Speakers on City Week’s ‘Managing the latest cyber security risks’ panel agreed that companies need to take a “when not if” approach to their cyber attack preparations.
One panellist advised companies to think about resilience from a new angle. Cyber attacks are inevitable — “you can’t stop everything from happening,” but impacts can be minimised through planning. Firms need to have responses in place for when attacks occur, rather than only working on preventative measures.
She stated that cybersecurity is a “team sport” requiring the cross-industry and whole-organisation engagement, and highlighted the importance of the cybersecurity measures that a company’s supply chain are taking, with cybercriminals targeting weak points to reach larger targets.
Carsten Maple, professor of cyber systems engineering at the University of Warwick's Cyber Security Centre, added that as the world becomes increasingly connected the risk of cyber attacks has increased. Companies can suffer directly or as collateral, with financial services often targeted in order to disrupt critical national infrastructures (CNIs).
One speaker predicted future attacks to be aimed at areas that do not yet appear critical, and agreed that with increased interconnectedness comes increased risk.
Bob Wigley, chairman of UK Finance, drew attention to the importance of cross-industry collaboration when it comes to combating cyber attacks. The financial sector cyber collaboration centre is one such mechanism in place to facilitate this, bringing together UK banks to manage incidents and minimise impacts.
One speaker observed that “the Venn diagram of state activity and crime group interests” has merged, with crime groups now a way for governments to attack foreign countries. Cyber attacks can have wide-reaching impacts, from personal defraudment to CNI disruption and cyber warfare.
Maple warned that one of the major challenges that is struggling to be met is the application of AI, which is already allowing criminals to conduct more efficient reconnaissance for targeted attacks. Further, quantum computing, is also something that the industry should be preparing for, he added.
Cyber attacks should not be seen exclusively as a problem for IT departments to solve, stated Wigley, advising that in order to improve their security, firms need to take people, processes and technology into consideration.
Another panellist stated that although cybercrime happens digitally, it is “fundamentally an analogue problem. People steal things — and that won’t change anytime soon.” As such, cybercrime is an inevitability, not a possibility, the panellists agreed, with moderator Robert Jones concluding that “dishonesty is dishonesty, regardless of the platform.”