A panel of CIOs and CISOs at a recent Computing event discuss their biggest fears, with organised crime and DDoS attacks topping the pile
Cyber crime and DDoS attacks top the list of concerns among IT leaders
Organised crime is going to hit the financial sector hard soon, according to one security expert speaking at a recent event from V3's sister title Computing.
Speaking at the Cybersecurity Strategy Briefing, Sam Wilson, account manager at Darktrace, explained that organisations in the financial sector are more at risk of some types of attack.
"They get targeted in some ways more as the potential payoff in the financial sector is high. Organised crime will hit the sector hard soon," said Wilson.
Also speaking as part of the panel was Kevin Flood, information risk and security consultant (supply chain), at Prudential Assurance. He said that his chief concern is around data breaches.
"My biggest fear is personal data breaches," said Flood. "But I'm also worried about losing information like our intellectual property [IP]. We have lots of IP around our actuarial activities. And the risk of reputational damage is very real for us. We need to maintain a trusted brand."
Jonathan Kidd, CISO at Hargreaves Lansdown said that he sees attacks increasing in frequency.
"We've got over £70bn in assets, so we're a big target. We see a greater frequency and probability of attack today than ever before. Cyber crime exists to make money, and it's easier to get money through a rich target with lots of points you can attack, for example one which has lots of customers."
He added that the risks of being attacked by a Distributed Denial of Service (DDoS) are also concerning. In this type of attack, a website is bombarded with requests to the extent that it can no longer respond to genuine customer enquiries. The perpetrators then often contact the business in an attempt to extort money, before they end the attack.
"Some organisations are attacked by DDoS extortion campaigns. If our platform is attacked, it might reduce the liklihood of us taking revenue, but it's also a reputational issue," Kidd explained.
However, he added that it's something his organisation has suffered before, and that he had defences already in place.
"We've invested in protection against those risks. We suffered an extortion campaign in the past, and we were not willing to just pay. We usually try to collabrate with our peers to see if they've experienced similar attacks, and we collaborate with the UK government, and with the CISP [Syber Security information Sharing Partnership] to see if they know about it."