24 Feb, 2016
Kuala Lumpur, Malaysia, 22 February 2016, (Bernama) — A new report from ACCA (the Association of Chartered Certified Accountants) claims self-interest rather than regulation is the future of cybersecurity because technology is evolving at such a rate that any legislation would be out of date before it is signed in to law.
Constant Forward Motion: The evolving phenomenon of cybersecurity regulation and the race to keep up examines the growing threat to businesses and the problems lawmakers have because of the pace of technological evolution.
Jason Piper, ACCA head of business law, said: “We’ve seen many times over the past five years or so how much reputational damage a data breach can do to a large firm. Customers and potential customers are likely to think very carefully about their involvement with a company if they have had a data breach.
“Because of the nature of cybersecurity, we believe that authorities and governments would be best placed using their resources to raise awareness among businesses and to put resources in to creating mechanisms to catch perpetrators. Businesses have to take the lead; they need to be aware of the value of the data they hold, the value in protecting it, and the damage that can be done if they fail to do so.”
The importance of data was explored in ACCA’s report, as data is being used in all sorts of ways – for example to predict purchasing and money transfer patterns – where criminals can use this information to commit fraud.
“A basic rule of thumb is that if there is value in the data to a criminal then there is value in protecting it. And because data is digital it can be replicated over and over again, potentially before the businesses is even aware,” said Piper.
“The big question for authorities is; how do you regulate? Is it better to prescribe hard law or soft law? Both have advantages and disadvantages but ultimately the problem that lawmakers have is that anything they pass into law is likely to be archaic very quickly and they could spend the whole time ‘running to catch up’.”
Piper stressed the role that large organisations play in cybersecurity, saying: “Most criminals will look for the weakest link in the supply chain as a point to access data. This will usually be the smaller businesses, as they have fewer resources. The larger companies in the chain can support the small ones by providing guidance and expertise. This would be of benefit to the whole chain, as once a criminal has access to one area they will be able to infiltrate the entire chain – causing more damage, both financial and reputational.”
The report also looks at other threats to cybersecurity and how technology means that data thefts don’t always have to involve the internet. Physical devices can be used to collect information from ATM cards, electronic tills and card readers for future use, without the need for any direct internet involvement.
Employees are also a major threat to a company’s cybersecurity. It is likely that in every data breach an employee will be involved whether directly or indirectly and whether knowingly or unwittingly.
Piper concludes: “Employee involvement in data breaches demonstrates the need for increased knowledge and awareness amongst all in the company. Everyone has a role to play in the protection of data.”
The full report can be downloaded from bit.ly/ACCAreport_cybersecurity
ACCA (the Association of Chartered Certified Accountants) is the global body for professional accountants with 178,000 members and 455,000 students in 181 countries worldwide. www.accaglobal.com