classic | mobile
Follow us on:
Follow us on Facebook  Share via Twitter  Share via LinkedIn
 

Search...
Hi-Tech Security Solutions Business Directory
Residential Estate Security Handbook 2017


Cyber risks are business risks
March 2018, Cyber Security

Although most companies have invested in IT security solutions to protect their networks and data, these tend to focus on mitigating the most common threats like viruses and malware and fall short of addressing more sinister risks such as fraud, identity theft and espionage.

These are damaging threats that can put a company’s reputation and business continuity at risk, and can have serious financial implications. It is only when IT security-related risks are considered as business risks that the relevance of addressing them with proactive, strategic and appropriate solutions really becomes apparent – and this has to come from the top.

“Cyber risks should be treated as business risks and should form part of a company’s overall risk management strategy. This has to be a top-down drive; from C-level employees, for whom the cost of a breach or leak is highest, to everyone else in the organisation that has access to information systems,” says Charl Ueckermann, CEO at AVeS Cyber Security.

Cybercrime is burgeoning rapidly, not only in volume, but sophistication as well. While 70% of threats faced by enterprises are known, the other 30% are unknown, advanced threats that traditional signature-based security technologies alone cannot tackle.1

Cybercriminals are also becoming far more discerning and are targeting their attacks. Though more targeted, they often employ basic methods to implement their attacks. These methods can include social engineering, stealing of employee credentials, imitating legitimate software or even using malware covered by a stolen certificate to infiltrate systems. Ransomware, a type of malware that encrypts data and either prevents or limits users from accessing their systems, is typically targeted at C-level employees as well as departments dealing with sensitive information, such as accounts and human resource departments. These types of advanced, targeted cyber incidents are becoming more prevalent – even in South Africa.

“With this in mind, it becomes quite clear that organisations need a multi-disciplinary approach that is aligned with their specific risk management requirements and includes the implementation of appropriate IT security solutions, ongoing monitoring, analysis of IT security intelligence, and employee education. Regardless of how expensive or robust the IT security technologies are, they will not be fully effective unless everybody throughout the enterprise, starting at the top, understands the risks and supports the IT security strategy,” says Ueckermann.

He offers this advice to C-level employees for managing IT security risks to their organisations:

1. Understand that the threat landscape has changed and keeps on changing. With cyber security threats and the associated business risks increasing, treat IT security risks as business risks. Traditional, signature-based security technologies are not enough to address these risks; don’t bring a knife to a gun fight.

2. Be pro-active and prepared to avoid reactive firefighting after a breach or leak. Consult with IT security experts to help identify potential risks and implement the most appropriate and effective solutions to support your risk management strategy.

3. Understand that it is impossible to predict exactly how your systems might be attacked or threatened. You need an adaptive system with machine learning and pattern recognition capabilities, to deal with evolving threats.

4. Aim for machine/man symbiosis; use computers for their strengths, but don’t neglect to leverage the intuition of your people. There are things a computer can do that even the smartest person in the world can’t, but there are things a child can do that a computer cannot.

5. Get expert advice and support to understand, defend and deal with advanced threats like zero-day attacks.

6. Conduct regular vulnerability assessments of your IT infrastructure. This will help you to uncover the loopholes in your organisation’s security architecture and avoid damage that could be caused by cyber-attacks.

7. More than 80% of all cyber incidents are caused by human error.2 Make sure all employees are trained and are informed of risks that can occur. Companies lose money recovering from staff-related incidents, yet education and training programmes intended to prevent these problems are limited, and they usually fail to engender the desired behaviour and motivation. When employees are educated about the potential risks associated with clicking on links in emails, responding to phishing mails, connecting unsecured devices to company IT resources or sharing access credentials, they are less likely to put systems in danger.

“Every individual in the organisation using a computer is responsible for IT security, not just the IT department. Cybersecurity awareness and education are, therefore, fundamental to the effectiveness of your risk management strategy,” he concludes.

