Cyberattacks and Hacktivism – Take Cover!

Cybersecurity experts at Deloitte are warning that when it comes to cyberattacks, it's not a question of "if" but a question of "when." A new study shows 88 percent of companies in technology, media, and telecommunications (TMT) don't think they're vulnerable to an external cyberthreat.

In Deloitte's sixth annual Global TMT Security Study, 68 percent of companies said they understood their cyberrisks, and 62 percent had a program in place to sufficiently address them. Yet in the past year, over half (59 percent) said they had knowingly experienced a security incident. With this many successful attacks, companies should treat breaches as inevitable and invest significant time and effort in detection and response planning so they can bounce back quickly when it does happen. Despite this importance, only half of companies have this planning in place.
 
The human factor
Companies rated mistakes by their employees as a top threat, with 70 percent highlighting a lack of security awareness as a vulnerability. Despite this, less than half of companies (48 percent) offer even general security-related training, and 49 percent said lack of budget was making it hard to improve security. The impact of employees' actions – or rather inaction – can't be overstated, and it's important they're aware of their responsibilities. This is even more significant given the proliferation of people's own devices entering the workplace.
 

Act as if a Breach Is Inevitable

Cyberattacks are now so sophisticated and commonplace that it's impossible to be fully protected. Companies need to act as if a breach is inevitable and have a documented response plan in place so they can react when it does happen. Unfortunately, not enough companies are doing this, so we think companies are being overconfident in their resilience. 

Companies must also embed a culture of cybersecurity in their staff. This is easier said than done, but each employee holds the keys to the castle and must understand that responsibility. Spreading a secure culture should also extend to the businesses that companies work with, and companies need to collaborate to ensure strength across organizational boundaries.
 
– James Alexander, lead partner for TMT security at Deloitte
Bring your own
Today's smartphones and tablets are powerful enough to handle most business activities, and it's now common for employees to use their own devices for work. This intermingling of access to business data and use of personal software applications in one device make mobile devices a prime target for hackers and provide new entry points for attack. This territory is just being charted, and only 52 percent of TMT companies have a bring-your-own-device (BYOD) policy in place, so it's not surprising 74 percent of respondents considered the increased use of mobile devices as a vulnerability.
 
It's who you know
A major concern for TMT companies was the security of the businesses they work with. In today's hyper-connected world, organizations are more reliant than ever on third parties. Sensitive information can often be found in the systems of businesses that support the supply chain and other business operations. Seventy-four percent of respondents said they were worried about these businesses being breached, so it's vitally important that organizations work with their third parties to understand and improve their security practices rather than rely on contractual agreements on security.
 
Who's watching you?
A major and relatively new threat is hacktivism, which combines social or political activism with hacking. Protesters who, in the past, might have blocked access to a business by staging a sit-in might now block access to its online operations through a denial-of-service attack. Effective handling of a hacktivist attack requires advance preparation, both from an IT and public relations perspective. 
 
Fortunately, the survey shows that TMT organizations are taking steps to get better awareness of cyberrisk: 55 percent of organizations are starting to gather general intelligence about these and other types of cybercrime, although just 39 percent are gathering information about attacks specifically targeted at their organization, industry, brand, or customers.
 
Planning for the future
Encouragingly, having a security strategy and road map topped the list of priorities for companies, implying that TMT organizations now recognize that being secure is smart business – not just a regulatory requirement. In addition, companies said the most important consequence of a security breach now is that customers will complain. People now have an understanding of security and little tolerance for mistakes – especially when their data is being held or they rely on a service.
 
Source: January 8, 2013, Deloitte Press Release
 

You may like these other stories...

No field likes its buzzwords more than technology, and one of today's leading terms is "the cloud." But it's not just a matter of knowing what's fashionable. Accounting professionals who know how to use...
There is a growing trend of accountants moving away from traditional compliance work to more advisory work. Client demand is there, but it is up to the accountants to capitalize on that. What should accountants' roles be...
 Event Date: April 24, 2014 In this session Excel expert David Ringstrom, CPA introduces you to a powerful but underutilized macro feature in Excel. David will introduce the Macro Recorder, which transforms actions...

Upcoming CPE Webinars

Apr 17
In this exciting presentation Excel expert David H. Ringstrom, CPA shares tricks that you can use with pivot tables every day. Remember, either you work Excel, or it works you!
Apr 22
Is everyone at your organization meeting your client service expectations? Let client service expert, Kristen Rampe, CPA help you establish a reputation of top-tier service in every facet of your firm during this one hour webinar.
Apr 24
In this session Excel expert David Ringstrom, CPA introduces you to a powerful but underutilized macro feature in Excel.
Apr 25
This material focuses on the principles of accounting for non-profit organizations' revenues. It will include discussions of revenue recognition for cash and non-cash contributions as well as other revenues commonly received by non-profit organizations.