Firms must think smarter about cyber threats

Businesses in the UK are more aware of cyber threats but are still not doing enough to ensure their data is protected.

A report released by KPMG suggests that businesses lack the intelligence they need to deal with the cyber threat as well as they could, and are subsequently a long way from fully protecting themselves from risks.

KPMG’s Data Loss barometer shows that the hacking of information held by businesses has jumped globally from only eight per cent of total loss incidents in 2010 to 52 per cent in 2012.

Malcolm Marshall, KPMG partner and head of the firm’s Information Protection & Business Resilience team, said that the increased awareness of cyber crime is definitely a good thing. However, he warned that the focus now needs to change to putting in place intelligence management processes to gain real value from what they know.

“It’s the absolute minimum required to instil confidence amongst board members,” he said.

The KPMG report also suggested that the best way to fight cyber crime is to take a three-pronged approach. This involves developing an intelligence-led mindset, implementing a model based on those seen in the intelligence community and creating a decision-making process based on the information gathered.

It says that businesses would do well to follow the example followed by law enforcement agencies by thinking smart. This means time can be saved as organisations do not need to save and sort through all data, only the information that is likely to provide viable insights.

By setting the parameters of a search, firms can avoid wasting time on a haphazard approach.

“No organisation can dedicate resources to counter every threat.  With limited public funding, law enforcement agencies have learned hard lessons in how to prioritise threats and allocate resources. Cyber threats are no different,” said Mr Marshall.

"Just as law enforcement agencies use intelligence to protect the public, organisations should be doing the same to protect information assets, customer data and, ultimately, shareholder value."