It has taken a pandemic to show organisations where the gaps in their risk management systems are. With Covid-19 has come fear and anxiety, uncertainty and disruption the likes of which has never been experienced since World War II. When lockdowns were instituted across various countries, working from home (WFH) quickly became the only alternative, and everything went online, including ordering cocktails. For many, the only access to food, finance and information became tied to the strength and reliability of Internet connections. Many businesses which had dragged their feet over digitisation before, found themselves scrambling to strengthen their online presence. Unfortunately, in the rush, many of them overlooked one vital factor: ramping up their cybersecurity.
With increased online presence comes the increased possibility of cyber-attacks. Sadly, many firms have fallen short and are now, after months of lockdown, finding themselves having to deal with the threat of cyber-attacks, in addition to getting the business back on track and dealing with the miscellaneous difficulties brought on by the pandemic. Faced with this situation, what can organisations do now to lessen the damage of potential penetration? If the virtual world was a scary place to be before, it is even more so now because cyber-attacks can originate from anywhere, at any time, with more ferocity than ever before. What makes it worse is that cyber criminals are getting bolder because they are aware that people are generally unprepared and therefore defenceless.
Take a moment to draw up a checklist of mitigative measures that the organisation does and doesn’t have; it will help identify shortfalls and further preventive measures required. Remember that every organisation has its own respective requirements, so cybersecurity systems cannot be a one-size-fits-all proposition; they need to be customised to be effective. Check the organisation’s strategy and planning to see if there is a policy in place which can give direction on how to manage a situation that gives rise to greater exposure to cyber threats due to increased digital disruption. Despite coming late to the game, it is not too late to identify the risks that may exist vis-à-vis heavier dependence on the organisation’s systems.
There are some points to bear in mind when confronting the risk management which comes with cybersecurity; one of them is that cyber criminals and hackers cannot be stopped but organisations can make it difficult for them to break into their systems. Another factor is that one of the best ways of dealing with hacking attacks is actually through manual intervention. What does this mean? It means raising the awareness of employees, and maintaining or increasing vigilance over the organisation’s systems. Changing passwords frequently, and restricting access to certain parts of the system are also effective.
It is important for the systems administrator to know, particularly at this time when the workforce is dispersed and working remotely, exactly who can access what, i.e. everything has to be real-time. Any activity which occurs where it shouldn’t, should be enough to raise a red flag. Organisations which have hitherto not found it necessary to institute advanced levels of cybersecurity may feel that it may be a case of “too little, too late” and prefer to take their chances but they should be aware that in the New Normal, the business environment will only become more complex, and systems will become more interdependent, thus intensifying the need for tighter cybersecurity.
A hundred years ago the world was a different place, technologically speaking, which has been simultaneously a blessing and a curse. It cannot be denied that the Covid-19 virus spread so easily because technology has made people more mobile, propelling them further and faster. Connectivity and communications today are at the forefront of battling the disease, with the exchange of information between governments, international health organisations and the pharmaceutical industry playing a pivotal role in containing the infection, treating the infected, and finding a cure. It is this same connectivity that is pivotal to the resumption of business in the wake of the pandemic.
Organisations which have cybersecurity systems already in place may want to take this opportunity to test, assess, analyse and evaluate them thoroughly, applying the experience gleaned from the pandemic. Revisiting the risks associated with cybersecurity now will strengthen the system, and help the organisation identify new mitigation measures, going forward. This is a good time to double-check back-up systems, and ensure that these are “clean” because if they have been hacked, it is possible that the hackers created access that will allow them in again. Get help; a combination of tools is required to combat cyberthreats and the organisation probably needs expertise that it does not have.
It is worth noting that regulators and the authorities recognise that cyberthreats and cyber risks are growing, and have moved to put stricter, more punitive laws in place. Enforcement is becoming more stringent because cyber-attacks have the potential to do even more damage in the wake of the pandemic, given the high degree of digital reliance. If left unmitigated, cyber risk can destroy the value an organisation has striven to create over many years; in the scramble to recover and return to the New Normal, that is the last thing that any organisation will want to deal with.
