Willie Sutton, when asked why he (frequently) robbed banks allegedly replied, “Because that’s where the money is”. (Mr. Sutton had a way with words and more of his simple-but-brilliant observations can be read below).
Banks have always received a lot of unwanted attention from bad guys wanting a free sample. But now things have changed. Now, there are many other places that the bad guys (and, this being an equal opportunity society, bad girls) can go to get of money that doesn’t belong to them-and thanks to the internet they don’t even have to leave home to get it!
And where are these other places? Everywhere there’s a business!
In 2015 the annual Information Security Breaches Survey, (prepared by PwC for the Department for Business, Innovation & Skills), found that a staggering 90% of large companies and 74% per cent of small companies had experienced some kind of cyber crime in the previous 12 months. Another survey published last year, by the Centre for Economics and Business Research, put the annual cost of cyber crime in the UK at £34 billion, split not quite evenly between the costs resulting from the attacks and the costs of the extra spending on prevention.
Interestingly, nearly half of the successful attacks were the result of internal lapses by employees, which means that many successful external attackers rely on an employee doing the wrong thing – something as simple as opening an e-mail attachment from an unfamiliar source.
NOT JUST ABOUT WANTING MONEY
But cyber crime is not always about money. Some attacks are for information, e.g. the theft of intellectual property or other economically valuable commercial secrets – suppliers and customers, contract terms, new product development and so on.
Some incidents of cyber crime are by ‘rogue’ employees, some who are disgruntled and want to cause trouble. In 2014 an employee of Morrison’s supermarket was jailed after he posted the personal details of about 100,000 staff online after being disciplined over using the company’s postroom to conduct eBay deals. (More than 2,000 staff, alleging that it was ultimately responsible for breaches of privacy, confidence and data protection law, sued Morrison’s as a result).
NOT JUST ABOUT LOSING MONEY
Successful cyber crimes usually cast a shadow over the competency of management, create doubts about the adequacy of the IT provider, trigger reputational damage with customers, loss of trust with stakeholders and risks the attention of regulatory bodies.
The first challenge for any business is to appreciate the scale of the threat it faces. (Any business that adopts the mantra ‘it won’t happen to me’ is likely to regret it sooner or later).
What to do? Well, start by taking advice to establish what appropriate technical and organisational measures your business requires to comply with its legal obligations under the Data Protection Act (DPA). Doing this will go some way to avoiding becoming another statistic on the next Security Breaches Survey.
You know where to go for that advice, don’t you?
More words of wisdom from Willie Sutton:
“Go where the money is and go there often”
“You can get more with a kind word and a gun than you can with just a kind word”