Deterring Cybercrime and Cybercriminals with a Multi-Faceted Approach

“Using a multi-step solution to protect your customers and employees from Cybercrime can be more effective than using state-of-the-art technology.”

Cybersecurity - putting the puzzle together

Cybercrime Puzzle

Cybercrime is a serious crime that is faced by people all around the world every single day. While there are people inside and outside the industry who claim throwing technology at cybercrime will make you safe, that is not an accurate claim. Those allegations are actually, completely false. Technology is not the solution to preventing cybercrimes!

People being too dependent on technological solutions to resolve problems with cybercrime has helped grow the process and get us to the current situation in a world where cybercrimes run rampant. During the last 18 months, we have been made aware of some of the most lucrative and devastating attacks throughout the world.

Lucrative for Criminals, Devastating for Victims

These cyber attacks were very lucrative for the perpetrators, enabling them to get considerable financial gain, but at the same time, they were absolutely damaging and devastating for the victims. Some of these attacks were so expansive and damaging; we are still reeling from the damages and after-effects. Many of those suffering from cybercrimes are the better known companies who have been viewed as industry leaders.

Target and Sony Pictures suffered major blows from hacking, and those are two cases that are still being reported by media around the world. Security experts are still studying those attacks, pointing out how the perpetrators were able to get access, what was accessed by them and how they committed the crime. Of course, they are looking for ways these crimes could have been prevented or avoided all together.

Despite the Technology, They Still Fell Victim to Cybercrime

You may find it interesting to learn that all of these victims had high-end technology in place. Advanced technology was designed to prevent such infiltrations and incidents, however, it has not proven as effective as believed. These companies had a lot of material to protect, so they literally invested hundreds of thousands of dollars in monitoring systems, firewalls and intrusion detection. Did these things do their job? Well not as they were intended or expected to. While they may have helped, they absolutely did not stop the attacks. The damage was definitely done.
A digital attack involves a lot of planning and secrecy. It is done over time, sometimes actually taking months or years. These criminals must be patient, looking for weaknesses, mistakes and omissions in digital systems and how they can exploit them for their benefit. Most importantly, a cybercrime is coordinated with other hackers and groups in order to create an atmosphere for them to succeed and maximize their returns which oftentimes increases the damages for the victims.

It is obvious that we need to change strategy and reorganize and plan more effective tactics! We have to defend against the increased attack surface that organisations now face on an often daily basis. The increased attacks that cloud, mobility, IOT, 3D printing and drones will bring into the business world. While advanced technology is good, it can also be bad at the same time. While the engineers and designers think they know all there is to know about their modern creations, that is not necessarily the case. Cyber criminals are smart. They put time and effort into finding flaws or omissions that will enable them to work their way around the equipment so they can access what they are wanting.

If Technology isn’t the Right Choice, What is the Right Solution?

While there are many solutions out there, unfortunately, none have been proven completely effective. This clearly emphasizes the need to use a holistic approach toward defending ourselves against cybercrime and improving digital security on all levels. While technology is important, it is of no greater significance than the holistic system components. While technology is needed, it should not be viewed as the top rank or the untouchable aspect of your security system.

Your protection should be built on top of the technology. It is the hardware, the software, your applications, your wireless, your VPN and patching that gives your protective posture; it’s stability.

Use a Holistic Approach

However, when it comes to proactive and effective protection, technology is not the only answer. We need to have a management component to improve effectiveness and overall results. That management component is designed to look after the policies, procedures and processes that control not only the technology that you deploy, but also your people – your entire team. It is about improving education and training, auditing and reporting, plus overall best practice. Management is all about controlling your business protection.

The third part of a holistic approach to security is adaptability. This is where all of your risk management lives. What are the risks?  How do we mitigate them? How do we use those risks to stabilise the business? Adaptability is all about business continuity, disaster recovery, backing up, culture and resilience. It is the systems and processes you have put in place to ensure that if anything does happen then you have a path to recovery.

Stay in Compliance!

The final component of our holistic system is compliance. We need to ensure that we comply with all of business requirements for our industry, for our country and for ourselves. If we don’t comply to all the requirements, we are putting ourselves, and others, at a greater risk. The goal is to decrease the opportunities for cybercriminals to act. With the proper attention, care and motivation, we can do just that. When we establish rules and regulations, they need to be set for a specific reason and we need to focus on how we will adhere to those guidelines.

Do We Have the Answers?

So you see, technology is not the only answer. We need to combine technology with good management practices. We need to ensure that if something does happen, manmade or natural, we have a way back we need solutions in place for a rapid recovery and repair.
We also need to make sure we check all of the boxes, not from a compliance level but from a business recovery level. We have seen a number of organisations which have passed a compliance audit but failed when it was put to the test in a real situation. This requires double checking or even triple checking. It is important to make sure that everything works as it should if and when it needs to do its job.

Now is the time to take a stand. We need to take control of our businesses, protect our employees, customers and clients, and come up with an effective solution that keeps cybercriminals at bay. If a cybercriminal does hit, we need to be able to pick up the pieces, limit the damages and get our operation up and going as quickly as possible. Remember, if we can’t completely stop them, we can at least limit the damages. We know technology is not the solution, so why are we not being more proactive and combining forces to come up with the right answers to protect ourselves?

Roger Smith is the CEO of R & I ICT Consulting Services, Amazon #1 selling author on Cybercrime, author of the Digital Security Toolbox and author of the SME Digital Security Framework.   Rapid Restart Appliance Creator.   He is a Speaker, Author, Teacher and Educator on cybercrime and how to protect yourself from the digital world. 

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.