Companies are gradually realising the risk of losing clients if they do not improve their cyber security.
When in May 2017 WannaCry ransomware infected over 200,000 computers in 150 countries, people around the world sat up. The ransomware encrypted personal files and demanded payment of $300 in cryptocurrency Bitcoin to decrypt them.
Including affected hardware were computers of hospitals in the United Kingdom, national railways in Germany or mobile operator in Spain. In Slovakia, only the hospital in Nitra reported infected computers.
“Even today, this type of cyber attack is not rare. Another case is an incident from mid-March – one of the world's biggest aluminium producers was hit by ransomware attack,” reminded Pavol Adamec, Risk Consulting Executive Director, KPMG in Slovakia.
The company has had to move to ‘manual production’, which means they operated factories without modern information technology.
Norwegian aluminium company still warns on its website that hackers may try to take advantage of the current situation and contact their partners under fake identity. This may be an attempt to spread the virus further or deceive their customers, suppliers or other partners. Moreover, the company has suffered a significant financial damage – experts estimated the incident had cost the company around 35 million EUR.
Cyber security remains one of the most resonating topics of 2019 – not only from the C-level executives’ point of view of, but also the public perceives this issue as substantial.
“It is natural development of increasing sophistication and volume of cyber security threats and attackers, rapid technology changes, the continued move to automated and cloud-based services and changing data privacy regulations. Companies therefore seize opportunities to transform their security, privacy and continuity controls in order to eliminate the consequences of cyber attacks and grow their businesses,” stated Adamec.
KPMG specialists identifies six companies' cyber security priorities and opportunities for this year and beyond.
It won’t be a surprise to any IT leader that there is a skills shortage: 65 per cent are reporting a lack of skills holding back their strategies – the highest we have recorded since 2008. The results are based on the KPMG CIO survey 2018. Difficulty in hiring qualified labour has been the main headwind of businesses in Slovakia. There continues to be a dearth of adequately trained, appropriately skilled personnel to protect vital processes, intellectual property and sensitive data at numerous organizations across virtually every industry. Companies therefore should focus on recruiting new talent out of college and developing bespoke training programs to build the next generation of cyber professionals.
Artificial Intelligence (AI) is a powerful weapon in the attacker’s and cyber team’s arsenal. In today’s arms race the advantage goes to the attacker. The defender has to be good everywhere. The attacker only has to be good at the spot where they are attacking. Cyber attackers are increasingly likely to employ AI, using deep learning and machine learning to make malware and targeted attacks more effective and harder to detect. Organizations should also use these tools to help identify security incidents and assess vulnerabilities across the system.
In an age when proprietary and customer data are a company’s most valuable assets, getting the privacy strategy right can give an organization a competitive edge. Companies should move beyond compliance to ensure data privacy processes are a component of business models. KPMG Consumer Loss Barometer Survey has revealed an alarming finding – 71 percent of consumers are more concerned about retailers misusing their personal information than information being taken by hackers (68 percent). This highlights a societal lack of trust in business that organizations must address. Organizations must chart a plan that encompasses not only the immediate regulatory challenges, but also for a shifting regulatory climate and consumer expectations of greater individual control of data.
Companies in all sectors are getting away from a one-size-fits-all security model—it’s just not sustainable in today’s environment. From an enterprise perspective, and in terms of collecting and leveraging client data, fraud prevention and cyber security are converging. In 2019 and beyond, fraud and cyber should command equal attention from a security perspective and new and enhanced strategies for collecting and using client data should be developed. KPMG Consumer Loss Barometer Survey has uncovered, that almost half (48 percent) of consumers believe their financial institutions have full or joint responsibility for ensuring that mobile devices used for banking are secure. Regardless if financial institutions see it as their responsibility, they need to show they take the security of their customers’ personal information seriously.
In 2019 is expected to be a move away from passwords. Not only are people simply tired of them, but weak passwords are often the source of a lot of identity theft. Companies are getting to a point where they are going to have to be much more aggressive about employing advanced authentication methods, such as touch or face ID or voice recognition, to replace passwords. Companies should give serious consideration to trading passwords for biometric-enabled apps. Identity and access management is evolving from a security tool to a business enabler as companies seek to use technologies provide a secure customer-centric digital experience that can be personalized across multiple channels and devices. Innovative methods of identity verification are being developed primarily in the financial sector. Banks can attract more customers thanks to advanced authentication methods.
The attackers use phishing emails in an attempt to gain sensitive or confidential information such as usernames, passwords, credit card information, network credentials, and more. Mainly Slovak banks are frequent targets for phishers. Financial institutions therefore regularly inform clients about potential phishing threats. Attackers are continuing to target the weakest link and that is often the user sitting behind the computer. It may sound somewhat old school from a cyber perspective, but despite the growing sophistication of today’s attack methods, phishing remains one of the toughest threats to defend. No organization has the ability to defend all vectors consistently. When it comes to phishing, there is no perfect tool, no perfect monitoring platform that is going to defend your network at all times. Companies have to be both analytical and agile as they work to identify attack patterns.
please proceed to our service page below for more information.
© 2021 KPMG Slovensko spol. s r.o., a Slovak limited liability company and a member firm of the KPMG global organization of independent member firms affiliated with KPMG International Limited, a private English company limited by guarantee. All rights reserved.
For more detail about the structure of the KPMG global organization please visit https://home.kpmg/governance.