To celebrate iQ3’s recent accomplishment of receiving ISO 27001 Security Certification and becoming an accreddited Level 1 PCI DSS Service Provider, Thursday 21st March marked the launch of our 2019 Executive Roundable Series, Security by Design – Building Data Protection into the Foundation of your Organisation.We kicked off the series at Cafe Sydney, followed by Cha Cha Char in Brisbane the following week. IT Executives gathered to discuss the future of cyber security and explore different strategies to approach organisational security. The conversation was lead by Cyber Security Expert, Brian Hay, who allowed the guests to hear his extensive experiences, which have enabled him to take a broader and more holistic view of cyber security.
Speed is Competition
With 37 years in law enforcement, Brian Hay has a strong passion for justice which has developed his expertise in cyber-security. He believes that rather than viewing cybercrime as a technology problem, it should be viewed as a problem with organised crime. The enemy is not technology – people are initiating the threat, and other people are suffering the consequences. Technology is merely the latest tool used by organised crime groups to achieve their two goals – make money and avoid detection. Conference attendees agreed they were seeking strategies to maintain control of their cybersecurity while staying ahead of any potential crisis.
“Know your enemy”
According to Brian, we need to treat cybercrime like a war, and the art of war is to “know your enemy.” Cybercrime represents the largest aggregated effort of organised crime that the world has ever seen, yet the crimes are rarely reported.
One of the strengths of organised cybercrime groups is their anonymity and invisible nature. They tend to launch their attacks on companies or individuals in another country so that even if the potential threat is foiled, it is difficult for law enforcement to follow through by identifying and arresting the criminals.
No target is too small
Another cybercrime strategy is to operate in a pyramid structure, targeting individuals as well as companies. According to research, 99% of attacks focus on individuals using strategies such as ransomware. The criminals will research beforehand to establish how much the individual target can pay, and the victim will generally pay the ransom rather than face the embarrassment of pressing charges. Other approaches can be sophisticated in their apparent lack of sophistication, leading targeted victims to unwittingly compromise their own security.
Strengthen your front line
The security of your industry relies on your ability to evolve. Empower your team with information and motivation so you can create a strong front line against organised crime in cyber space. Your team is not limited to your own workmates and IT department – combine forces with other companies to build a proactive ecosystem of shared knowledge and strategies. Make the challenge personal and relevant to every member of your team so everyone remains alert and vigilant. By sharing meaningful intelligence, the ecosystem can develop strategies and techniques to protect data and privacy, for companies and individuals.
Like any innovative technological advancement, the investment and utilization of the Internet has rapidly outpaced our ability to regulate it. Cyber-criminals operate anonymously on an international scale yet we have not yet developed adequate tools for fighting them through law enforcement. So our next step, as we develop and strengthen our ecosystem, is to develop a regulatory framework that will protect companies and individuals alike.
Published by Kirsten Ehrlich Davies
1 April, 2019
If you would like to attend one of iQ3’s future roundtable events, please register your interest and a member of the team will be in touch.