Entrepreneurs need to be sceptical about their interactions with other companies in a cyber security landscape that’s failed to protect small businesses and consumers.
That’s the view of information security expert Jaya Baloo, who yesterday delivered a stinging rebuke of lawmaker efforts to deal with a surge of cyber crime internationally in recent years.
“We’ve made it nearly impossible for people to do well being online,” Baloo said.
“We haven’t made it very transparent, and we haven’t educated people along the way.”
The chief information security officer of Netherlands-based telecommunications giant KPN, Baloo was in Australia speaking at Xero’s annual conference in Brisbane this week.
As the digital economy has grown around the world since the dawn of the internet in the early-1980s, so too have rates of cyber crime.
It’s an underbelly of the information age that’s expected to become a $6 trillion industry by 2021, according to Cyber Security ventures.
In Australia, scams are a $532 million annual problem, according to the ACCC, which last year tracked $4.5 million in losses across over 3,000 small businesses.
The rise has prompted local cyber security experts to call for tougher privacy laws to compel companies to do a better job protecting data, amid concern an increased number of data leaks is fueling cyber crime.
Referencing reports that North Korea was linked to the infamous WannaCry Malware attack in 2017, Baloo said while small businesses can take steps to deal with individual hackers, the situation was quickly evolving beyond that.
“Kim Jong-Un is the OG hacker,” Baloo said.
“He managed to net $2 billion to support and fund his literal nuclear arms race by turning to cyber crime.
“The question is, what do you have to protect, and who are you trying to protect it from?
“If you’re trying to protect against the average ransomware guy, there are things you can do as a small business owner to stop them.
“If the problem is Kim Jong-Un sized, good luck with that,” Baloo said.
— Sam Rotberg (@samrotberg) September 5, 2019
Baloo said entrepreneurs looking to protect themselves and their businesses should be proactive about developing cyber security policies within their organisations.
KPN has recently published a free online resource with best-practice cyber compliance policies for businesses to use, available on GitHub.
But ultimately, Baloo says large telecommunications companies and regulators around the world are going to have to do the heavy lifting to risks like ransomware and denial of service attacks.
“The majority of the issues we have now in cyber security are fixable through technology,” Baloo said.
“But we have a bit of a prisoners dilemma in that everyone needs to work together, and we don’t.”
“We need some degree of government intervention to force compliance across the board.”
Matthew Elmas travelled to Xerocon 2019 as a guest of Xero.