Cyber crime and the challenges it proposes
With a myriad of local data breaches, cyber extortion and even still, ransomware, businesses are either being crippled financially or facing reputational harm or in many cases, both.
On face value, it may be accepted by an individual or organisation that they have put adequate preventative measures in place such as installing an antivirus or changing their passwords regularly, even following strict protocols with backing up data. However this is simply not enough.
But why?
In a perfect world, businesses, regardless of size, should have every threat vector, such as their endpoints, mobile devices, mail and networks, monitored 24/7/365 by a team of security specialists, either outsourced or in-house. Such security specialists would include personnel who would run a security operations center with security incidents and events management, so that in the event a business is compromised by a threat, they are able to identify, isolate and remediate. To put it simply, this would be the equivalent of driving your vehicle every day, with a mechanic in the back seat, listening, watching and ready to repair in the event that something goes wrong.
However, we do not live in a perfect world and in many instances, companies are forced to prioritise their day to day focus and expenditure on their primary operations.
One of the main challenges is the lack of cyber security skills that plague IT managers, IT service providers and even CIO’s. The reason behind this is that many of these individuals are generalists when it comes to their knowledge and services within an organisation. In most cases, these individuals spend most of their time ensuring that the day-to-day operation of the business regarding the IT, is running smoothly.
As a result, they are not always able to understand the outputs of security solutions, nor are they able to simultaneously configure these solutions correctly in a way that suits the operations of the business while protecting it. This in some cases, renders solutions such as firewalls almost ineffective in performing the task for which they were designed.
Another challenge is that many of these solutions are expensive and having them managed by specialists (a necessity) makes it even more costly. This is increasingly difficult for smaller entities with limited budgets to acquire even just a few of the necessary cyber security solutions.
The increase in remote working has posed another challenge for organisations. Remote workers are exchanging valuable business data and operating outside of their business network, leaving them even more vulnerable to threats.
Therefore, in addition to the many cyberthreats that are prevalent in the world, organisations are faced with the larger problem of being unable to afford the acquisition of necessary security solutions. In the event they procure even just a few solutions, they are challenged by being unable to utilise these solutions correctly. If they may have been able to acquire security solutions and configure them properly, their business can still be vulnerable as a result of the increase in remote working employees.
Given that phishing attacks are one of the leading causes of data breaches, it is imperative that businesses do not forget that their employees are also part of the front line of defence. Ensuring that employees are given adequate and regular training on phishing emails, and even conducting simulated phishing attacks, can certainly protect businesses against these dangerous attacks.
With the above in mind, it is clear that the purchase of a cyber insurance policy should be at the forefront of any businesses agenda, regardless of their industry or size. Simply put, if an organisation has laptops/PC’s and connects to the internet for the purposes of conducting their business, it is essential to start seriously considering this policy.
Photo by Markus Spiske on Unsplash article from camargue.co.za