Cyber-security suffers from poor implementation of best practices and can be addressed through automation of certain services and sparing money for hiring skilled cyber security talent, says Kelly Bissell, MD of Global Accenture Security.
Bissell believes end-to-end cyber-security needs to be implemented by businesses to deter increasing cyber-attacks.
In an interview given to The Economic Times, Bissel said that end-to-end cyber-security isn't present in most businesses and the reasons behind this are lack of funds available to smaller businesses, lack of skilled cyber-security talent and poor implementation of biometrics.
Highlighting that cyber-security is not a technology risk but a business risk, he said that boards should discuss and implement tough cyber-security standards so that repeated incidents of cyber-attacks do not cause potential loss of business and financial loss. This is especially significant since the GDPR, which will take effect from next year, will impose fines of either 4% of a company's annual worldwide turnover or €20 million, whichever will be higher, if the company fails to secure confidential customer data from cyber-attacks.
Thanks to the new rules, the total costs incurred by such firms because of their failure to protect customer data may go up to £122bn from a mere £1.4bn in 2015. The message behind the new regulations is for large firms to either pull up their socks or face impending financial ruin and loss of face.
Bissel also bemoaned the fact that biometrics have not been satisfactorily implemented across businesses. "I believe biometrics is much more secure than user ID and passwords because it's super easy to crack passwords. Biometrics has a layer of complexity and unique identification. But then again, no technology will be very secure if you don’t implement it well. It's not the technology's fault; it's how one uses it and deploys it that matters," he said.
Commenting on why small businesses cannot implement modern cyber-security standards due to lack of funds, Bissel said that such firms can address that by automating certain tasks that are repetitive and save funds to upskill employees dealing with cyber-security. He added that small firms are often in a rush to introduce new goods or services in the market, and as such do not pay much attention to cyber-security.
Recently, Robert O’Brien, CEO of MetaCompliance, said that severe penalties imposed by the upcoming GDPR could potentially end businesses or cause “severe financial consequences.” Noting that the number of businesses victimised by cyber-crime have doubled in a year, he added that an alarmingly large number of Scottish firms are still not aware of the ills of cyber-attacks and how such events could affect their fortunes.
“The number of business affected in UK has almost doubled in a year. The surge of attacks highlights the startling threat to the business community and the alarming potential for floods of personal details to fall into the hands of thieves," he said.