Joseph Stokes, Group Head of Cyber Security and IT Governance, Telesure Investment Holdings
Joseph Stokes, Group Head of Cyber Security and IT Governance, Telesure Investment Holdings
Perhaps it’s important to set the scene with some interesting and up-to-date statistics to reposition us in light of the current state of cyber risks facing the world today. According to forecasts, ransomware alone will be worth $1 billion by 2018, with global losses of $20 billion by 2021, and current projections suggest that number will reach 250,000 within the next 10 years. One hundred million U.S. dollars.
Cybercrime and its threat actors have evolved from individuals to groups and syndicates, and now into an entire industry and economy with the emergence of ransomware as a service (RaaS) and the popularity of initial access brokerage.
Today, the opportunity to make money from cybercrime is as simple as buying access through a brokerage, subscribing to a RaaS platform and targeting targets, with the service provider taking a small cut of the ransom.
The financial services industry has become one of the three target industries, rich in the most valuable commodity in the world today – data.
Fintech and financial services companies have realized that if they do not continue to focus on driving digital transformation and data-driven decision-making, they are destined to be left behind. As the digital footprint increases in the form of cloud technologies, SaaS, APIs, and various third-party and vendor interconnections; organizations’ exposure increases exponentially due to a common misconception that the cloud is inherently secure, but often without realizing it at this point. This may partly explain why the top causes of security breaches in the cloud are caused by simple misconfigurations caused by inherent trust in services that are designed to protect them.
The impact of such attacks and breaches cannot be underestimated, particularly in terms of reputational damage and loss of consumer confidence, not to mention the financial impact of recovery and remediation efforts, subsequent fines, and ensuing class action lawsuits .
“Data and digital transformation are the ticket to the game and should be treated as such. Protecting digital assets and the IT environment in which they reside should be a top priority, not as an afterthought, but as a principle, a strategic imperative within which an organization operates.”
Today’s market is more competitive than ever, and today’s consumers are more discerning and more inclined to align themselves with organizations on a personal and ethical level than they were just a few years ago. There is a strong public voice via social media. Protests and calls for boycotts have become the norm today. Of course, this puts a lot of pressure on organizations to get it right, as many losers are held up as role models, and often for good reason – most organizations simply don’t take them as seriously as they should Treat cybersecurity and technology risks.
This is the opportunity data and digital transformation are the ticket to the game and should be treated as such. Protecting digital assets and the IT environment in which they reside should be a top priority, not an afterthought, but a principle and strategic imperative within the organization’s operations. This means that cyber security should not be viewed as an IT issue but as a business opportunity, with representation and inclusion at board and policy levels.
Businesses and industries around the world are on tight budgets, but technology is only becoming more ubiquitous and complex, and making security an afterthought is unlikely to have any meaningful effect.
Perhaps it is more prudent to view information security, governance, risk and compliance costs not as resentment expenses, but as strategic investments in building a future business that is accountable, reliable and resilient. If companies can show that they take cybersecurity (and consumer data privacy) seriously, because customer trust is a top priority, they will have a unique competitive advantage in the market going forward. We are almost certain that tomorrow’s consumers will be pickier and more discerning than today, and will certainly have more choice.
It is also important that organizations build on resilience capabilities, not just security, as part of their digital transformation journey. It’s not a question of if, but when something significant will happen. When this happens, how will the business bounce back quickly and efficiently and be ready for the next try, while still ensuring appropriate service to customers and acceptable levels of business operations?
Now is the time to embrace the benefits of cyber resilience as a competitive advantage, rather than shying away from it and doing the bare minimum as a compliance checkbox exercise. The more resilient an organization is, the better its chances of surviving a digital and data-driven future, and trusting consumers not to expose themselves to risks they never imagined.
2 Comments
Your article helped me a lot, is there any more related content? Thanks!
Thank you for your sharing. I am worried that I lack creative ideas. It is your article that makes me full of hope. Thank you. But, I have a question, can you help me?