No Shortcuts to Effective Cyber Security
Since 2004, October has been celebrated as Cyber security Awareness Month. In honour of this, we'll be setting out a series of blog posts on this important topic, together with a couple of real-life case studies about North West businesses that almost fell victim to sophisticated cyber attacks.
First, though, we'll look at a common misconception: that new developments in the field of artificial intelligence (AI) will magically solve all the world's IT security challenges. A lot has been written about the potential of AI to thwart certain forms of attack but - as with so much else in life - there's no substitute for good planning and management.
This was a view emphasised at a recent security conference, where Daryl Pereira head of cyber security practice and partner at KPMG Singapore was a key speaker. He cited recent research that found that almost 90% of directors believed AI-related advances could be enough to shore up their information security defences, but he described that outlook as 'overly optimistic'.
At AMP, we'd certainly agree with that. We'll shortly be publishing a case study about a company that was subject to a clever impersonation attack. Because this was aimed at human fallibility, the attack bypassed the company's IT security measures altogether. There are cases where it's human behaviour that creates the hole in your defences and even the most sophisticated AI systems won't ensure your safety. True information security depends to a great extent on staff awareness, and a knowledge of how to operate safely in a digital world.
To help clients recognise this important dimension of their cyber security strategy, we'll soon be launching security awareness training in which we'll work with business owners to show where a lack of awareness may be creating cyber security loopholes. But more of that in a future post.
Until then, it's worth reiterating a point made by Pereira: that while AI can identify issues and anomalies that humans might easily miss, that same AI technology is also available to cyber criminals, so it's far from being a one-sided fight. Hackers devote considerable time and ingenuity to their attacks, and with AI as part of their toolkit, they will be able to 'learn' vulnerabilities, just as defensive AI systems learn to spot vulnerabilities. In short, what we are seeing is a kind of cyber security arms race and, thus, there may never come a time when businesses can afford to take their eye off the ball.
People are at the heart of business and, given the increasingly sophisticated ways in which cyber attacks are now being launched, it's vital that all IT users are educated and that organisations find ways to stay informed about the latest threats. Attacks are becoming more targeted and those who don't understand how things like social engineering and 'spear phishing' work could easily fall victim to them.
The first step towards achieving meaningful information security is to ensure that business owners and senior managers understand the risks and where they originate. Thus armed, senior managers can then make better informed decisions about training, procedures and, where necessary, investment in additional cyber security measures.
This isn't a point that can be sugar-coated: cyber threats are real and they can be extremely damaging. Staying abreast of the risks can be a daunting challenge but, of course, that needn't all be done in-house. At AMP, we're ready to help. We can help you develop effective IT security strategies, to identify vulnerabilities, to train your people and to educate your senior management employees as a first line defence against cyber attacks.
For more information or advice about any aspect of IT security, please contact us.