses need to manage risks in ways beyond those traditionally handled by the information security function, since innovative attacks will most certainly impact both business reputation and shareholder value.

Ransomware creates a nightmare scenario for every business it targets. It results in lost access to critical systems and data, prolonged downtime, lost productivity, and lost profits.

What we continue to see is that no one is immune. There is no real pattern to the types of organisations being attacked, however clearly the larger high-profile brands are the ones that receive the most publicity.

The world is moving on quickly. Smart devices and social media are intertwined, leaving users, homes, healthcare, financial, manufacturing and other industries vulnerable, hackable and easy targets to be taken down and/or held for ransom.

Increased cybercrime on middle market businesses as a result of digital transformation

In today’s fast-changing digitally led economy, most businesses are currently going through some form of digital transformation either to improve their offering or to streamline their operations, with many already seeing the benefits of financial investments made. The Catch-22 is that with this increased use of technology and collection of personal data, the need for protection increases. But not all businesses are actively protecting themselves against cybercrime.

Business leaders feel a lack of confidence in their ability to protect their businesses and a sense of inevitability and resignation to an attack, with many believing hackers will always outwit preventative software.

There is a gap in senior management’s engagement and prioritisation of cybersecurity that needs to be addressed, with lack of discussion around the risks at board level and ambiguity over who is responsible for cybersecurity in the organisation.

The GDPR is identified as the key driver to businesses taking the first steps in cybersecurity and the legislation is justifiably seen as a champion in this space, but there have been some unintended consequences.

Correctly, most businesses see human error as the core area of vulnerability with targeted attacks on staff via phishing, whaling and ransomware attacks being the most sensitive touchpoint, so what can be done to educate employees?

Having a culture which encourages staff to report data breaches is key to ensuring that the real scale of the threat can be determined, and so that root cause analysis can be undertaken to help prevent future attacks.

An industry shift around cyber risks, threats and breaches is needed and transparency is at its heart. Here are RSM’s top tips to help make cybersecurity a priority.

Almost half (46%) of successful attacks target under-trained employees 75% of attacks never become public knowledge despite GDPR breach notification requirements 62% believe hackers are more sophisticated than security software developers

Here are some simple things that businesses can do to mitigate the risk of a cyber attack: Breach readiness preparation It is important to get your incident response capabilities prepared for the ‘when’, not ‘if’. Governance Ensure that the cybersecurity strategy and organisation is in place

Personal data is valuable on the ‘black market’ but is also sold legitimately. Obtaining data such as contact details and personal details helps companies market their products to the right people.

How damaging is the KRACK Wi-Fi attack and can it simply be patched with software updates? RSM’s Cyber expert, Michael Shatter (National Director, Security and Privacy Risk Services) catches up with Daimon Geopfert, National Leader of Security and Privacy (RSM US) to discuss the issue further. 

Mind the KRACK - How the KRACK Wi-Fi exploit highlights the core vulnerabilities of the internet. KRACK (Key Reinstallation AttaCK) is a severe replay attack on the Wi-Fi Protected Access protocol that secures Wi-Fi connections and targets the third step in a four-

The Icarus effect: tackling cybercrime complacency Do you know what a cyberattack looks like? Is your organisation prepared to defend itself?

You will have noticed significant media coverage of an outbreak of ransomware globally which impacted 10,000 organisations in over 150 countries including Britain’s National Health Service and automaker Renault.

Most key business processes are now automated and built on technology. Consequently, disruptions from a cyberattack can lead to significant lost sales and productivity, recovery costs and reputational harm. Accounting for business interruption costs is almost as important as mitigating the breach itself, especially as exposure is only expected to increase in the future.

Middle market businesses are often at risk of the same scams and cyber attacks that affect individuals, and should take steps to protect themselves. The cost of a security breach can be huge, not to mention the reputational damage a high-profile breach can cause.

When it comes to information technology security, no company or industry is immune to unauthorised access to its data. Yet when it comes to their own companies, many manufacturers feel it unlikely that their data will be a target of any breach attempts. 

Instances of Internet fraud and other data related crimes have been increasing dramatically and becoming progressively sophisticated. Cyber-attacks on organisations via security loopholes and un-patched servers have increased over 80 percent in the last two years as intruders look for industry or identity data theft.

Every organisation and every business is now reliant on technology. Therefore cyber security cannot be considered a risk in isolation or something IT ‘will deal with’, it must be considered a business risk and the board must be aware of, and actively pursuing, cyber risks. It also must be understood that cyber threats aren’t a discrete problem to be solved, rather, they’re a complex risk that need to be managed.

No technology topic is hotter in the private club industry than cyber security. Articles, conference and chapter meeting education sessions, vendor presentations–all are addressing the topic from a variety of angles. The purpose of this article is to lay out the four elements of cyber security that should concern your club. 

The current atmosphere is challenging for financial institutions, as increasing regulatory demands and the rising costs of doing business are making profitability more difficult. As your institution begins the budgeting process, your IT framework will likely come under scrutiny, as properly leveraging technology can help you become more efficient while providing necessary security measures.

Cyber crimes are growing on a global scale and the leisure and hospitality sector is not immune to this. There are particular, and very real threats to consider. Large customer databases and high transaction volumes present across the sector make data particularly attractive to criminals.

Data breaches and information security are critical concerns for organisations and individuals as attack methods become more diverse and widespread. While media reports typically only illustrate the dangers at large companies, small breaches are more frequent and cause the most damage. In fact, family offices are at an acute risk; with information from high-net-worth individuals extremely valuable to criminals, security measures may require a closer look.

The rise in advance persistent threats puts a spotlight on the vulnerability of the IT systems at many financial institutions—and intensifies the need to implement more robust security procedures to protect institutional assets.