KPMG urges companies to invest more in cyber security
Organisations need to be pumping more time and energy into cyber protection and resilience, rather than rolling back their efforts.
That’s the opinion of David Ferbrache, technical director of KPMG in the UK, who has sent out a stark warning to companies that a cyber attack is a matter of when, not if.
“The changing nature of these attacks mean that no business which operates online is completely safe,” Mr Ferbrache wrote on KPMG’s blog section.
He warned that the very survival of some organisations could depend on how they consider the potential cyber risks and the impact an attack could have.
Cyber attacks now cost the global economy an estimated $450 billion a year and that figure will only rise over time as attacks grow in their frequency and ferocity.
Mr Ferbrache – who has over 25 years of cyber and information security expertise and was previously the Ministry of Defence’s head of cyber – suggested it was time for organisations to approach cyber security from a different angle and to “think like a criminal”.
“Cyber criminals are rational business people, who are looking for a return on their investment in the tactics and tools they use to steal, to commit fraud and to extort money,” he explained.
“One thing they do not do is think in is organisational silo structures – and so neither should the IA (internal audit) team.”
The KPMG man added that cyber’s basic controls and governance hadn’t changed in the past 20 years yet many organisations were still failing to get the basics right or to apply their controls and governance consistently, urging companies to concentrate on operational resilience.
Mr Ferbrache signed off by imploring companies to employ credible attack scenarios to test the adequacy and integration of controls.
“Think about what your organisation needs to do to survive and rebuild after a major cyber attack – your future could depend on this,” he concluded.
Share This Post, Choose Your Platform!
With over 25 years in the business telecoms industry and an unrivalled reputation of delivering excellent, personal customer service, Arrow is one of very few companies in the UK able to provide a full telecoms, IT and energy consultancy and service proposition.
Savings through automation, scale, improved service. We’ve got that covered. But the true value comes with empathy, through empowerment, collaboration. It’s connecting people that drives us forward. It’s people that make tomorrow happen.
Functional Always active
The technical storage or access is strictly necessary for the legitimate purpose of enabling the use of a specific service explicitly requested by the subscriber or user, or for the sole purpose of carrying out the transmission of a communication over an electronic communications network.
The technical storage or access is necessary for the legitimate purpose of storing preferences that are not requested by the subscriber or user.
The technical storage or access that is used exclusively for statistical purposes.The technical storage or access that is used exclusively for anonymous statistical purposes. Without a subpoena, voluntary compliance on the part of your Internet Service Provider, or additional records from a third party, information stored or retrieved for this purpose alone cannot usually be used to identify you.
The technical storage or access is required to create user profiles to send advertising, or to track the user on a website or across several websites for similar marketing purposes.