Firms need to proactively protect themselves from cyberthreats
KUCHING: Businesses need to ensure they proactively take steps to protect themselves from cybersecurity threats both within and outside of the organisation.
As cyberattacks are becoming more and more sophisticated, cybercrime has evolved to become a multi-billion black market industry. Research firm Gartner has estimated that cybercrime cost businesses globally approximately US$76.9 billion in 2015 alone.
The Asia Pacific region has not been spared from these threats as 2016 has seen a spate of high-profile cyber incidents in the region such as the US$81 million Bangladesh bank hack and large-scale DDoS attacks in Singapore.
Nick FitzGerald, a senior research fellow with ESET, an IT securities solution prodicer, said traditional criminal tactics such as spam have evolved alongside the changing habits of internet users, targeting where they spend the most time.
“In Malaysia – and the rest of Asia – a top threat faced by both consumers and businesses has been ransomware, with CyberSecurity Malaysia raising a national alert on the matter,” he said in a recent interview with The Borneo Post.
“Without proper safeguards against these threats – such as sound backup strategies – businesses could potentially be crippled as they have no choice but to pay the ransom demanded to retrieve their data. Even in cases where data is returned upon paying the ransom, businesses can be marked out as weak targets, and may be exploited again in future attacks.
“Businesses that fall prey to these attacks face losses both financially and through negative impact on reputation and trust. As such, it is imperative that any businesses that have yet to implement a cybersecurity strategy that includes sound protocols and safeguards, make it a top priority for 2017.
As cyberattacks have begun dominating headlines in recent years, Fitzgerald said businesses too have begun waking up to the reality of these threats, and are taking steps to address their concerns.
Technology Business Research expects the Asia Pacific to be responsible for over 20 per cent of spending on security solutions, estimated to be a US$71 billion market by 2020.
“However, increased budgeting on cybersecurity solutions alone is not the answer,” he highlighted. “Companies need to understand that cybercriminals are adaptive, and move quickly to exploit any new behaviours and trends presented by the user landscape.
“Business leaders need to understand that a cyber breach has consequences that reach far beyond just data loss, to long-term legal and financial issues. For example, the 2014 Sony hack did not just cause direct financial losses and hits on its reputation, it also opened the company up to a multi-million dollar class action lawsuit.
“Similarly, the confirmation of two massive data breaches in recent months also cast a shadow on the Yahoo-Verizon acquisition, with Verizon renegotiating prices following the disclosure of the second hacking.
“With such severe, and lasting, repercussions, it is essential that company executives recognise that cybersecurity must become part of the boardroom agenda to protect their company’s valuable data and corporate integrity.”
To ensure their business-critical data is secure, Fitzgerald called on businessesn to ensure they proactively take steps to protect themselves from threats both within and outside of the organisation.
“A key part of any cybersecurity strategy for businesses would be to employ a strong, industry-accredited solution. These solutions should offer advanced capabilities such as 2-factor authentication and data encryption,” he advised.
“In addition, businesses should also make sure they have a robust backup strategy and recovery mechanisms in place, so as to minimise the threat posed by ransomware, or even natural disasters, to long-term business continuity.
“One often overlooked but significant aspect of security is the threat posed by insiders. IBM’s 2016 Cyber Security Intelligence Index found that 60 per cent of all attacks, both malicious and accidental, were carried out by insiders.
“This finding further emphasises the need for companies to have regular education and training efforts on security issues for their own employees to be able to effectively protect their data.”