By Safi Raza, Director of Cybersecurity, Fusion Risk Management
If there was ever a year for an organization to ensure its cybersecurity was robustly planned, prepared and tested, this is it. With the probability of a cyberattack at its highest ever level, there were a record number of attacks recorded in 2021. According to recent Check Point Research, overall attacks per week on their client corporate networks grew by 50% when 2021 was compared with 2020.
The reputational and financial damage an unexpected cyberattack can inflict is widely recognized, and yet there are multiple examples of companies that have fallen foul of appropriate cyber protection. One example was when computer hardware giant Acer suffered a security breach which resulted in them having to pay a record-breaking $50m USD. The cybercriminal group REvil went on to leak stolen data online. Also, when Microsoft’s Exchange Server was attacked in March 2021, it affected millions of Microsoft clients with 60,000 private companies disrupted in the US alone, as well as nine government agencies.
Cybersecurity burnout is one of the many reasons for lapses, with low morale among cybersecurity professionals at an all-time high, and pandemic-induced employee turnover becoming more common according to the Chartered Institute of Information Security (research here: https://bit.ly/3CrNFMK ). The current conflict in Ukraine further heightens the risk of cyberattacks, and now is the time for all organizations to review their cybersecurity policy and processes to ensure they are robust and resilient enough to prevent cyberattacks and avoid any disruption to business operations.
Building resilience and trust through better cyber-hygiene
Cyber hygiene is one aspect of a strong and resilient cybersecurity policy that is vital if businesses hope to counter attacks that could leave them exposed to financial losses. Insurance underwriters are clear that businesses must do everything they can to mitigate the risk of those losses or potentially leave themselves “uninsurable.”
A range of technology capabilities is now available, and a combination of different options should be employed for the most effective cyber security. These options could include the integration of AI, machine and deep learning systems, all of which can help protect the data security chain in a more reliable way than human beings can. Antivirus/malware software, firewalls, regular updates of apps, web browsers and operating systems can all contribute to good cyber-hygiene.
The best cyber-security solution should also include disaster recovery or business continuity planning that outline how the organization could recover from any cyber-attacks. Preventative methods are also critical, such as educating employees and providing specialist training so that they remain vigilant and attentive to potential IT security issues within the organization.
Investment in the future
Heads of businesses should evaluate every aspect of their current cyber security frameworks, and understand fully where their weak spots are and what risk level they bring with them.
This increased requirement for enhanced protection will require investment to ensure security and future resilience – and this is the time for organizations to spend more than ever on cyber security. Next generation firewalls or Firewall as a Service (FWaaS) have helped create stronger defenses that has led to the nature of attacks changing. Phishing attacks have increased by 110% year on year (according to the FBI), and it is one of the main threats that will need to be addressed. Even the most sophisticated anti-phishing programs are unable to defend in the way that they should, with many phishing emails able to get through IT security walls, presenting a real and dangerous threat.
As well as financial investment, organizations must invest so that security can be updated and kept in check on a regular basis. This will require a culture shift as security takes more of a central role, including frequent interactive cyber security simulations and skill sharing events. Employees must be embedded within an organization’s security culture and feel ready to report anything they notice to the IT teams, allowing them to then investigate and mitigate any risks.
The importance of immediate action
Operational resilience is key for any organization’s future success, and there is no room for complacency. Hackers and cybercriminals constantly adapt their methods and will happily exploit any vulnerability, so companies must be alert to new technology to protect themselves and help build and safeguard customer trust. It’s essential to implement this protection now to ensure your business is prepared for inevitable future disruption and be able to do business as usual in the event of the unexpected. Those businesses that take immediate action will be in the best position for future success. Ongoing readiness will translate into resilience and those organizations who can ensure their operational resilience will continue to deliver on their brand promise – no matter what disruption they may face.
About the Author
Safi Raza, who has more than 15 years’ experience in information security, is Director of Cybersecurity at Fusion Risk Management. Prior to joining Fusion, Safi spent 14 years at Rosenthal Collins Group, where he spent eight years in training and six years in information security. Safi was responsible for overseeing the e-Trading Services Department where he helped introduce, adapt and support new and improved trading technologies