No institution is safe from pandemic of cybercriminal attack
Cybercrime is clearly rising. Publications have for months been filled with reports of ransomware attacks on healthcare facilities and malicious hacks of large financial institutions and critical infrastructure.
With recent government cybersecurity regulations, there is a clear indication of a proliferation of cybercriminal activity in SA, from which no industry or organisation is immune.
Research by analytical firm KuppingerCole reveals that cyberattacks globally rose 238% during the pandemic, with remote working contributing to this figure. In the study, 70% of office workers admitted to using office devices for personal tasks. Almost a third let other people use their work device. About 71% of employees surveyed say they now access more company data more often from home than before the pandemic.
Inappropriate use of IT resources is a leading cause of data breaches, says a Kaspersky report. Human error, insecure remote networks and risky employee behaviour open the door wider for cybercriminals to find vulnerabilities.
Gone are the days when organisations can assume they will not be a target.
Once an organisation has been a victim of cybercrime, the costs of investigation of an attack, repairing and restoring systems and networks and implementing increased security measures quickly add up. In late 2013, US retailer Target had a data breach in which hackers stole data from up to 40-million credit and debit cards of shoppers during the holiday season. The company says the breach cost it altogether $202m (almost R3bn), and led to a fall in Target’s stock price and its CEO resigning.
Losses are not only financial. One compromising breach can tarnish a company’s reputation, which may have taken years to build. Regaining consumer trust and loyalty can be far more difficult than recouping monetary damages in the wake of a cyberattack.
MORE OPPORTUNISTIC
Most such attacks are attempts to gain money and sensitive information, but there is also a more sinister threat if critical infrastructure is infiltrated.
At several water-treatment plants in the US attackers have reportedly gained access to operational controls to poison water for public consumption.
Expand this scenario to other municipal services, power suppliers, transport and information networks and the fallout can be catastrophic. Cybercriminals are becoming more opportunistic, and more ubiquitous as organisations move away from traditional perimeter-based networks in a remote working environment. Organisations must thus re-evaluate their risk profiles as a priority.
There is no single solution to ensure protection across distributed networks, but taking a layered approach to cybersecurity can be an effective defence tactic in the complex threat landscape.
This means using technology to protect separate entry points such as e-mail gateways or password protection on devices, and not only relying solely on traditional perimeter defences and firewalls. Security controls must be monitored, software updated and legacy systems upgraded constantly.
DEEPER UNDERSTANDING
Implementing new technologies that use cloud hosting and artificial intelligence can assist IT resources in the rapid detection and mitigation of threats.
But security technology alone is not enough. Integral to a layered security approach is the people factor. Employees can be the first line of defence in reducing the risk of an attack.
Organisations should put guidelines and processes in place to create a security culture. This includes better password management, introducing policies on managing sensitive data and training programmes on cybersecurity awareness.
Through this synergy between technology, people and processes it is apparent that cybersecurity is not just the remit of the chief information officer and IT department. Everyone has a responsibility to avert the risk of a cyberattack.
While employees can be active threat defenders, at an executive level a deeper understanding of networks and systems and data protection can lead to effective investment and implementation of cybersecurity strategies across an entire organisation.
A trusted cybersecurity provider can help organisations understand the cybersecurity environment, advise on best practices, and offer solutions based on differing needs.
In the threat landscape the question of a cyberattack taking place is not if but when.
The challenge for organisations is to improve their security awareness and engage with security technology and practices at all levels. Without doing this, a cyberattack may extend beyond business to society at large, with severe, irrevocable consequences.