Governments are taking international cyber crime more seriously; for example the recently published Intelligence and Security Committee 2011-2012 Annual report in the UK acknowledges the importance in tackling cyber crime.
The objective being for the UK to tackle cyber crime and be one of the most secure places in the world to do business in cyber space. The US government has conducted outreach to the private sector to educate businesses on the dangers of cyber-enabled economic espionage.
Cyber crime is relevant for any business, but as businesses expand globally and are more likely to come into contact with local business cultures, regulation and legislation, there is an increasing need for deeper understanding of the global cyber crime landscape and its impact on business. As businesses expand into Asia, those challenges change.
One example of this is the need to protect intellectual property. Cyber criminals today are, for the most part, focused on acquiring company data. Some sectors are under persistent threat of attempts to gain access to this data – though most attacks remain indiscriminate.
This is true of any business whatever its location, but expanding businesses also have to consider two additional things in protecting data: where is the data; and how important is it? Different countries will have different laws relating to that data and security measures may need to be adapted accordingly.
Businesses also have a resourcing issue - few organisations have the ability to hire security experts quickly to match rapid business expansion. IT expertise tends to be centralised, so what about the company that opens an office in Asia but whose IT staff and expertise is in Europe?
Expertise must be drawn in from multiple sources to cover all aspects of security, including an awareness of threats unique to that country or region. But this does not mean a reliance on partners - businesses must challenge their providers, ask them how security is implemented locally and whether it is appropriate and sufficient. This must be considered country by country.
Security is a process, not an objective, the process of certifications such as ISO 27001 provides a useful framework for this. A solid and thorough process should be the foundation of any security approach for a business expanding into new markets. This will ensure things such as internal and external threats are considered.
Global companies need to look ahead at how they can protect against these attacks. A holistic and forward looking view will take local regulation as well as local and global threats into account, and ensure the business has the security expertise it needs to protect their data against cyber crime.
Tom Homer is CEO of Telstra Global EMEA