Cyber attacks are increasing, both in number and sophistication.
The amount of damage caused by individual attacks is climbing into
the multimillions. The chances of a company falling victim to digital
espionage continue to rise. Businesses need to more effectively
manage the residual risks.
Many of today’s cyber criminals have their sights set on money. And they essentially take three approaches to achieving their goal. They conduct surveillance operations to systematically obtain valuable information from companies, they steal customer and credit-card data, and they blackmail companies by threatening to disrupt their business operations.
Research results, for example, can be sold to competitors or intelligence agencies. For customer and credit-card data, there are regular, though illegal, digital marketplaces, and all web services offered by a company can be brought down by denial-of-service (DoS) attacks. But such attacks do not just cost companies considerable time and money. The almost automatic blow to their reputations following such an assault can also have a dramatic impact on their balance sheets. According to the Edelmann Privacy Risk Index 71% of customers say they would leave an organization after a data breach.
Amount of “malware” for mobile platforms is rising dramatically
Meanwhile, new challenges continue to emerge. IT and information security experts worry, for instance, that cloud computing will present new security risks. In a study conducted by the highly respected Ponemon Institute in the US, 66% of surveyed IT experts said they thought cloud computing would result in less security. In particular, they said the use of the cloud would diminish their company’s ability to protect confidential data and critical internal software
Another current security problem is posed by the sharp increase of mobile devices. Slowly but surely, they are becoming the central access device to company applications and all sorts of data.
According to figures provided by the US consulting company Trustwave (Global Security Report 2013), the amount of mobile “malware” or malicious software for Android platforms alone skyrocketed by 400% compared with 2012.
This development is further complicated by the fact that mobile users appear to be less concerned about security. The Norton Security Report 2013, which is
based on information provided by more than 13,000 people from 24 countries, says individuals are much less concerned about security when using mobile
platforms than when using PCs. For example, 72% of users have installed free antivirus software on their PCs at the very least – but, for smartphones, the total is just 50%.
Meanwhile 78% of PC users store no confidential files on their desktops, and only 48% think about taking a very cautious approach in dealing with confidential files on their smartphones. Although these figures are taken from a consumer report, it should be noted that 49% of respondents use their personal mobile devices for work purposes and 27% even show work-related information to family members and friends. The lack of security awareness about mobile devices is that much more surprising when you realize that 38% of respondents said that they had been the victim of cybercrime over the past 12 months and that 27% reported they had lost their device once before or had it stolen.
Integration of IT technologies and application areas boosts threats
But it is not just new technologies like cloud computing or mobile devices that are fueling a rise in security risks. Big threats can arise from the integration of various technologies and application areas. For example, most smartphones that are linked to the IT infrastructures of companies have access to one or more cloud services. These services can become the target of hackers who can then introduce malicious code to company networks via smartphone. Given the fact that the internet will be used in the future to pass on commands and information to increasing numbers of production machines, vehicles and power grids, it is easy to understand why security experts are warning about increased risks and are working furiously on potential solutions.
Regardless of the solutions that are eventually developed, it will not be technically or financially possible to provide total protection from cyber attacks. Companies will always have a residual risk to address.
In Europe, this is exactly where a new end-to-end concept being offered jointly by AGCS and Deutsche Telekom/T-Systems as part of a cyber security partnership will provide support.
A working cyber security partnership
T-Systems, which is the security specialist arm of Deutsche Telekom, is contributing its expertise in security services, which extends from the detection
and elimination of security vulnerability to the prevention and deflection of targeted attacks, while AGCS is offering its know-how and experience in the
evaluation and assumption of security risks, as well as its assistance services.
The partnership will facilitate the development of customized lines of defense consisting of IT security measures and risk coverage that meet a company’s
“By creating this alliance, we have bundled our strengths to assist customers,” Dr. Christopher Lohmann, the CEO of Germany & Central Europe at AGCS tells Global Risk Dialogue. “They will profit from an integration of our services that provide comprehensive protection to them and facilitate the management of residual risks.”
“It is both a sales agreement and an issue-driven partnership,” adds Dr. Jürgen Kohr, Senior Vice President and Head of the Cyber Security Business Unit at T-Systems. “We are jointly enhancing our individual portfolios in order to provide customers with an end-to-end solution.”
Thanks to security assessments carried out jointly with AGCS at interested companies, security levels can be determined more easily and precisely, Kohr says. “As a result, we can offer solutions that will raise this level, and AGCS can write specific policies that take the remaining residual risk off companies’ hands.”
Workshops are held before the security assessments are conducted. These workshops are attended by the customer’s IT specialists and risk managers, security experts of T-Systems and AGCS risk consultants. In the first meeting, an initial assessment of the customer’s particular situation is conducted.
Initiating the discussion between IT and risk managers
“Even the workshops set things in motion. We occasionally see that this is the first time risk managers and IT officers have intensively worked with each other,” says Lohmann. Until now, both groups simply lacked the necessary information.
The risk managers frequently know too little about IT risks and are not acquainted with the right IT contacts. On the other hand, IT specialists constantly work to raise the security level of the threat situation, but they give little thought to covering the residual risk with cyber insurance. “For this reason, it is important for all parties to sit down together.”
Kohr and Lohmann both say the initial months of the partnership have gone well. But both executives also note that the market for these end-to-end security
solutions must still be developed. “If we intend to be successful in this market, we must initiate more dialogue between IT and risk leaders,” Lohmann says. “In property insurance, risk managers know exactly whom to approach at a company. But when it comes to coverage of cyber risks, they may know of the contact partner. But no procedures have been put into place, not to mention a risk assessment. One of the primary goals of this partnership is to initiate these
discussions in companies. Our aim is to no longer just talk with risk managers. We also want to join T-Systems in the conversation with IT officers.”
CEO, Germany & Central Europe, AGCS
Global Head of Fidelity, AGCS