Articles & stories Cybersecurity threats: Not just a tech problem

Cybersecurity threats: Not just a tech problem
Most organizations are ill prepared to counter threats to cybersecurity because they don’t recognize that most attacks come from insiders. Most still regard the challenge as a technical problem requiring a technical solution.

Businesses need to get more serious about the issue and consider implementing non-technical measures such as closer vetting of recruits and paying attention to the vulnerabilities of staff, two security experts said during the cybersecurity panel on April 7 at AIC 2016. “The least appreciated part of the cyber threat is the insider,” said Sir John Sawers, Chairman of Macro Advisory Partners and former chief of the British Secret Intelligence Service (MI6). He said that 80% of cyber attacks are perpetrated by insiders, most unwittingly and usually by senior personnel. There are always some with malign intentions, particularly when the organization is going through a major transition and staff may be aggrieved and want to cause damage.

Despite the prevalence of the insider threat, many companies are not doing enough to address the challenge, added Ben Wootliff, Managing Director, Hong Kong, for Control Risks, and a cybersecurity advisor to global corporations. “There may be awareness on the board, but they still see it as a technical problem of computers attacking computers, putting tech people in charge of it. They will see the technical solution as a panacea.”

The most effective approach to cybersecurity is to get all sides of the issue – the technology, security and the business people – in the same room, Sawers agreed. “You have to have buy-in across an organization to get cybersecurity right.”

There are of course other perpetrators of cyber attacks beyond the insider. These include nation states, criminals and “hacktivists”. Two recent examples of cyber attacks by hackers allegedly connected to national governments include the breaching of data held by Sony and the US Office of Personnel Management. According to Wootliff, cybercriminals are becoming more sophisticated, while hacking tools are more easily available. Criminals and activists are better able to target what data is valuable and then selling those assets, he said.

Countries, particularly the most cyber capable, should come together to discuss the rules of the road for cybersecurity and common responses to breaches, Sawers told participants. The level of dialogue so far “is so immature,” he lamented. “If we had a cyber equivalent of 9/11, everyone would jump into action. But I don’t want to wait for that to happen.”

Watch the full replay of the keynote panel discussion featuring: Ben Wootliff and Sir John Sawers GCMG

By accessing the videos and/or podcasts in this page, you hereby consent to Credit Suisse disclosing your full IP address to YouTube and/or SoundCloud for the purpose of enabling you to view or listen to the content hosted in those platforms. These third party platforms are not operated or monitored by Credit Suisse, and your IP address and any other personal data collected, processed or stored by these third party platforms will be subject to their own privacy policies, and Credit Suisse will not be responsible for their treatment of personal data.