Brace for the future

From scaling up to Brexit, businesses can’t afford to ignore the challenges that fast-paced technological and regulatory change bring with them

As businesses become increasingly reliant on data and online platforms, they are also becoming increasingly concerned about cybercrime. And they are right to do so. According to IBM’s 2016 Cyber Security Intelligence Index, the average client organisation monitored experienced around 53 million security ‘events’ in the course of 2015, with 1,157 direct ‘attacks’ (defined by the report as “malicious activity that is attempting to collect, disrupt, deny, degrade or destroy information system resources or the information itself”). The five worst-hit industries were, in descending order: healthcare, manufacturing, financial services, government agencies and transportation.

Worryingly, the most likely culprit for your organisation’s next attack is someone you thought you could trust, be it an employee, contractor or consultant. Insider attacks still pose the most significant single thereat to businesses around the world, accounting for 60 percent of all attacks.

The majority of these breaches involve the use of viruses, spyware and malware – all methods that, given the right technology, can be prevented. As the threat of cyberattacks continues, businesses must take concrete steps to protect the integrity of their IT infrastructure.

Fortunately, leading firms are now waking up to the threat. According to the UK Government’s Cyber Governance Health Check, half of FTSE 350 companies regard the risk of cyberattack as the key threat facing their business. This is an increase of 29 percent on reported concerns in 2014.

Firms must take every possible step to safeguard against their vulnerabilities. Each business’ needs will be different, and their attackers agendas varied. As the authors of the IBM report pointed out: “While financial gain is still a powerful motivator for cyber criminals, it’s by no means the only one. Last year’s attackers branched out in a big way – inflicting physical damage, stealing intellectual property and lodging political protests.” Traditional security defences will not stand up to this onslaught, particularly as disruptive technologies bring new and unpredictable vulnerabilities.

Although the figures are startling, the news is not all bad. IBM reported its client business had seen a significant reduction in events and attacks from the previous year, while the rate of discovery had increased, demonstrating that – with the right support – businesses can still turn the tide.

Brexit bother In 2015, the European Commission’s arm concerning banking and finance released its newest directive covering online payment services. Known as PSD2, it will bring a number of changes to the way online payment services for businesses operate within the EU. And the ramifications could be huge.

Under the directive, online retailers will be able to ask consumers for permission to use their bank details, meaning retailers could receive payments directly from the customer’s account. Instead of payment intermediaries, transactions will be carried out via APIs. The new regulation will also result in the introduction of ‘account information service providers’, or AISPs, which will allow users to view all of their banking information – even if dispersed between different accounts – through one single portal.

While this added convenience will be a boon to consumers, it will be a bit more worrying for banks, who will need to decide what role they can play in this new payments ecosystem. It could be an opportunity for financial institutions to reinvent themselves, but that would be very expensive at a time when their existing revenue streams will be reduced and a whole new wave of fintech competitors will be entering the market.

The outcome of the directive will be particularly unclear for businesses operating in the UK, which voted to leave the EU back in June 2016 – particularly as, at the time of writing, the exact nature of the country’s exit remains unclear. If the UK leaves the European Union but remains a part of the European Economic Area, the country will still be subject to many single market regulations, and the PSD2 regulation changes will probably be implemented along the same lines as if the UK were still a member of the EU (assuming it does not exercise its right within the EEA to unilaterally place a stop break on the policy). Indeed, implementation of the new regulations should actually be easier in the UK than in many full member states, as the country is already ahead in terms of data sharing due to the UK Open Data Initiative.

Most frequently occurring incident categories

2015

37%

Unauthorised access

20%

Malicious code

20%

Sustained probe/scan

11%

Suspicious activity

8%

Access or credentials abuse

2014

45%

Unauthorised access

29%

Malicious code

16%

Sustained probe/scan

6%

Suspicious activity

3%

Access or credentials abuse

Mountains of data Regardless of what these regulations actually mean or how and where they will be enforced, basic technological shifts mean businesses everywhere will need to make sense of vast and growing volumes of data. Everything from internet search engines to water bottles is generating data these days, but it is estimated 80 percent of the world’s data is unstructured. Identifying the important parts of this huge dark data pool – and any patterns and insights that can be discerned from it – is an ongoing endeavour. Thankfully, a host of new technologies, such as cognitive computing and APIs, are on hand to help. With the right tools, this challenge can become an opportunity.

But the simple generation of that data will also place greater costs on firms. Even companies that would not consider themselves particularly data-focused will have to deal with increasing amounts of data, as they inevitably pivot further towards online platforms in our increasingly digital age. All this will require scaling up of data storage and processing. Essentially, the challenge will be ensuring that the most cost-efficient method of storage and the best computational resources are used. Indeed, in the changing digital environment businesses are set to face constant regulatory and technological challenges. To stand any chance of holding at bay these unrelenting assaults, businesses will need powerful, specialised allies to guide them, allowing them to keep their eyes on the prize of transformation.