Talking today the London Conference on Cyberspace, hosted by the Foreign & Commonwealth Office, William Beer, a director in PwC’s cyber and information security practice, said that the cybersecurity industry is in freefall.
According to Beer, operating securely in the cyber environment is among the most urgent issues facing business and government leaders today. But, he argues, many organizations have a long way to go if they are to combat the incredible resourcefulness and ability of the attackers.
The criminals, he explained, are nimble and quick on their feet, and this a fast-paced battle. Despite the growing threat, leaders continue to focus on exploiting the opportunities of cyber and are ignoring the risks.
“Cybersecurity is no longer only in the realm of the CISO or the head of IT, it is up to senior leaders to put this at the top of their agenda and collaborate more closely with other organizations. Public-private organizations, industry bodies and regulators all have a role to play. The message is clear - no organization in any sector is safe”, he said.
Ed Gibson, a director in PwC's US forensics practice - and a former FBI Special Agent and chief cyber security advisor for Microsoft UK – echoed Beer's comments, noting there has been a shift in the last couple of years.
Gibson, who spoke along similar lines at the Counter-Terror Expo in London in the spring of this year, says that organizations are facing advanced persistent threats and attacks, the scale and nature of which are unprecedented.
“Hackers used to be the prime source but now we are seeing large groups of highly organised criminals and even countries, sometimes using hackers as part of their operations”, he said, adding that the principle of `information is power’ has gained even deeper resonance.
“With so much more data to store, access and analyse companies know that information is now a greater source of power than ever - but only if it is secure”, he explained.
To help public and private sector organizations transform their mindset and their capabilities to address the growing threat, Beer says there are six key steps that organizations can take to make themselves cyber-ready:
Clarify roles and responsibilities
Reassess the security function’s fitness and readiness for the cyber world
Achieve 360-degree situational awareness
Create a cyber incident response team
Nurture and share skills
Take a more active and transparent stance towards threats
According to PwC, the unpredictable and high-profile nature of cyber threats tends to engender a defensive mindset. But a number of cyber-savvy organizations are now getting onto the front foot by adopting a more active stance towards attackers, pursuing them more actively through legal means, and communicating more publicly about their cyber-threats, incidents and responses.
By taking a more active stance, PwC argues that the organization can show that it takes attacks seriously and will strive to bring offenders to justice.