Global cyber security attacks up 25%

SINGAPORE - Cyber security attacks have risen by 25 per cent around the world in the past 12 months as hackers find firewalls and other forms of protection increasingly easy to overcome.

The costs arising from these attacks have also shot up, by more than 18 per cent in the same period, according to a survey by consulting firm PricewaterhouseCoopers (PwC). These costs include investigations, managing notifications to regulators, customers and consumers and funding litigation.

The findings are from an online survey that received 9,600 responses from senior executives across the world between February and April.

PwC risk assurance partner Mark Jansen said during a briefing in Singapore last Thursday that the survey also showed that the number of organisations that did not know they had been hacked has doubled in the past 24 months.

"Organisations must keep pace with security activities like continually checking and monitoring to make sure that what they have in place is up-to-date and still working," added the Singapore-based Mr Jansen.

Intruders are not only looking to attack information technology infrastructure, but also targeting people such as employees, business partners and suppliers. Staff postings on social networks, for example, can unwittingly provide information to intruders.

"Innocuous information can be gathered from several areas and pieced together by hackers," Mr Jansen warned.

Allowing employees to use their personal smartphones and tablets to access corporate information is proving another chink in the security armour, as they often do not have security software on their devices.

Last week, Standard Chartered Bank revealed that the February bank statements of 647 of its private banking clients had been stolen from a server at Fuji Xerox, which the bank had hired to print the statements.

Police found the statements on the laptop of James Raj Arokiasamy, the alleged hacker behind "The Messiah" pseudonym who has been charged with hacking a town council website. It is not clear how the documents were stolen from the server and how they landed on James Raj's laptop.

Outsourcing is a valid business model that generates cost savings and operational efficiency, said Mr Jansen. However, outsourcing companies must be carefully managed for security. "Accountability cannot be outsourced. Organisations must conduct regular reviews and monitoring of their outsourcing partner's security efforts."

Cyber security has to be holistic, he said. Organisations must know who are the people working for them - in their own companies and those they have outsourced work to.

He added: "Behavioural profiling, looking at who is accessing information, the frequency of access, type of information exported and other activities, gives organisations an idea of who is doing what to their corporate data. If they spot something unusual, they can take action."

Get a copy of The Straits Times or go to straitstimes.com for more stories.