Cybersecurity critical for all organizations

The computerised world calls for organisations be they small or large to employ cyber security strategies to counter new emerging risks connected to the Internet which opens one to hacking.

Cybercrime is becoming big business and cyber risk a focus of organisations and governments globally. Monetary and reputational risks are high if organizations do not invest in cybersecurity.

The latest Hiscox Cyber Readiness Report 2023 reveals that cyber-attacks have increased in the past four years targeting smaller businesses, reaching as high as 36 percent.

According to Statista, the manufacturing sector experienced the greatest proportion of cyber-attacks compared to other industries in 2022, closely followed by finance and insurance. Recent cases have involved thefts of sensitive information, resulting in financial losses for affected companies.

Cybersecurity can encompass a body of technologies, processes, structures, and practices used to protect networks, computers, programs, and data from unauthorised access or damage.There is the risk that a hacker might obtain sensitive information such as bank account or credit cards details.

Each month high-profile security breaches impacting individual data are reported countrywide.

Loss of customer data may result in legal or regulatory action against the organisation.

Organisations might also be subjected to significant penalties and/or legal action arising from breaches of the privacy laws in many jurisdictions.

The most recent and alarming aspect of cybersecurity that causes considerable problems for organizations is ransomware. Reports of ransomware campaigns have adopted commercially focused business models.

In many cases, a piece of malware is disguised and embedded within another type of document only waiting to be executed by the target user. Upon execution, the malware may encrypt the organisation’s data with a secret 2,048-bit encryption key or communicate to a centralised command and control server to await instructions carried out by the adversary.

Once infected, the individual or organisation’s data continues to be inaccessible as they encrypt the data using the attacker’s encryption key. Once all the data accessible is encrypted, including the backup data and systems, the organisation will be instructed on how to pay a ransom within days, or the adversary will remove the encryption key and the data will be lost.

Literally, the adversary holds the data to ransom hence, ransomware.

The encryption key is sufficiently strong enough that cracking the key instead of paying the ransom is uneconomic. Some estimate that an average desktop computer would take five quadrillion years to decrypt the data without the key.

In some cases, the target organisation can hope that some researchers may have discovered a way to decrypt the data based on a design flaw. Otherwise, the organisation will have to restore the systems and data from a safe back up or consider paying the ransom. Keep in mind that even data restoration does not eliminate the risk the ransomware will not be re-enabled or return based on the compromised integrity of the environment.

A cybersecurity governance and risk management programme should be established. Cybersecurity risk needs to be considered as a significant business risk by the owners and directors. This should be at the same level as compliance, operational, financial and reputational risks with suitable measurement criteria and results monitored and managed.

I encourage organisations and individuals to develop an understanding on how to manage cybersecurity risk to systems, people, assets, data and capabilities.

In a nutshell, they must develop and implement appropriate safeguards to ensure delivery of critical services, develop and implement appropriate activities to identity the occurrence of a cybersecurity event, develop and implement appropriate activities to take action regarding a detected cybersecurity incident.

Firewalls are software and also hardware designed to protect the system from attack from people accessing the organisation’s systems via both internal and external communication links.

Malware/spyware and web proxy protection solutions protect the system from software code that may be from pop-up windows or have more insidious intent, such as logging usernames and passwords for fraudulent purposes.

Anti-spam software protects email inboxes from being clogged by unwanted broadcasted email. On the other hand, anti-phishing software protects users visiting websites that are designed to trap user information that can then be used for fraudulent purposes.

All are mandatory for any well-managed system utilising a defence in depth strategy.