Organized crime has now moved into the digital age. It is forecast that the global cost of cybercrime may reach as much as USD 6 trillion annually by 2021. Cybercrime costs include the destruction or alteration of data, the loss of intellectual property, the theft of financial and personal data, fraud, disruptions to normal business activities, forensic investigation costs, systems restoration costs, as well as legal and reputational costs. With cyberattacks becoming increasingly sophisticated and costly, organizations of all types are under growing pressure to reassess their cybersecurity strategies, build resilience, and mitigate the impact of cyber threats.
CYBERSECURITY RISK ASSESSMENT
Specific risk management policies to be adopted by any individual organization would be based upon an identification of the operational functions susceptible to cyber threats, the potential consequences of the threats identified, the need to meet stakeholders’ expectations as well as legal and regulatory requirements. The risk assessment would be performed on a regular basis and kept up-to-date.
PREVENTING CYBER ATTACKS
Various technological safeguards may be built into the organization’s computer systems to limit cybersecurity risks:
- Application white listing: Maintenance of an index of approved and trusted applications with all non-approved applications precluded from executing. Application white listing technologies may also prevent the running of files that have been modified and tampered with.
- Malware protection and patch management: Installation of up-to-date anti-malware software. Regular updates with the latest security patches.
- Encryption of data: Encryption of sensitive and confidential data when stored or transmitted online.
- Network security: Protection against external threats by the means of boundary firewalls and proxy servers.
Additional factors of identification may consist of a code to enter from a message sent to the user’s mobile device, or biometric information such as a fingerprint or iris scan to gain access to devices. Multi-factor authentication is especially recommended for users performing privileged actions, or retrieving sensitive data, or accessing the system remotely.
Management of user privileges
Access to the organization’s digital infrastructure would hinge on business needs. Administrative privileges would be based on the users’ duties and would need to be regularly updated and validated. It is strongly recommended not to use privileged accounts for opening emails and browsing the internet.
Proper authorization procedures
To reduce the likelihood of scammers tricking employees, it is good practice to have policies in place so that all requests for the release of potentially sensitive information, for changes to bank accounts and for fund transfers to be vetted by designated and authorized persons who have been thoroughly trained to spot likelihood of malfeasance.
The organization may consider keeping sensitive information on a separate network to limit the possibility of digital infection and data manipulation.
Human security awareness and training
Humans have been the weakest link in cyber defenses. Users would need to be regularly trained and updated in the appropriate protocols for access and use of data, the recognition of phishing and social engineering attacks, the nature of cyber threats, the scope and breadth of data protection laws, and their role in the maintenance of good security practices.
Supply chains due diligence and contingency plans
Due diligence would be performed with a view to limiting cyber security risks throughout the supply chain. Third party suppliers (and in some cases the vendors’ own supply chain) would be regularly assessed for potential cybersecurity issues and to ensure that they continue meeting the organization’s own security standards. For critical suppliers, a contingency plan may need to be established in the event that a cyberattack renders them unable to meet their obligations in time.
DETECTING CYBER ATTACKS
Regular review of bank transactions
Bank accounts would need to be closely monitored for unusual transactions.
The use of advanced analytics allow organizations to speedily identify anomalies, detect unusual activities, and hasten the early identification of cyberattacks in order to enable a swift response to those attacks.
New emerging technologies
New emerging technological products may be used to enhance cyber defenses as well as to manage the costs of discovering cyberattacks:
- Blockchain technology is able to quickly identify and correct data that have been manipulated.
- Endpoint detection and response tools continuously monitor and analyze endpoints and networks in order to readily identify, detect and prevent threats.
- Deception technologies create fake systems imitating the organization’s system. They mislead and attract attackers in order to detect and defeat them.
CORRECTING CYBER ATTACKS
Regular data back-up
Important data, software and configuration settings would be regularly backed up, stored disconnected and retained for an appropriate period of time. The ability to recover data and system availability from recent backups allow some protection from cybersecurity incidents.
Cybersecurity incident response plan
A cybersecurity incident response plan would contain policies and procedures to respond to cyberattacks efficiently and effectively in order to ensure business continuity and resilience, limit damages and liability to the organization, communicate effectively to stakeholders, and meet any legal obligations such as possible data breach notification.
Cybersecurity insurance may assist organizations in mitigating the risks of a cybersecurity event. First-party insurance typically covers damage to digital infrastructure as well as the costs of business interruptions. Third party
insurance normally covers liability, legal costs, customer notification costs, the costs of regulatory investigations and fines.
Cybercrime has now become a major threat for most organizations. Apart from the ever-growing cost of cybersecurity incidents, businesses are increasingly required to demonstrate to their stakeholders, regulators, present and potential business partners their cybersecurity preparedness, and the existence of cybersecurity plans to counter cyber threats. No single risk mitigation strategy is guaranteed to result in complete cybersecurity protection. By pro-actively implementing a combination of risk mitigation strategies, organizations are better able to reduce the incidence of cybersecurity incidents, manage their possible adverse impacts, and maintain business resilience.
DTOS provides valuable insights and value-added services to businesses with regard to their evolving present and future needs. Should you have any query in relation to the topic covered and require any assistance, please do not hesitate to contact us. We shall be pleased to assist you.