Barriers between countries and people have come down. We can now effortlessly talk to overseas colleagues, friends or family members via videoconferencing, use crowdsourced language translations via the internet or create a simple game app which achieves over 2 billion downloads – an industry in its own right. Almost anything is possible.
"Just as criminals move quickly to take advantage of the ever-evolving reach of digital, organisations must enhance their response."
Steve Glynn, Guy Boyd and Damian McMeekin, Global head of information security, Global head of financial crime and Head of group security at ANZ.
This technology has enabled so much positive change to our lives but there have been unintended consequences. Raw footage is uploaded to social media faster than news agencies can report. Rumour is now often circulated before facts and messages lost.
For business, just as we use technology to easily connect within and between organisations, criminals do too. The frequency and types of this cybercrime are numerous. So how can we adapt, respond and maintain trust in the new digital world?
We know from recent examples like Silk Road that cyber-criminal enterprise is big business and that key to this business is social connectivity. Social media can connect malware developers to criminal 'clients' and enable the criminal to learn about their target organisation through employee posts.
Criminals are now just as connected and technology-enabled as organisations are and in some cases have more to gain. Is it a risk we need to be worried about? And if it is, what can organisations do?
In 2014, the New York Times devoted more than 700 articles related to data breaches after publishing fewer than 125 the previous year. Our recent BlueNotes disruption special looked at the increasing prominence of cybercrime and concluded that this is more than just an increasing trend.
Cyber-enabled crimes are the new reality and organisations need to adapt accordingly.
So how do organisations typically experience cyber-attacks? Mandiant, cyber security experts, indicate that 95 per cent of all successful data breaches (a form of cyber-attack) are a result of phishing emails.
These fake, malicious emails are not new and yet the success of this very common technique continues. Consider this for a moment, who questions an email from a law enforcement agency stating that you have been fined for speeding - “Click here to download your speeding fine"?
Would you click on the link? What if you were in a rush, checking emails between meetings on your mobile device?
Unfortunately, research shows that a large percentage of employees in a typical organisation will open a phishing link. It only takes one employee to put an organisation at risk.
With criminals becoming increasingly tech-savvy, it is possible to attack a large number of potential victims with minimal outlay or technical ability.
This shift has also been observed when you look at the fraud statistics recently published by the Australian Payments Clearing Association. In 2014, aligned with global trends, Australia has seen an increase in “card not present" fraud (online, phone and or by mail) now costing the banking industry $299.5 million per year.
More and more criminal enterprises are launching targeted fraud campaigns against new technologies.
Examples of email hijacking, where corporations are tricked into paying fake instead of legitimate suppliers using fabricated email instructions further show the sophistication of criminals. Criminals are improving their efficiency and scale.
Given all this, how do organisations adapt, respond and maintain trust? Just as criminals move quickly to take advantage of the ever-evolving and expanding reach of digital, organisations must enhance speed and flexibility in both their risk-management strategies and incident-management responses.
Organisations must not only be innovative and timely in their take up of new technology and digital product offerings but must also ensure they educate their customers, staff and business partners in the risks associated with technology.
Increased partnerships and information-sharing across private and public organisations and industry groups is crucial to promote further awareness and facilitate trust.
The motivation to commit crimes haven't really changed people still want money, power and notoriety but the tools to achieve these aims have shifted and we need to adapt our thinking and respond accordingly. It's an opportunity to look for new ways to build and maintain trust in a digital world.
Steve Glynn is global head of information security, Guy Boyd is global head of financial crime and Damian McMeekin head of group security at ANZ.
The views and opinions expressed in this communication are those of the author and may not necessarily state or reflect those of ANZ.
01 Jul 2015
02 Jul 2015
02 Jul 2015