IERP® Team No Comments

Virtual Risks Can Be A Real Nightmare

A local university was recently threatened with the potential leakage of personal details of more than 1 million students and alumni if they failed to improve the security of their portals

‘Cybersecurity is no longer just a technology issue: it is a business one too’ – Neil Campbell, Director of Security Solutions of Australia’s leading telecommunication company, Telstra

A local university was recently threatened with the potential leakage of personal details of more than 1 million students and alumni if they failed to improve the security of their portals. This threat came after a number of banks online system reportedly suffered data breaches at the end of 2018. In the last quarter of 2018, an attack on Facebook’s computer network exposed personal information of nearly 50 million users. All these cases show a worrying global trend of data theft and cyber-attacks – and the global outlook looking forward is no different. The Global Risks Report 2019 lists data fraud/theft and cyber-attack among the top 5 risks in terms of likelihood.
From uploading your travel photos, ordering lunch and booking transport, technology is continuously evolving to meet the demands of the digitally savvy, to provide better products and services and subsequently a better quality of life. We are increasingly embracing the digital lifestyle and show no sign of slowing down. Global internet penetration has risen in 2018 and continues to rise. This trend has influenced businesses and organisations to adopt and integrate digital technology into their processes and engagements – even transforming their products and services! While we cannot deny the benefit of digital technology, we should devote the same attention and resources in managing risks as we are investing in its development.

A number of recent studies all point towards the increasing economic cost, losses and impact due to cybersecurity incidents. In addition to any financial impact, customer confidence and brand reputation will also take a hit.

Don’t Throw Money at Security
Whilst continuously improving cybersecurity requires resources, pumping in money and hoping it’s enough to deter constantly evolving attacks does not solve the problem. So, what can businesses or organisations do?

1. Cultivate a culture that supports cybersecurity risk management
It is extremely important for leaders of an organisation to recognize cybersecurity risk as a priority and to develop holistic measures or policies for the organisation. This is to ensure the response systems created are not incompatible with other response systems in the same organisation. In addition, the cybersecurity policy needs to be aligned with management policy so that organisation-wide measures can be designed/co-ordinated. Measures and procedures created must be communicated effectively to internal and external stakeholders – including supply chain partners and outsourcing companies to ensure effective implementation.

2. Be proactive, not reactive
It is impossible to create an impervious system that denies any cyber-attack, indefinitely. An organisation may choose to invest as the need arises. A more proactive or holistic approach sees organisations deploy a comprehensive monitoring and response process that always help an existing system to evolve as a whole. This approach needs to be supported by data on emerging threats, feedback from all levels of management with implementation of necessary policies and processes.

3. Prepare for response
An organisation needs to prepare against cyber-attacks. Preparation includes setting an emergency response system and drilling exercises that involve IT personnel and departments which will be directly or indirectly impacted by an attack. An effective response system promptly identifies the areas that are involved in the attack and rolls out necessary measures to prevent further damage. An effective response also helps reduce the impact on the brand, reduce losses and improve the recovery time of critical processes. Organisations are not impervious to cyber-attacks. However, they can take the necessary steps to minimize the impact of the loss. As the world and processes continue to evolve with digital integration, it is time for organisations and leaders to invest and make cybersecurity one of their primary areas of focus.