Earlier this year, the largest cyber attack in history hit tens of thousands of computers in more than 100 countries. In the UK, several hospitals had to relocate emergency patients when doctors were unable to retrieve patient records from the NHS system. Sujata Jaffer, looks at how you can protect your business from attacks.
Conducted using ransomware, a malicious code used to hijack data, the attack illustrates a growing trend. Unlike other malware attacks, the motive of ransomware is purely monetary.
More recently, the Petya ransomware attack crippled firms initially in Ukraine, the UK, Spain, Russia and India, with security experts expecting it to lead to even more widespread attacks in the future. This attack used a new ransomware variant, dubbed XData, believed to be spreading faster than WannaCry, which has already affected hundreds of thousands of businesses worldwide.
The internet has become the most crucial infrastructure for most businesses around the globe, making us more and more technologically reliant. With increased connectivity comes unprecedented risk of fraud, theft and abuse.
Information stolen from companies that fall victim to cybercrime is often put up for sale to the highest bidder on the ‘The Dark Web’, a part of the internet used by cybercriminals and accessed using special software. The stolen information is either sold individually or in bulk, and its price is determined by how much value the buyer can obtain from it. Consequently, all companies have a responsibility to put measures in place to keep employee and customer information secure.
Yet many companies are ill-equipped to deal with these emerging cyber security threats and rely on outdated protection strategies, leaving them highly vulnerable. Ransomware and malware are now concepts that all businesses must familiarise themselves with, as incidents of cybercrime continue to increase and fundamentally change the threat landscape.
There is a common misconception that hackers only target large companies. On the contrary, most businesses affected by hackers are small. Personal blogs and company websites are popular targets for hackers looking for an opportunity to spread malicious software or steal information.
So how can you guard against data breaches, mitigate damages and manage cyber risk?
Cyber security should be top of your management agenda. Formal processes need to be implemented in order to identify and prioritise cyber risks and to create mitigation strategies.
First and foremost, companies need to shift from a mindset of ‘IF we are hacked’ to ‘WHEN we are hacked’. The best prepared companies are switching their cyber security strategies from focusing on outright prevention, to implementing techniques to quickly detect breaches and limit the damage once a breach has been confirmed.
The trick is to make sure you have layers between your systems. If your customer data is behind another wall, it’s safer. Make sure your most valuable information is hidden – even from your own employees. You don’t see bank vaults out on the street – they’re behind checkpoints, cameras and locked doors. Do the same with your data.
Awareness and adherence to local rules and regulations in all areas of operation are also critical. The EU General Data Protection Regulation (GDPR), due to come into effect
in 2018, requires every organisation operating in Europe to abide by a number of regulatory provisions – and this doesn’t just mean companies based in Europe, but also those offering goods or services to EU markets in a way that involves processing any European-owned data. Cyber challenges are global, and each region will have its own regulatory responses.
Above all, remember that the senior management team can’t do everything themselves. Businesses need to build security awareness into their culture by making it part of everyone’s role. Staff throughout the business should be given specific responsibilities and encouraged to speak up if they think something is wrong. If everyone thinks about security, they’ll ask the right questions. For example, staff responsible for recruitment might consider how much a planted employee could steal. They might then be proactive and help ensure that your business has the right vetting processes in place.
Sujata Jaffer, is the Managing Partner of Nexia SJ Tanzania, a member of Nexia International