Bermuda’s nimble size a plus - cyber expert
PwC: Hacking attacks rose 50% last year
Hacking attacks on computer systems rose by nearly 50 per cent last year to almost 49 million incidents, according to a new report released by financial services firm PwC yesterday.
The report said that an average of 117,339 attacks took place every day last year. And attacks that have cost companies more than $20 million have doubled this year alone.
Garth Calow, PwC Bermuda advisory leader said: “Strategic security spending demands that businesses identify and invest in cybersecurity practices that are most relevant to today’s advanced attacks.
“It’s critical to fund processes that fully integrate predictive, preventative, detective and incident response capabilities to minimise the impact of these incidents.”
Mr Calow was speaking after PwC US advisory security manager spoke at an event focused on cyber security, organised by computer safety group ISACA.
The conference heard that detected security incidents have increased 66 per cent year over year since 2009 — but that global information security budgets had dropped four per cent on 2013, while security spending as a percentage of IT budgets had remained static at four per cent or less over the last five years.
PwC’s Matt Britten said: “Cyber risks will never be completely eliminated and with the rising tide of cybercrime organisations must remain vigilant and agile in the face of a constantly evolving landscape.
“Organisations must shift from security that focuses on prevention and controls to a risk-based approach that prioritises an organisation’s most valuable assets and its most relevant threats.
“Investing in robust internal security awareness policies and processes will be critical to the ongoing success of any organisation.”
A former White House cyber security expert yesterday said Bermuda was well-placed to protect itself against attacks on computer networks.
Jason Healey, a former US Air Force intelligence officer, added that Bermuda’s small size offered advantages and disadvantages in the battle against cyber crime.
Mr Healey said: “Smaller countries have other advantages — they can be very nimble and can act very quickly.
“Bermuda has a lot of these advantages — and it has lots of friends. Lots of companies that want to make sure the right things happen here. These are excellent advantages.”
Mr Healey explained that the US government saw itself taking a lead role in cyber security — with an emphasis on organisations like the military and the Department of Justice as guardians at the gate.
But Mr Healey called for a “G20 plus 20” — an alliance of the top industrialised nations and major tech companies to take the lead in combating cyber threats.
He said that tech companies were better placed than governments to take the lead on cyber risks — and head the recovery from a major attack on computer networks.
He added: “I suspect the Bermuda Government knows it’s not pulling the strings — you have to have that relationship with the companies that can help.
“I have been very pleased with what I have seen here with all these companies ready to help.”
Mr Healey, now director of cyber statecraft initiative at the Atlantic Council. was speaking just after discussing cyber threats with industry professionals at a conference organised by the Bermuda arm of computer network security group ISACA at the Royal Hamilton Amateur Dinghy Club.
The address was part of a series of events focusing on computer security held this week.
Mr Healey said: “The way for Bermuda to be on the right side here would be, I would guess, is what is in place.
“Washington DC is absolutely convinced it’s the centre of the world and what it says should the case.”
He added that the financial sector — which is well-represented on the Island — were leaders in computer security and had a vested interest in maintaining cyber safety.
Mr Healey said: “If the Bermuda Government can stay on that and keep that focus on finance and partnering with the right companies and organisations, I guess all of that is going to serve Bermuda very well.”
Earlier, he told delegates that current cyber risk management was similar to the failed financial risk management in the run-up to the 2008 economic crash.
And he warned that — while individual banks and financial institutions thought they were managing — “there was a lot of ignoring of the inter-connectedness of this risk”.
And he said too many computer security experts thought “it’s all inside their four walls and not looking outside these four walls”.
Mr Healey said: “As we have gone into the cloud more and more business functions, even critical functions, are being pushed outside the organisation.
“We are relying on others, not just for infrastructure, power and the rest, but to outsource technology.”
“If we had these cyber shocks, it isn’t clear who would be in charge and who would deal with the chaos.”
And he predicted: “I think we will have these disruptions which we will experience like natural disasters.”
Mr Healey added: “If these are going to hit us with increasing frequency, we will not be able to protect our way out of this.”
And he said that the “most successful companies are the one that have plans for back-up systems in case a major cloud provider was to be hit by a major failure in service.”