Flashcards in ETHICAL SUPPLY CHAIN MANAGEMENT IN FASHION Deck (13)
WHY IS CYBERSECURITY SO IMPORANT
For the vulnerability of our interconnected global systems to the “butterfly effect” – in chaos theory, the potential for a ripple in one part of the world to be amplified and lead to major disturbances in another – is by no means confined to finance. Increased mobility and population density has exacerbated the threat of a global pandemic. The virtual integration of global society and business over the internet has created a new threat of collapse due to cyber attacks or failures in the infrastructure. Meanwhile, rapid integration of the global economy is leading to rising greenhouse gas emissions, with the potential to trigger catastrophic climate change on the other side of our planet.
GOLDIN AND MARIATHASAN - THE BUTTERFLY DEFECT.
TALK ABOUT HOW INFORMATION IS A KEY RESOURCE
- TITANS, GOOGLE, APPLE, AMAZON ARE COMPLETELY RELIANT ON DATA.
We have transformed from an economy of atoms to an economy of bits. Industrial age manufacturers such as GM motors are not the economic powerhouses they used to be.
DISCUSS THE COST OF CYBER ATTACKS
New research from Grant Thornton reveals that cyber attacks are taking a serious toll on business, with the total cost of attacks globally estimated to be at least US$315bn* over the past 12 months. The Grant Thornton International Business Report (IBR), a global survey of 2,500 business leaders in 35 economies, reveals that more than one in six businesses surveyed faced a cyber attack in the past year. With high-profile security breaches and hacks becoming more prevalent, nearly half of firms are putting themselves in the firing line with no comprehensive strategy to prevent digital crime.
According to the IBR, 15% of businesses say they have faced a cyber attack in the past year. Businesses in the EU (19%) and North America (18%) have been most heavily targeted. However, no region has been immune. The Australian Cyber Security Centre recently raised concerns about the level of attacks there, while hacks into customer databases affected the Planned Parenthood Federation of America. Regionally, cyber attacks are estimated to have cost Asia Pacific businesses $81bn in the past 12 months, while firms in the EU ($62bn) and North America ($61bn) are also counting the significant cost of attacks.
In Telstra’s recent Cyber Security report, data shows that 59% of Asian organizations experienced a business-interrupting security breach at least once a month. This comes down to the increase in digitization across the board. As we move towards digitization, the number and type of devices requiring enhanced security measures increase too. Mobiles, tablets, wearables and Internet of Things (IoT) enabled devices all fall short in the traditional approach of securing network perimeters by a firewall. Additionally, new technologies such as artificial intelligence and machine learning are providing attackers with enhanced tools for more complex attacks.
(Telstra Cyber security report, 2017)
CYBERSPACE AS A GLOBAL COMMON
Global commons is a term typically used to describe international, supranational, and global resource domains in which common-pool resources are found. Global commons include the earth's shared natural resources, such as the high oceans, the atmosphere and outer space.
“The global commons can be defined as those areas that are not under any national jurisdiction or sovereignty and that are potentially accessible to any and all actors, be they states, non-state, or individuals.”
“The Cyberspace domain, however, is also very different from the traditional global commons. The established domains are physical, whereas Cyberspace is also virtual. By definition the global commons are not owned, whereas the man-made components that comprise in their totality the infrastructure that generates Cyberspace are owned, albeit by a very disparate and large group.”
CYBERSECURITY IS IMMATURE
COST FOR INTERNATIONAL BUSINESSES
High-profile US retailers Target and Home Depot were among many organizations that lost customer data and credit card information. In other companies, cyber criminals stole money from accounts, carried out industrial espionage and in some cases even took over company systems and demanded ransom money to unlock them.
DISCUSS THE TYPES OF CYBERATTACKS
Cyber attacks fall into two broad categories: breaches in data security and sabotage. Personal data, intellectual property, trade secrets and information relating to bids, mergers and prices are tempting targets for a data security breach. Sabotage can take the form of denial of service attacks, which flood web services with bogus messages, as well as more conventional efforts to disable systems and infrastructure.
In addition to commercial losses and public relations problems, disruption of operations and the possibility of extortion, cyber attacks may also expose an organization to regulatory action, negligence claims, the inability to meet contractual obligations and a damaging loss of trust among customers and suppliers.
A significant proportion of cyber crime also goes undetected, particularly industrial espionage where access to confidential documents and data is difficult to spot. There is a danger that a business might trade at a disadvantage for months or even years as a result of a continuing, but undetected, security breach.
"Criminals operate across borders, so must companies and the experts that assist them, including their lawyers," says Bertrand Liard, a Paris-based partner at White & Case. "Responding to cyber attacks requires both a global vision and a fine knowledge of local regulations and law enforcement agencies."
North Korean attack on Sony in 2015 resulted in 10 NK organisations being sanctioned by US.
LONDON (Reuters) - A global “ransomware” attack disrupting factories, hospitals, shops and schools spurred investors on Monday to buy stocks expected to benefit from a pickup in cyber security spending by companies and government agencies.
The cyber attack began spreading across the globe on Friday and by Monday had infected 300,000 computers in more than 150countries.
