The technology evolution of the early 1990s gave rise to the designation of a CIO being created. It’s not that before the development of the designated post, the responsibility was not carried out with the same importance, but technology and IT was gaining such momentum and cybercrimes were rising; it prompted other C level executives to give due importance to a post that represented the business’s IT estate through the eyes and ears of a subject matter expert.
CIOs of organizations have had their work cut out for them ever since the coinage of their designation. They have been at the forefront of implementing cybersecurity laws and practices that are in the interest of the business and their customers.
With a Juniper Research report estimating the total cost of cybercrimes to reach $2.1 trillion by 2019, CIOs cannot risk dropping the ball in regard to the security and safety of their businesses’ IT estates.
CIOs of organizations have filed petitions and are strongly crusading for better and more vigilant cybersecurity laws. Despite the thorough implementation of the existing cyberlaws and security practices, cybercriminals have found loopholes in the systems and have managed to raise the total cost of data breaches from $3.52 million in 2014 to $3.79 million in 2015. This year has also seen its share of infamous cyberattacks across the globe.
Infamous cases of cybersecurity breaches in 2016
Accounts of more than 20,000 Tesco Bank customers were breached and money was stolen from them in November 2016 in the UK, causing the organization to stop all of its online operations for the time being. The bank went on record to say that the capital lost due to this breach would be borne by the bank.
Adrian Davis, Managing director for EMEA, said, “Business leaders have not realized just how much their organizations have changed in the digital age and how this is leaving them vulnerable.”
The Financial Industry Regulatory Authority (FINRA) asked Lincoln Financial Securities Corp. (LFS) to pay a $650,000 fine earlier this week. Hackers attacked a cloud based server of LFS and stole confidential information, which included Social Security Numbers, of over 5,400 customers in 2012. FINRA also strongly advised the company to implement stringent cybersecurity protocols.
Meanwhile, 3.2 million debit cards that were being used in the Indian economy were compromised in late October this year. Several users reported unauthorized usage that was traced back to China to their respective banks and financial institutions. A report by The Economic Times predicts that nearly 26 lakh cards have to be replaced. However, the most alarming fact is that it took the banks and financial organizations a long time to trace back and identify the cyberbreach.
Promising uncompromised security
Organizations are making every effort to ensure that the highest data security is provided to their customers. Further to that, organizations are asking their customers to bear some of the burden of higher security measures by adding further layers of security to the existing protocols. This is causing the quality of digital experiences to fall. A McKinsey survey goes on to highlight that a customer has to deal with an average of 14 passwords; which means with the added security layers, businesses are adding to the complexity of the authentification process.
Another McKinsey report records that business leaders are aware of the impact that technological developments could have on their business. Cybersecurity is being labeled as the biggest concern for leading firms across the globe. Some businesses believe that cybersecurity is likely to have a negative impact on business, while others disagree by saying that cybersecurity will lead to positive business impacts.
The report claims that 33 percent of Indian executives believe that cybersecurity will have a positive effect on their business and the economy at large.
Five cyberlaws and practices that will pique your interest
To understand the effects of cybersecurity, it is prudent to be abreast with some unconventional practices and cybersecurity laws that are prevalent across the globe. Here are five cybersecurity practices and laws that will pique your interest.
1. Bounty hunters
According to the latest edition of the Bugcrowd report issued in June, 2016 it’s not the tech companies that are enthusiastic about launching a bug bounty program, but businesses from the retail, finance and banking industries that are running them. Social Media giant Facebook has a very active bug bounty program through which it has already paid over $1 million to researchers in over 51 countries.
The Cybersecurity Act of 2015 encourages the private sector and the U.S. government to collaborate with each other to curb the cybersecurity threats.
2. The Queen’s Verdict
In May 2015, owing to the growing concerns of cybersecurity and cyber terrorism, the Queen announced that the most egregious digital criminals – ones that cause significant damage to people’s lives or national security – will be handed the life sentence. According to a report by Forbes, Nigeria had reworded its cybersecurity law to make it more comprehensible. The report said, “any attack on critical national infrastructure that causes a death will be punished by hanging.”
3. Safeguard one’s well-being
A SANS Institute report of February 2014 recorded that 94 percent of healthcare organizations have been the victim of a cyberattack. Medical devices and infrastructure that are connected through the Internet of Things (IoT) are subject to attacks. In order to protect such devices, there have been various standards that have been set-up and are being maintained to ensure the safety and security of patients and medical facilities. The Health Exchange Security and Transparency Act is the latest addition made to the set of laws that cover cyberattacks in the field of healthcare and medicine.
4. A new high in the dark
The Economist has reported over $50 million worth of transactions being traded in the Dark Net Markets through Bitcoins. However, a report by The Indian Express goes on to highlight the efforts made by The Narcotics Control Bureau to curb such activities in India. The NCB successfully interdicted two such groups who were trying to operate in the country.
5. Chinese whispers
On November 7, China announced a new version of cybersecurity laws that cover data localization, surveillance, and authentic details requirements. Users will have to reveal their real identity to use messaging services, and businesses have to adhere to practices of mandatory in-country storage. China has taken this bold move despite discouragement from its global advisors.
In an interview with The Guardian, Rogier Creemers, a researcher in the law and governance of China at Leiden University in the Netherlands, said, “China’s government has come to recognize that cyberspace immediately and profoundly impacts on many if not all aspects of national security”.
Organizations need to continuously reassess the cyberthreats and vulnerabilities and re-align their cybersecurity practices accordingly. Security compliance and ease of use need to work in tandem with each other. The negative sentiments of businesses with respect to cyberlaws need to change. Cyberlaws are almost a means to an end, hopefully giving us what we are all after: a safe and secure environment to operate and function in.
About the Author
Lucjan Zaborowski is the Head of Digital for 1E. He is also an experienced marketer and Project Manager with a solid understanding of digital acquisition and optimization, product marketing and program management. He has over six years of experience in multi-channel digital acquisition. He is keen to learn and stay up to date with the latest marketing trends.