Greg Rammego, Deloitte Forensic Leader & Eric McGee, Deloitte Cyber Leader
As personal, commercial and government activities continue to migrate to the digital realm, so do criminals. Cyber security is increasingly becoming a concern among corporate leadership, including boards of directors, with large-scale cyber-attacks becoming more frequent and more costly for businesses. The rising number and increasing sophistication of cyber-attacks is expanding the market for cyber security services.
Organisations worldwide lose revenue to fraud. Increasingly sophisticated cyber-attacks can catch even well-governed organisations off guard, exposing customers to possible identity theft and fraud as well as threatening the organisation’s reputation, customer base and revenue.
The Association of Certified Fraud Examiners (ACFE) which is the world’s largest anti-fraud organisation – is asking businesses to join the global effort to minimise the impact of fraud by promoting anti-fraud awareness and education during International Fraud Awareness Week, which takes place this year from November 17 to November 23.
In order to detect fraudulent activity, it is imperative that businesses utilise collective intelligence across its full spectrum of processes, applications and infrastructure to identify attacks as early as possible. Once detected a sound incident response process is required.
The incident response lifecycle begins before an incident even occurs. Vigilant businesses should develop a proactive and responsive set of capabilities that allow them to rapidly adapt and respond to cyber incidents and to continue operations with limited impact to the business by developing a strong Cyber Incident Response (CIR) capability. A strong CIR capability can help your business:
- Quickly understand the nature of an attack to help answer and address the questions of what, where, how and how much;
- Minimise the costs associated with data loss in terms of time, resources and diminished customer confidence;
- Introduce a heightened level of management and control which can strengthen your IT and business processes and help your business focus on core activities that deliver value for the enterprise.
The CIR should include a cybercrime forensic investigation plan and contracted capability to determine the nature, extent, means, and origin of an incident with additional support to the organisation in any legal action may need to take as a result of the investigations. The contracted capability should ensure that the collection, processing and analysis of the data/electronic evidence is performed in a defensible manner, it will be permissible in any legal proceeding.
Organisations can no longer rely on passive defences against cyber-attacks. Tapping into collective intelligence and connecting automation and analytics to human judgment can help organisations reduce the risk of a cyber-attack and mitigate the impact of attacks that do occur.