“These attacks help focus the minds of chief technology officers across corporations to make sure security protocols are up to date, and you often see bookings growth at cyber security companies as a result,” said Neil Campling, head of technology research at Northern Trust.
DISCUSS HOW IT IS ONLY SET TO INCREASE
Technical innovation throws up new online dangers. For example, the migration of data to third-party cloud providers has created a centralization of data and therefore more opportunities for criminals to misappropriate critical information from a single target attack. Similarly, the emphasis on mobile services has opened up corporate systems to more users—multiplying the opportunities to penetrate security measures.
Applications that involve the collection and analysis of data in large quantities—so-called Big Data—put additional pressure on security managers. Mountains of sensitive data about buyer decisions, their habits and other personal information must be kept safe, but until recently security was not a top priority in systems handling Big Data.
The development of an Internet of Things, which enables communication between machines, raises the possibility of appliances being manipulated by hackers. The widespread use of machine-to-machine (M2M) communication is only likely to boost the possibility of information misuse.
Much of the world's critical infrastructure, controlling services such as power generation, transport and utilities, already depends on M2M. Protecting the networks that carry the communications that control these services is vital, especially since decision making is often done without human involvement.
NOT ENOUGH PEOPLE FOCUSED ON SECURITY
There just aren’t enough people focused on security. The core challenge isn’t a lack of raw talent. We’ve got nearly six million software-related professionals in the U.S. according to the Bureau of Labor Statistics. But fewer than 89 thousand, or just 1.5%, are cybersecurity specialists. That’s translated into more than 270,000 unfilled security-related IT jobs in the U.S. alone. And that shortage is part of the reason that security-related professionals are among some of the highest paid in the development field.
STRUGGLE FOR SME'S
The deluge of cyber-attack stories in the news is becoming commonplace. Recorded cyber crime cost the UK economy £10.9bn in 2015/16; and unreported crime could cost magnitudes more. For small businesses alone, the average cost per attack is around £3,000.
Fortunately, the level of attention criminals are paying to cyber crime is more than matched by those fighting against them. But for SMEs with limited budgets, securing themselves can be a tricky job.
The risks remain the same of course: DDoS attacks, ransomware, phishing scams or data dumping can lead to a loss of trust or even fines for data breaches – both of which can close companies for good.
INSIDERS ACRUALLY POSE BIGGEST THREAT
The role that insiders play in the vulnerability of all sizes of corporations is massive and growing. In the 2016 Cyber Security Intelligence Index, IBM found that 60% of all attacks were carried out by insiders. Of these attacks, three-quarters involved malicious intent, and one-quarter involved inadvertent actors. IBM Security research also found that health care, manufacturing, and financial services are the top three industries under attack, due to their personal data, intellectual property and physical inventory, and massive financial assets, respectively. However, while industries and sectors differ substantially in the value and volume of their assets and in the technology infrastructures they have to manage and defend, what all businesses have in common is people — all of whom have the potential to be an insider threat.
The most dangerous aspect of insider threats is the fact that the access and activities are coming from trusted systems, and thus will fly below the radar of many detection technologies. Particularly in the latter two categories, malicious actors can erase evidence of their activities and presence to further complicate forensic investigations.
Based on the success of these types of attacks, they seem to represent a perfect crime. And in some organizations the challenge of identifying these rogue elements has resulted in attempts at “zero trust” environments. But security teams have another formidable adversary: reality. While restrictive security policies may seem to be a valid strategy, they impede productivity, hamper innovation, and frustrate users.
Fortunately, analytics and the rise of artificial intelligence make spotting potential insider threats easier and less intrusive. However, even with advances in technology, managers need to be aware of what to look for and how to focus their security efforts to get the greatest returns on protection:
This nasty bug was actually discovered (and reportedly utilized) by the NSA, who referred to it as EternalBlue. It went public when Wikileaks published information obtained by the Shadowbrokers hacking group.
In the strict sense, EternalBlue already was malware... it just wasn't the kind that was ever likely to be used against the general public. Once its code had been revealed, however, criminal hackers started working on ways to utilize its extremely advanced abilities to spread their insidious wares.
Those concentrated deployments of vulnerable computers? Many of them are found inside government agencies, banks, hospitals, telecom providers, manufacturers and universities. WannaCry didn't discriminate.
It crippled Britain's National Health Service and disrupted surgeries. Hospitals and health authorities in Canada, Colombia, Indonesia, and Slovakia. It infested government offices in Kerala, India, Russia's Ministry of Internal Affairs and the Romanian Ministry of Foreign Affairs. Major corporations including FedEx, Hitachi, Nissan and Sandvik were hit.
With so many high-profile victims and remediation costs potentially climbing to billions of dollars, malware outbreaks don't get much more serious than WannaCry.
COMPLICATION BUSINESS IS LESS SPACE BOUND THAN EVER
“The ability to use mobile technology to work remotely is a powerful motivator for staff. Consultancy firm PwC found this year that employees offered the ability to work from home were 48pc more likely to rate their job satisfaction as 10/10.” (2016)