Cybercrime – how safe are you?

Cybercrime is fourth on the list of risks contained in the Global Risks Report 2011 and can no longer be ignored.

Karen Stephens, Director of Kestrel Group, says smart cyber criminals are always one step ahead of monitoring and anti-virus software companies in their endeavours to breach cyber security.

“Cyber criminals are forever coming up with innovative ways to perform corporate espionage, stealing information and money from organisations as well as causing havoc on network systems.

“Early this year we were contacted by one New Zealand’s largest organisations and asked to test their executive crisis management team on the impact of a cybercrime attack on their organisation,” says Karen.

“We brought in a technical expert who worked with their key IT staff to design a scenario on how a cybercrime attack could occur and the impact of that on the organisation.

“We then put the crisis management team through a cybercrime crisis exercise and as a result identified that a simple virus would have stopped them operating for a number of days or even longer as well as having information stolen and funds diverted.

“From that exercise the awareness of the potential threat from cybercrime has been raised at the highest level and now that organisation is looking at how they can plug any gaps and put monitoring in place to minimise the risks.”

Karen says there is a heightened awareness within the country that New Zealand is not immune to this type of crime and these types of attacks. Recent media articles on Stuxnet and Flame serve as a reminder that the world of cybercrime is alive and well.

She says that companies cannot be complacent around their anti-virus software. “They’ve got to be up-to-date with the best monitoring equipment available for their systems and they need to have plans in place for how to deal with a cybercrime attack.”

Responding to cybercrime is a different kettle of fish to the run of the mill crisis response says Karen.

“When you’ve got a large organisation with thousands of desktops and laptops you tend to communicate with all staff through email. However if you do suffer a cyber-attack the first thing that happens (if you are well prepared) is that the network is shut down.”

Karen says this means looking for alternative methods of quick communication.

“There are also other flow-on effects to think about like the impact on external customers and business partners as well. We live in an age where information is shared back and forth via computer all the time and a virus is easily spread.”

A recent report by PricewaterhouseCoopers highlights a number of issues and provides guidance on what organisations should do to understand and protect themselves against cybercrime.

Those wanting to assess their own cybercrime risks and practice their response can contact Karen.