The technology evolution of the early 1990s gave rise to the designation of a CIO being created. It’s not that before the development of the designated post, the responsibility was not carried out with the same importance, but technology and IT was gaining such momentum and cyber crimes were rising; it prompted other C level executives to give due importance to a post that represented the business’s IT estate through the eyes and ears of a subject matter expert.
CIOs of organizations have had their work cut out for them ever since the coinage of their designation. They have been at the forefront of implementing cyber security laws and practices that are in the interest of the business and their customers.
With a Juniper Research report estimating the total cost of cybercrimes to reach $2.1 trillion by 2019, CIOs cannot risk dropping the ball as regards to the security and safety of their businesses’ IT estates are concerned.
CIOs of organizations have filed petitions and are strongly crusading the cause of better and more vigilant cyber security laws. Despite the thorough implementation of the existing cyber laws and security practices, cyber criminals have found loopholes in the systems and have managed to raise the total cost of data breach from $3.52 million in 2014 to $3.79 million in 2015. 2016 too has seen its share of infamous cyber attacks across the globe.
Infamous cases of cyber security breaches in 2016
Accounts of more than 20,000 Tesco Bank customers were breached and money was stolen from them in November 2016 in the UK, causing the organization to stop all of its online operations for the time being. The bank went on record to say that the capital lost due to this breach would be borne by the bank.
Adrian Davis, Managing director for EMEA said, “Business leaders have not realized just how much their organizations have changed in the digital age and how this is leaving them vulnerable.”
The Financial Industry Regulatory Authority (FINRA) asked Lincoln Financial Securities Corp. (LFS) to pay up a $650,000 fine earlier this week. Hackers attacked a cloud based server of LFS and stole confidential information, which included Social Security Numbers, of over 5400 customers in 2012. FINRA also strongly advised the company to implement stringent cyber security protocols.
3.2 million Debit cards that were being used in the Indian economy were compromised in late October this year. Several users reported unauthorized usage that was traced back to China to their respective banks and financial institutions. A report by The Economic Times predicts that nearly 26 lakh cards have to be replaced. However, the most alarming fact is that it took the banks and financial organizations a long time to trace back and identify the cyber breach.
Promising uncompromised security
Organizations are making every effort to ensure that the highest data security is provided to their customers. Further to that, organizations are asking their customers to bear some of the burden of higher security measures by adding further layers of security to the existing protocols. This is causing the quality of digital experiences to fall. A McKinsey survey goes on to highlight that a customer has to deal with an average of 14 passwords; which means with the added security layers, businesses are adding to the complexity of the authentification process.
Another McKinsey report (image below) records that business leaders are aware of the impact that technological developments could have on their business. Cyber security is being labeled as the biggest concern for leading firms across the globe. Some businesses believe that cyber security is likely to have a negative impact on business, while others disagree by saying that cyber security will lead to positive business impacts.
The report claims that 33% of Indian executives believe that cyber security will have a positive effect on their business and the economy at large.
5 cyber law and practices that will pique your interest
To understand the effects of cyber security it is prudent to be abreast with some unconventional practices and cyber security laws that are prevalent across the globe. Here are 5 cyber security practices and laws that will pique your interest.
According to the latest edition of the Bugcrowd report issued in June, 2016 it’s not the tech companies that are enthusiastic about launching a bug bounty program, but businesses from the retail, finance and banking industries that are running them. Social Media giant, Facebook has a very active bug bounty program through which they have already paid over $1 million to researchers in over 51 countries.
The Cybersecurity Act of 2015 encourages the private sector and the US government to collaborate with each other to curb the cyber security threats.
2.The Queen’s Verdict
In May 2015, owing to the growing concerns of cyber security and cyber terrorism, the Queen announced that the most egregious digital criminals – ones that cause significant damage to people’s lives or national security will be handed the life sentence. According to a report by Forbes, Nigeria had reworded its cyber security law to make it more comprehensible. The report said, ‘any attack on critical national infrastructure that causes a death will be punished by hanging’.
3.Safeguard one’s well-being
A SANS Institute report of February 2014 recorded that 94% of health care organizations have been the victim of a cyber attack. Medical devices and infrastructure that are connected through the Internet of Things (IoT) are subject to attacks. In order to protect such devices, there have been various standards that have been set-up and are being maintained to ensure the safety and security of patients and medical facilities. The Health Exchange Security and Transparency Act is the latest addition made to the set of laws that cover cyber attacks in the field of healthcare and medicine.
4.A new high in the dark
The Economist has reported over $50 million worth of transactions being traded in the Dark Net Markets through Bitcoins. However, a report by The Indian Express goes onto highlighting the efforts made by The Narcotics Control Bureau to curb such activities in India. The NCB successfully interdicted two such groups who were trying to operate in the country.
On November 7, China announced a new version of cyber security laws that cover data localization, surveillance, and authentic details requirements. Users will have to reveal their real identity to use messaging services, and businesses have to adhere to practices of mandatory in-country storage. China has taken this bold move despite discouragement from its global advisors.
In an interview with The Guardian, Rogier Creemers, a researcher in the law and governance of China at Leiden University in the Netherlands said “China’s government has come to recognize that cyberspace immediately and profoundly impacts on many if not all aspects of national security”.
Organizations need to continuously reassess the cyber threats and vulnerabilities and re-align their cyber security practices accordingly. Security compliance and ease of use need to work in tandem with each other. The negative sentiments of businesses with respect to cyber laws need to change. Cyber laws are almost a means to an end, which we are all after, a safe and secure environment to operate and function in.
From time to time, SensorsTechForum features guest articles by cyber security and infosec leaders and enthusiasts such as this post. The opinions expressed in these guest posts, however, are entirely those of the contributing author, and may not reflect those of SensorsTechForum.