Last month, when Australia’s largest private insurance service provider Medibank faced a cyber breach it exposed the personal and health claims data of the company’s 3.9 million customers., This caused a major shock wave and led to businesses and companies alike to prioritise cybersecurity risk management, while the government finally had to get down to revamping cybersecurity regulations. The wake-up call came after the seventh significant cyber-attack seen this year. With 31% CEOs considering cybersecurity risks among the biggest threats to their business according to a recent Ernst and Young survey, cybersecurity risk management has gained more importance now than ever before.
And it is not just large conglomerates that are at the receiving end, a recent study shows that 43% of cyber-attacks are aimed at small businesses, of which only 14% are equipped to handle it. Despite the debilitating risks of cyber-attacks, companies are yet to adopt a structured cybersecurity strategy. Those who tried to skimp on it, and tried out random hacks ended up with considerable losses as a report by an IT firm shows that 78% of organisations ran at least 10 different solutions, of which 76% suffered data loss — a 25% increase from 2021.
Why it’s necessary to be on guard
In the past year, nearly 40% of traffic on major retailer websites was because of bots, often having malicious intent. In the retail industry, as the holiday season approaches, cybersecurity experts warn of the Grinch bots that are known for inventory hoarding, clearing out high-demand items, and making it difficult for consumers to make online purchases.
In this digital age, no business can afford to deal with downtime, data recovery and loss of reputation that comes with exposure to a data breach. But there is a contradiction — half of the organisations globally reserve less than 10% of their overall IT budget on IT security. Keeping this in mind, Alphabet CEO Sundar Pichai last year said the time had come to draft the equivalent of a Geneva Convention for technology to outline international legal standards for an increasingly connected world.
Benefits of cybersecurity risk management
1. Prevent cyber-attacks: An assessment will allow a business leader know the strengths and loopholes in the system. The risks can be addressed and apt mechanisms to handle them can be put into place to reduce threats from cyber-attacks.
2. Minimise losses: Financial gain is the motive of most attackers. A cyber risk strategy can help to keep losses to a minimum. Complying with regulations related to cyber risk will also help organisations to avoid fines for non-compliance.
3. Earn credibility: Competitive edge today also comes with the trust of clients, and having a sound cybersecurity system that offers a hassle-free safe space for data will seem a more attractive deal for customers.
What to watch out for
Today, an average cost of a cyber attack exceeds $1.1 million, making risk management a must. The best approach to deal with the risk is to avoid, transfer, accept, or mitigate. Here are some of the top security risks that organisations need to be careful about:
1. Coverage despite physical distance
The hybrid and work-from-home model require organisations to tailor their cybersecurity to monitor and protect systems in remote work settings. In the first five months of 2020, more than half a million people were targeted through video conferencing services, and their usernames and passwords stolen. Cybersecurity experts need to train employees to practise cyber hygiene and safely store data, ensure they check in with the IT team when downloading any new software, and discourage the use of public WiFi among other precautions.
2. Guarding against ransomware
In 2021, nearly $200,000 was paid on an average by firms that were targeted. Despite paying the ransom, only 8% of companies managed to recover their stolen data. Ransomware attacks also leave a stain on an organization’s credibility. Risk management experts must have a plan to avoid ransomware by patching up old software and installing multi-factor authentication. Separating computer networks could prevent the spread of a virus, apart from having an advanced automated system that could neutralise threats in the first place.
3. Personal gadgets at risk
With the phone becoming a one-stop-shop for investments, entertainment and office work, reports show that mobile malware is rising. Malware can impersonate the phone apps of employees and ferret away sensitive data like log-in credentials. Organisations must take into account this territory as well. Apart from creating awareness, installing remote management services behind a VPN, or blocking employees from visiting certain websites on their work mobile devices could mitigate such risks.
4. Danger behind the Cloud
There has been a 150% increase in cloud vulnerabilities, shows a report. Threats are higher for organisations that are looking to modernise infrastructure. Companies must move fast to migrate to the cloud with stringent security procedures and prepare for new threats. Users can adopt an interconnected security approach that can unite cloud environments in one place, and build a risk management culture among teams.
The fast-growing digital economy needs policing just like any other sector. While Gartner reported that the percentage of boards that consider cybersecurity a business risk has gone up from 58% to 88%, there is still a lot of ground that companies need to cover to ensure their cybersecurity management is up-to-date and ready to take on the ever-evolving threat factors of today.