References:

1. Lab, K. (2017, 01 18). Securing the Enterprise. Retrieved from Kaspersky: https://media.kaspersky.com/en/business-security/enterprise/KL-Enterprise-Catalogue-2017-EN-FINAL.pdf, p.4

2. Lab, K. (2017, 01 18). Securing the Enterprise. Retrieved from Kaspersky: https://media.kaspersky.com/en/business-security/enterprise/KL-Enterprise-Catalogue-2017-EN-FINAL.pdf, p.12


  Share via Twitter   Share via LinkedIn      

Further reading:

  • Protecting the machines
    July 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, Integrated Solutions, Industrial (Industry)
    Security operations at industrial sites need to include cybersecurity and it needs to be treated with the same importance as the physical security of the site as well as health and safety standards.
  • Securex 2018 pulls the (right) crowds
    July 2018, Technews Publishing, Access Control & Identity Management, CCTV, Surveillance & Remote Monitoring, Cyber Security, Integrated Solutions
    With over 6000 visitors attending and exhibitors expressing their satisfaction with not only the number, but also the calibre of the visitors, this year’s Securex was a winner.
  • Securing your digital assets
    July 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, IT infrastructure
    Cyberattacks can’t be prevented, but companies and individuals have ways to keep the attackers out. However, the coming year will see more attacks and more losses because of poor cyber planning.
  • The generations that matter
    July 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, Security Services & Risk Management
    According to Doros Hadjizenonos, country manager, SADC at Check Point, we have entered the fifth generation of cyberattacks.
  • EOH introduces managed Security-as-a-Service
    July 2018, EOH Security & Building Technologies, News, Cyber Security, Security Services & Risk Management
    EOH has introduced a solution to modern security concerns through a managed Security-as-a-Service suite of offerings.
  • How data leaks can be avoided
    July 2018, This Week's Editor's Pick, Cyber Security, News, Security Services & Risk Management
    MyID runs as a service, monitoring your ID number, email address, mobile number and credit card number for fraudulent usage or fraudulent input on the Web.
  • Securing the Internet of Things
    July 2018, Cyber Security, Industrial (Industry)
    With more than 75 billion devices expected to be connected to the Internet by 2025, the Internet of Things (IoT) has become an integral part of the digital world, but are these devices secure?
  • Being prepared is key to mitigating cyber attacks
    July 2018, Cyber Security
    In an age where cyber criminals are a dime a dozen, and the threat landscape more complex than ever, it pays to prepare and be always on guard.
  • Securing your operational systems
    July 2018, Industrial (Industry), Cyber Security
    Forrester research on operational technology (OT) cybersecurity: 56% of organisations experienced a security breach last year.
  • Watch out for digital profiling
    July 2018, This Week's Editor's Pick, Cyber Security
    Research shows that smartwatches can become tools for spying on their owners, by collecting signals that – after analysis – could be turned into datasets unique to the smartwatch owner.
  • Intelligence and compliance ­depend on data governance
    June 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, Security Services & Risk Management
    The growth of data in all its forms caused data governance to become increasingly complex, to the point where it is a skill in itself.
  • Data governance and security
    June 2018, Technews Publishing, This Week's Editor's Pick, Cyber Security, Security Services & Risk Management
    Data governance has become a key issue for all businesses, and as with all things data-related these days, security is a key component of data governance.

 
 
         
Contact:
Technews Publishing (Pty) Ltd
1st Floor, Stabilitas House
265 Kent Ave, Randburg, 2194
South Africa
Publications by Technews
Dataweek Electronics & Communications Technology
Electronic Buyers Guide (EBG)

Hi-Tech Security Solutions
Hi-Tech Security Business Directory (HSBD)

Motion Control in Southern Africa
Motion Control Buyers’ Guide (MCBG)

South African Instrumentation & Control
South African Instrumentation & Control Buyers’ Guide (IBG)
Other
Terms & conditions of use, including privacy policy
PAIA Manual
         
    Mobile | Classic

Copyright © Technews Publishing (Pty) Ltd. All rights reserved.