23 October 2014

Sandeep Jadav, Director of Cybercrime Investigations at professional services firm, EY, discusses why businesses need to change their approach to cyber-attacks.

Widespread media coverage of recent major cyber-attacks have once again captured the public’s attention and brought the risks of cyber-crime to the fore.

Meanwhile the UK Government estimates that IP theft and cyber espionage now costs Britain’s businesses at least

As a result, CEOs and corporate boards now have to prioritise cyber security. Where once the issue was the preserve of the ‘techy’ experts – not always in dialogue with the wider organisation – senior executives now need to understand the significant reputational and financial havoc a cyber-attack can cause.

Across the globe, businesses are now investing in some serious cyber security measures to gold-plate their operations, and are devoting enormous resources to pre-empt threats by harvesting, analysing and evaluating web chatter, something known as ‘Cyber Threat Intelligence’.

And only last month, the UK government announced a , in partnership with the US, encouraging firms to innovate to counter cyber security threats.

This is great, of course, but in reality it only addresses the tip of what is a colossal iceberg. With new threats emerging and evolving on an hourly basis, it’s estimated we will need at least another 500,000 cyber security specialists globally over the next five years to keep pace.

But it’s not just as simple as throwing a few more IT staff at the problem. New resources will require specialised training to ensure they know not only how to look out for and prevent threats, but also how to react in the event of a security breach.

Meanwhile, organisations need a clear strategy to respond to attacks. Staff must understand how to preserve evidence left by the perpetrators. IT staff must also establish contingencies to deliver an instant response to reassure customers and prevent reputational damage.

Given the sheer volume of threats, it’s no longer a case of whether your organisation will be hacked, but when. In the coming years, the real test of businesses’ cyber response will be in their resilience when things go wrong.

Massimo Cotrozzi, Sandeep’s colleague, will join leading experts in cyber resilience for a panel discussion on the key issues in cyber security and fraud risk management, at the University of Edinburgh Business School this week.

Is talent shortage the greatest obstacle to overcome in improving firms’ cyber security? What more should be done to improve businesses’ resilience?

Sandeep Jadav leads the EY team that specialises in the investigation of cybercrime, with specific emphasis on network intrusion, IP theft and software piracy incidents. He has over fourteen years of experience in the industry and has worked alongside some of the top global law firms and investigatory agencies.