Is it too late to turn back the rising tide of cyber crime?

Have we missed the boat when it comes to tackling cyber crime? Davey Winder tries to find out...

security attacks

COMMENT: With the technology, media and telecommunications (TMT) sector coming under increasing scrutiny from cyber criminals, perhaps the question I should be asking is whether TMT has turned into ITSec TNT?

With newly published research suggesting that 75 per cent of those enterprises within the TMT sector have reported a security breach so far this year - an increase of 13 per cent on the previous year - there's a real danger that data security will implode if nothing is done to stop the rising threat tide. Especially when you look closer at that research from Deloitte and discover that IT security budgets have largely, erm, gone precisely nowhere in response to the threats and stayed totally static.

Advertisement - Article continues below

While the optimists, and bean counters, will be applauding the fact that IT security budgets have not actually fallen, I will continue to shout as loudly as I can that they are missing the point.

The fifth 'Global TMT Security Survey' which Deloitte pitch as being "aimed at providing TMT companies with insight into the security and privacy challenges and threats they face or will face as an industry" makes for somewhat chilling reading. Revealing that while many enterprises talk the security talk, few seem capable of walking the walk, or at least walking in a straight line towards data security at any rate.

Advertisement - Article continues below

OK, I will readily admit that when it comes to IT security strategy I am very much a glass half empty kind of a guy, preferring to plan for the worst case scenario rather than march zombified and ever onward with fingers crossed that it will never happen to me. Which is why I find it hard to understand how any serious enterprise, as in serious about keeping data safe and secure, will think that a 'stable security budget' is good enough when the cold, hard facts are slapping them in the face with rising breach rates and ever more complex threat vectors. So while the optimists, and bean counters, will be applauding the fact that IT security budgets have not actually fallen, I will continue to shout as loudly as I can that they are missing the point.

Advertisement - Article continues below

Not that I really need to shout that loud as it would appear that those businesses whose budgets have remained static are well aware that this is not a good thing. According to the Deloitte research half of those questioned said that they considered the lack of budget (along with a lack of personnel, but it amounts to pretty much the same thing ultimately anyway) as being the biggest barrier to 'adequate' information security. And there we go again, with my pessimistic alarm bells ringing at the sound of someone using 'adequate' as an aspirational measure. Adequate is bean-counter-speak for least costly, within budget, value for money, cheap. Adequate is not secure at any cost. Adequate is not as secure as we can make it. Adequate is not, I repeat, acceptable.

Nor is it acceptable, I would suggest, for a quarter of CISOs not to be reporting back to their senior executive team.

Advertisement - Article continues below

I am not the only one with this concern, James Alexander is cyber security partner at Deloitte and he insists that "information security across the TMT industry is a matter that requires C-level attention, and organisations must raise awareness of the issues and train employees how to deal with them.The bar is being raised to a new level, and we need to step up". I couldn't agree more.

That stepping up has to include improving the frankly miserable statistic of only 18 per cent of TMT organisations having established clearly defined practices to inform customers and 'external stakeholders' about the risks to their data, and the 35 per cent with 'partially defined' policies. Mind you, it wouldn't hurt to try and improve on the 39 per cent of workers who follow IT security policy in the enterprise, another staggeringly depressing figure thrown up on this occasion by research from privilege management specialists Avecto.

Advertisement - Article continues below

So, to sum up, it isn't too late to stem the cyber crime tide. However, unless you want to get seriously wet and risk seeing your data drowning in these dangerous seas, you had better start not only taking the subject more seriously but investing in suitably robust defences NOW.

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now



University of California gets fleeced by hackers for $1.14 million

30 Jun 2020
cyber security

Australia announces $1.35 billion investment in cyber security

30 Jun 2020
cloud security

CSA and ISSA form cyber security partnership

30 Jun 2020
Policy & legislation

Senators propose a bill aimed at ending warrant-proof encryption

24 Jun 2020

Most Popular

Careers & training

IBM job ad calls for 12-years of experience with six-year-old Kubernetes

13 Jul 2020
Business operations

Nvidia overtakes Intel as most valuable US chipmaker

9 Jul 2020
cyber attacks

Trump confirms US cyber attack on Russia election trolls

13 Jul 2020