Saturday, March 6, 2021
Corporate Compliance Insights
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
  • Home
  • About
    • About CCI
    • Writing for CCI
    • NEW: CCI Press – Book Publishing
    • Advertise With Us
  • Articles
    • See All Articles
    • NEW: COVID-Related
    • Compliance
    • Ethics
    • Risk
    • FCPA
    • Governance
    • Fraud
    • Internal Audit
    • HR Compliance
    • Cybersecurity
    • Data Privacy
    • Financial Services
    • Leadership and Career
  • Vendor News
  • Jobs
    • Compliance & Risk
    • Information Security
  • Events
    • Webinars & Events
    • Submit an Event
  • Downloads
    • eBooks
    • Whitepapers
  • Podcasts
  • Videos
  • Subscribe
No Result
View All Result
Corporate Compliance Insights

Cyber Crime is Professional

by David Gormley
December 7, 2016
in Uncategorized
guarding against cyber threats

In 2016, we have seen the largest cyber bank theft in history, hacking of emails in the U.S. presidential election and a massive denial-of-service attack linked to the Internet of Things.

Attackers – ranging from nation-states to organized criminal gangs – have moved well beyond crude, scattergun approaches to defeat weak security. Today they are skilled, determined and focused – and quite possibly already inside an organization’s network, either because they’ve breached it or because they are an employee or partner with access. They are varied in motivation, capability and tactics.

BAE Systems recently conducted a survey that reveals the majority of information technology professionals (97 percent) believe business security and defense is a priority for their organizations. Yet more than half (54 percent) admit they assess cyber threats just once a week or less. The recent survey of 200 IT professionals at U.S. organizations also revealed:

  • 87 percent believe their organization’s leadership understands the serious impact of a cyber attack;
  • Compromising sensitive company financial data (63 percent) and compromising customer information (58 percent) are top concerns when it comes to cyber attacks;
  • 50 percent are concerned about the hijacking of credentials to compromise customers or suppliers;
  • 33 percent worry that too many employees are not aware of the cyber risks involved in using social media and digital channels.

As cyber attacks can occur at any time and often go undetected for weeks or months, it is critical that organizations employ round-the-clock threat assessment with a human in the loop to focus on genuine threats and fortify business defenses. Determined, capable cyber criminals use research, advanced capabilities and repeated attacks to penetrate any organization they deem vulnerable.

But many companies simply don’t have the resources to respond. They’re trying to keep pace with business and technological change, using tools and services delivered over the internet, as well as those held in-house. They cannot afford to hire the right people, take the right training or buy the right technology every single time. That means they can’t defend their networks, their data or their people and customers. Many organizations are overwhelmed by the sheer pace of attacks and lack the knowledge or the technology needed to mount an effective defense against increasingly sophisticated opponents.

Going to the experts for a managed or outsourced service is a fact of business life, and the same applies when it comes to securing one’s data, security devices and networks. It’s a sensible, logical business and technology decision that allows organizations to focus on their core business objectives.

The MSS provider market is large, with at least 300 companies offering services in the U.S. alone. Some simply offer packaged approaches: one size fits all. Many traditional managed service providers focus the majority of their efforts on “known attacks” and miss the more targeted, hidden threats. These more sophisticated methods are increasing with modern, dedicated attackers. They will create custom malware to evade detection, hide in a network for months or years and leave little or no evidence of their intrusion. Skilled, professional attackers will persist, and if they don’t break in the first time, they’ll be back – with more powerful and capable tools.

This calls for defenders to take a proactive approach: one that goes looking for threats, rather than waiting to stumble over them later in the attack process. When assessing MSS offerings, organizations should consider:

  • Does the provider go hunting for malicious patterns in the everyday data your organization creates?
  • Does it use sophisticated analytics to ask the right questions – and hunt for breaches, past and present?
  • Does it use the latest generation of big data technologies – artificial intelligence and machine learning – to find patterns that might otherwise never be seen?
  • Does it share information, pattern data, lab research and national security resources to uncover new malicious tactics, techniques and procedures?
  • Does it minimize the noisy alerting from security equipment and the daily fire drills investigating what turn out to be false positives?

In today’s world, a traditional approach to cybersecurity is not enough to prevent attacks. Crime occurs where there are opportunities, and the same is true for cyber crime. By outsourcing cybersecurity to threat-hunting experts, businesses can now receive real-time, continuous monitoring and threat assessment.


Tags: CFTCcommunications management
Previous Post

How Chile’s Recent Political Scandals Led to Reforms

Next Post

Facing Critical Risks and Threats to Compliance

David Gormley

David-GormleyDavid Gormley, a leader on the product and strategy team at BAE Systems, is a CISSP with over 15 years of experience in the technology industry. He was recently a Product Marketing Director at CA Technologies and earlier in his career he was a consultant at A.T. Kearney working on technology solutions and partnerships with Fortune 500 clients.  Prior to that, he worked at Forrester Research, evaluating technology environments and consulting with partners on the adoption of emerging technologies. David holds a B.S. in Business/Marketing from Skidmore College and an M.B.A. with a concentration in Information Technology from the University of Texas at Austin.

Related Posts

freelance worker on laptop at train station

Stoke Talent Launches AI-Powered Worker Classification Engine

March 5, 2021
green and red location markers on map

FinCEN’s Registry Will Be a Game-Changer. It Will Also Place an Added Burden on Corporations.

March 5, 2021
hands holding seedling in eggshell

SEC Announces Enforcement Task Force Focused on Climate and ESG Issues

March 4, 2021
illustration of man under giant gavel

BitPay’s $507K OFAC Sanctions Violations Settlement

March 4, 2021
Next Post
Facing Critical Risks and Threats to Compliance

Facing Critical Risks and Threats to Compliance

OneTrust offers download to demonstrate privacy management leadership
Access realtime data
Top 10 Risk and Compliance Trends

Special Coverage

Special COVID page graphic

Jump to a Topic:

anti-corruption anti-money laundering/AML Artificial Intelligence/A.I. automation banks board of directors board risk oversight bribery CCPA/California Consumer Privacy Act Cloud Compliance communications management Coronavirus/COVID-19 corporate culture crisis management cyber crime cyber risk data analytics data breach data governance decision-making diversity DOJ due diligence ESG fcpa enforcement actions financial crime GDPR GRC HIPAA information security KYC/know your customer machine learning monitoring ransomware regtech reputation risk risk assessment Sanctions SEC social media risk technology third party risk management tone at the top training whistleblowing
No Result
View All Result

Privacy Policy

Follow Us

  • Facebook
  • Twitter
  • LinkedIn
  • RSS Feed

Category

  • CCI Press
  • Compliance
  • Compliance Podcasts
  • Cybersecurity
  • Data Privacy
  • eBooks
  • Ethics
  • FCPA
  • Featured
  • Financial Services
  • Fraud
  • Governance
  • GRC Vendor News
  • HR Compliance
  • Internal Audit
  • Leadership and Career
  • Opinion
  • Resource Library
  • Risk
  • Uncategorized
  • Videos
  • Webinars
  • Whitepapers

© 2019 Corporate Compliance Insights

No Result
View All Result
  • Home
  • About
  • Articles
  • Vendor News
  • Podcasts
  • Videos
  • Whitepapers
  • eBooks
  • Events
  • Jobs
  • Subscribe

© 2019 Corporate Compliance Insights