Cyber-attacks are set to grow in number and nature, and companies that embed security measures into their culture will be most successful at fending them off according to Grant Thornton.

The firm’s global leader for forensic & investigation services Paul Jacobs has examined the cyber-threats faced by businesses today, and ways to counter them. Richard Ratcliffe, a director of Grant Thornton in the Isle of Man, said it is vital the advice is carefully considered.

He said: ‘As Paul explains, the stereotype of cyber-criminals as shady-looking young men in hoodies hunched over laptops in dark corners couldn’t be further from the truth. Today’s cyber-attackers have evolved into organised, skilful, extremely agile profit-driven businesses that usually operate internationally.

‘Grant Thornton research suggests cyber-crime is costing companies more than $300 billion a year globally, and the Isle of Man is not immune. In fact, many Island firms rely very heavily on online communication to transact international business and could therefore be vulnerable to these sophisticated criminal attacks. That makes it even more important that any Isle of Man company which is serious about security reads Paul’s recommendations and follows his advice.’

Paul reveals cyber-criminals are increasingly using underground supply chains to develop, distribute and deploy customised malware to carry out attacks. Financial gain is the chief motive, but hackers have launched attacks for other reasons such as the apparent ‘moral imperative’ which drove the targeting of extra-marital affair website Ashley Madison and attempts to steal intellectual property.

Regardless of motive, Paul says, cyber-crime is predicted to grow in volume and level of sophistication. The response of international governments to the threat has been generally ‘slow and inadequate’, he says, although positive action has been taken by some countries.

However, fighting cyber-criminals cannot just be left to governments and regulators, and many companies are also failing to act. Paul warns that not strengthening cyber-defences can be costly and can threaten the survival of a business due to the reputational damage and loss of trust suffered when systems are breached.

Despite these risks, Grant Thornton research found that 52% of firms have no comprehensive strategy in place to prevent cyber-crime, and that lack of experience and awareness of the importance of cyber-security at board and senior management level is the main reason why it goes unaddressed. Paul says some companies often think they aren’t vulnerable to attack because they have “nothing worth stealing”. It is also felt other priorities take over in the current tough economic climate.

According to Paul, defence strategies that work are built around three pillars; people, processes and technology. Organisations that get it right educate their people to be their first line of defence, building a culture of security awareness. The first step is to tailor a cyber-security strategy by identifying priorities for protection through a risk assessment and gap analysis. There must then be continual reassessment to ensure that the right areas of an organisation are always protected, and consistent monitoring of strategy effectiveness.

Overall responsibility must lie with the board, the CEO and heads of business, but everyone across the organisation should understand their role in making their firm cyber-secure.

Paul concludes: ‘Effective policies and strategies embed cyber-security within the business success metrics of an organisation. That contributes towards a culture in which everyone takes the issue seriously at all times and shares ownership. At that point, when cyber-security is not seen as a one-off project but part of “business as usual”, companies might be able to rest a little easier about the circling cyber-threats.’

Visit www.grantthornton.global/en/insights/growthiq/cybersecurity/ to read Paul Jacobs’s full article How to be cyber-secure.

Photo - Richard Ratcliffe, Grant Thornton Isle of Man.