Cyber risks are business risks

March 2018 Information Security

Although most companies have invested in IT security solutions to protect their networks and data, these tend to focus on mitigating the most common threats like viruses and malware and fall short of addressing more sinister risks such as fraud, identity theft and espionage.

These are damaging threats that can put a company’s reputation and business continuity at risk, and can have serious financial implications. It is only when IT security-related risks are considered as business risks that the relevance of addressing them with proactive, strategic and appropriate solutions really becomes apparent – and this has to come from the top.

“Cyber risks should be treated as business risks and should form part of a company’s overall risk management strategy. This has to be a top-down drive; from C-level employees, for whom the cost of a breach or leak is highest, to everyone else in the organisation that has access to information systems,” says Charl Ueckermann, CEO at AVeS Cyber Security.

Cybercrime is burgeoning rapidly, not only in volume, but sophistication as well. While 70% of threats faced by enterprises are known, the other 30% are unknown, advanced threats that traditional signature-based security technologies alone cannot tackle.1

Cybercriminals are also becoming far more discerning and are targeting their attacks. Though more targeted, they often employ basic methods to implement their attacks. These methods can include social engineering, stealing of employee credentials, imitating legitimate software or even using malware covered by a stolen certificate to infiltrate systems. Ransomware, a type of malware that encrypts data and either prevents or limits users from accessing their systems, is typically targeted at C-level employees as well as departments dealing with sensitive information, such as accounts and human resource departments. These types of advanced, targeted cyber incidents are becoming more prevalent – even in South Africa.

“With this in mind, it becomes quite clear that organisations need a multi-disciplinary approach that is aligned with their specific risk management requirements and includes the implementation of appropriate IT security solutions, ongoing monitoring, analysis of IT security intelligence, and employee education. Regardless of how expensive or robust the IT security technologies are, they will not be fully effective unless everybody throughout the enterprise, starting at the top, understands the risks and supports the IT security strategy,” says Ueckermann.

He offers this advice to C-level employees for managing IT security risks to their organisations:

1. Understand that the threat landscape has changed and keeps on changing. With cyber security threats and the associated business risks increasing, treat IT security risks as business risks. Traditional, signature-based security technologies are not enough to address these risks; don’t bring a knife to a gun fight.

2. Be pro-active and prepared to avoid reactive firefighting after a breach or leak. Consult with IT security experts to help identify potential risks and implement the most appropriate and effective solutions to support your risk management strategy.

3. Understand that it is impossible to predict exactly how your systems might be attacked or threatened. You need an adaptive system with machine learning and pattern recognition capabilities, to deal with evolving threats.

4. Aim for machine/man symbiosis; use computers for their strengths, but don’t neglect to leverage the intuition of your people. There are things a computer can do that even the smartest person in the world can’t, but there are things a child can do that a computer cannot.

5. Get expert advice and support to understand, defend and deal with advanced threats like zero-day attacks.

6. Conduct regular vulnerability assessments of your IT infrastructure. This will help you to uncover the loopholes in your organisation’s security architecture and avoid damage that could be caused by cyber-attacks.

7. More than 80% of all cyber incidents are caused by human error.2 Make sure all employees are trained and are informed of risks that can occur. Companies lose money recovering from staff-related incidents, yet education and training programmes intended to prevent these problems are limited, and they usually fail to engender the desired behaviour and motivation. When employees are educated about the potential risks associated with clicking on links in emails, responding to phishing mails, connecting unsecured devices to company IT resources or sharing access credentials, they are less likely to put systems in danger.

“Every individual in the organisation using a computer is responsible for IT security, not just the IT department. Cybersecurity awareness and education are, therefore, fundamental to the effectiveness of your risk management strategy,” he concludes.

References:

1. Lab, K. (2017, 01 18). Securing the Enterprise. Retrieved from Kaspersky: https://media.kaspersky.com/en/business-security/enterprise/KL-Enterprise-Catalogue-2017-EN-FINAL.pdf, p.4

2. Lab, K. (2017, 01 18). Securing the Enterprise. Retrieved from Kaspersky: https://media.kaspersky.com/en/business-security/enterprise/KL-Enterprise-Catalogue-2017-EN-FINAL.pdf, p.12





Share this article:
Share via emailShare via LinkedInPrint this page



Further reading:

Highest increase in global cyberattacks in two years
Information Security News & Events
Check Point Global Research released new data on Q2 2024 cyber-attack trends, noting a 30% global increase in Q2 2024, with Africa experiencing the highest average weekly per organisation.

Read more...
Upgrade your PCs to improve security
Information Security Infrastructure
Truly secure technology today must be designed to detect and address unusual activity as it happens, wherever it happens, right down to the BIOS and silicon levels.

Read more...
Open source code can also be open risk
Information Security Infrastructure
Software development has changed significantly over the years, and today, open-source code increasingly forms the foundation of modern applications, with surveys indicating that 60 – 90% of the average application's code base consists of open-source components.

Read more...
DeepSneak deception
Information Security News & Events
Kaspersky Global Research & Analysis researchers have discovered a new malicious campaign which is distributing a Trojan through a fake DeepSeek-R1 Large Language Model (LLM) app for PCs.

Read more...
SA’s strained, loadshedding-prone grid faces cyberthreats
Power Management Information Security
South Africa’s energy sector, already battered by decades of underinvestment and loadshedding, faces another escalating crisis; a wave of cyberthreats that could turn disruptions into catastrophic failures. Attacks are already happening internationally.

Read more...
Almost 50% of companies choose to pay the ransom
News & Events Information Security
This year’s Sophos State of Ransomware 2025 report found that nearly 50% of companies paid the ransom to get their data back, the second-highest rate of ransom payment for ransom demands in six years.

Read more...
Survey highlights cost of cyberdamage to industrial companies
Kaspersky Information Security News & Events
The majority of industrial organisations estimate their financial losses caused by cyberattacks to be over $1 million, while almost one in four report losses exceeding $5 million, and for some, it surpasses $10 million.

Read more...
Digital economy needs an agile approach to cybersecurity
Information Security News & Events
South Africa is the most targeted country in Africa when it comes to infostealer and ransomware attacks. Being at the forefront of the continent’s digital transformation puts South Africa in the crosshairs for sophisticated cyberattacks

Read more...
SIEM rule threat coverage validation
Information Security News & Events
New AI-detection engineering assistant from Cymulate automates SIEM rule validation for SecOps and blue teams by streamlining threat detection engineering with automated testing, control integrations and enhanced detections.

Read more...
Cybersecurity a challenge in digitalising OT
Kaspersky Information Security Industrial (Industry)
According to a study by Kaspersky and VDC Research on securing operational technology environments, the primary risks are inadequate security measures, insufficient resources allocated to OT cybersecurity, challenges surrounding regulatory compliance, and the complexities of IT/OT integration.

Read more...










While every effort has been made to ensure the accuracy of the information contained herein, the publisher and its agents cannot be held responsible for any errors contained, or any loss incurred as a result. Articles published do not necessarily reflect the views of the publishers. The editor reserves the right to alter or cut copy. Articles submitted are deemed to have been cleared for publication. Advertisements and company contact details are published as provided by the advertiser. Technews Publishing (Pty) Ltd cannot be held responsible for the accuracy or veracity of supplied material.




© Technews Publishing (Pty) Ltd. | All Rights Reserved.