Firms responsible for managing data need to understand the value of the data they hold and have the tools and technology to know if something’s happening and contain it, says PwC’s Cyber Security partner Dr Richard Horne.
Prior to his appointment at PwC in October 2013, Horne served for 12 years as director of Electronic Protection and COO for global IT operations at Barclays, and spent a year on secondment to the Cabinet Office to help shape the UK’s national cybersecurity plan across government and the economy. He has represented the UK on security matters at the OECD, the European Commission and the ISO.
Horne told today’s IIEA Cybersecurity Conference that hackers often don’t bother attacking banks because the security is tougher, but look for lower hanging-fruit elsewhere.
He also reminded delegates that hackers are willing to do their research and will pull at threads until they find a way in, through email, for example.
Balacing tactics with strategy
In one case, an attempted attack was foiled because a number of people on a series of emails knew each other and spotted unusual activity and did not respond to what could have looked like usual business email.
“Businesses need to make strategic decisions that protect their business. How can security issues undermine strategic decisions? These need to be factored in early on.
“You need to understand what it is you hold and what you do that could be a target. Incidents will happen and there’s no way in cybersecurity you are going to stop being breached.
“The big part is having the monitoring to know when things happen, contain them and stop them happening.”