The growing necessity for building strong cybersecurity
Cybercrime is becoming a major problem for organizations around the world. In the UAE, nearly DH 4 billion was lost to cybercrime in 2017. According to Telecommunications Regulations Authority, the number of cyber-attacks against websites in the UAE during the first seven months of 2018 totaled to 274.
The increasing use of digital platforms raises the possibility of cyber scams and frauds. When we look, most of the cybersecurity attacks are because of failure to update, misconfiguration or the lack of security training and awareness. Most of the cybersecurity attacks an organization faces are things like Trojans, ransomware, phishing, viruses.
According to 2017 Norton Cyber Security Insights Report, the most common cyber-crimes experienced by consumers globally included
Most common access points from which cyber-attacks are possible include,
IoT (Internet of Things) – These days most organizations are relying on the internet for data access and transfer. However, most of the organization’s staff fail to recognize the danger of not having strong cybersecurity. The use of faulty communication methods or using default password are major factors breaching the privacy of data being accessed or transferred.
- Web attacks and online vulnerabilities – As websites are not being patched and updated regularly, such weak web servers and websites exposes those who visit them. For example, when users download attachments from unknown emails, attackers can exploit the user’s data. Similarly, increasing use of virtual currency like bitcoin is also adding threat to organizations in protecting their financial data secure.
- Smart Devices – To attract more consumers to buy smart devices like mobile phones, tablets etc., manufacturers are tempting their consumers with new technologies which give more efficiency for users by storing all personal data in one place. Hence, smart devices are prone to become the initial target for online criminals. Thus, cybercriminals are concentrating more on such attacks that can extract valuable data or money from victims.
- Computers, cloud and IT infrastructure – IT systems, operating systems, and cloud-based solutions continue to be under threat from malware attacks. Demand for cloud storage for data keeping is increasing day by day. If there are no proper governance procedures being followed by the organization for insecure access, it can be a serious threat to confidential information. There can also be a data loss, theft or system damage if computers and IT infrastructure in an organization are not administered properly.
While it is not possible to predict the number of cyber-crimes, we can assure that it is growing and will continue to be a big challenge for an economy and organizations. This emerging trend in cyber-crime calls for a need for robust cybersecurity practices to be followed. And thus, all businesses are advised to act now, before it’s too late. It is necessary that every organization realizes the importance of cyber security which is an ongoing process and thus creating awareness among everyone. This, in turn, will lead to making organizational data more secure. So how can one prevent such cyber-attacks?
Given below are few cybersecurity practices that every organization must follow,
- Management should develop cybersecurity culture – The protection of a business should be considered as one of the important priority for a business, to protect its highly critical data. It is becoming increasingly important to develop a cyber and information security governance framework because if security measures are not consistent across the company, responsibility gets confusing and motivation among employees is tempered.
- Build a strong cybersecurity policy – A strong cybersecurity policy will act as a set of centralized principles across the company. Although policy can be altered according to the need of different business processes, people and technology. Cybersecurity policy should include various measures to prevent cyber-attacks.
- Comply with industry best practices – Information and cybersecurity best practices such as ISO27001 or COBIT should be considered while drafting cybersecurity policy for the company.
- Authorization and Access – Restrict the access granted to all employees based on their role and designation.
- Regular Backups and patches – Data backup should be thoroughly protected and encrypted along with ensuring the responsibility of data backup is appropriately allocated to several employees. If files are backed up regularly, your system is resistant to ransomware. If systems are updated consistently, new vulnerability patches update will make your system more secure.
- Provide Cyber Security Training – Engage employees with cybersecurity awareness training on regular basis to prevent and reduce cyber-attacks. Social media policies, password policies, email attachment restrictions to cybersecurity training, organizations need to create such awareness among its people.
Along with data privacy security, a focus should also be given to internet security. Such security measures if adopted by organizations will make a positive difference in the overall productivity of an organization.