BIoT Canada

PwC says cybercrime affects almost a third of all organizations

September 18, 2018  

Print this page

According to the PwC Global Economic Crime Report, cybercrime is now the second most reported economic crime, affecting 31%. The percentage is high, the firm says, and if cybersecurity doesn’t become a priority in business, it will certainly get higher.

In the report, PwC outlines three key areas that need to be addressed and offers advice on how to go about fixing the problem.

Lack of Policies that Prevent Most Common Threats: The first and most apparent vulnerability in any system relates to security fundamentals. Today, every company needs a cybersecurity policy to set security standards. Specific, well-established practices such as Bring Your Own Device (BYOD) have proven risky and need to be strictly governed. According to the 2018 Verizon Mobile Security Index, 74% of businesses say that their mobile security risks have gone up in the past year. Therefore, if you haven’t set strict security standards for your employees to follow, it’s time to start.

Reactive Mindset: Due to resource constraints, many organizations will do only the bare minimum when it comes to cybersecurity. However, in this day and age, covering the basics is not enough. Waiting for an attack to happen and then reacting is a sure-fire way for you to be much worse off when everything is over than if you had taken proper steps to protect your assets.

While having a reaction plan in place is generally considered good practice, that can’t be the extent of your cybersecurity solutions. Considering how fast cybersecurity threats are evolving, investing in proactive security solutions is quickly becoming a must for businesses.

The Human Factor: According to Experian’s 2018 Managing Insider Risk Through Training and Culture Report, 66% of surveyed professionals felt that employees posed the greatest vulnerability when it came to cyberthreats.

“This isn’t unexpected, considering that the human factor is usually the weakest link in any security system,” said PwC. “While training can help to eliminate the most common causes of human error in cybersecurity, described as “general carelessness,” it isn’t enough.

“When you take into consideration the fact that a majority of organizations face phishing email attacks frequently, the scope of the problem falls into perspective. Even when employees are rigorously trained, mistakes happen. All it takes is one careless reaction to a suspicious e-mail.”