What businesses should be doing to mitigate cyber security risks
Cyber crime will cost the global economy $6 trillion annually by 2021, according to the Cybersecurity Ventures 2017 Annual Cybercrime Report. That kind of value can be difficult to visualise, but it is the combined wealth of every billionaire on earth.
It is more than just a worldwide problem, though. Cyber crime is a phenomenon that many South African businesses have felt the impact of first-hand: the South African Banking Risk Information Centre (Sabric) reports that South Africans lose in excess of R2.2bn to Internet fraud and phishing attacks every year.
This highlights the need to urgently change the way businesses approach cyber security because if companies fail to put in place the necessary security to protect their information, the costs could be astronomical.
As they continue to digitally transform and increasingly make use of cloud-based solutions, businesses must invest in technology that protects them from would-be cybercriminals.
Importantly, businesses should recognise that security is no longer just an IT function. It is a fundamental business process that should be aligned to business objectives. It's therefore essential that cyber security is embedded across the entire business network, its applications and access points to detect, analyse and block suspicious behaviour.
When it comes to cloud computing enterprise-grade security, in particular, businesses should also adopt an "assume breach" mind-set. By assuming the company's network has been breached, business owners become more vigilant about monitoring patterns of behaviour and are able to identify real threats and anomalies before they do too much damage.
However, it is critical to note that even if businesses have the most watertight systems and processes in place, a lack of security awareness among employees can be a serious risk. As such, businesses should also examine their company culture when it comes to cyber security and focus on creating a business culture which prioritises data protection.
"Most breaches today are the result of simple mistakes by employees clicking on rogue links in e-mails, downloading malicious attachments, or simply not following security policies and training lessons," says Paul Fisher, research director of Pierre Audoin Consultants, which conducted research into the role identity and access management plays in digital transformation.
To overcome these risks, businesses need to train employees not to open suspicious mails or click on unknown links, and to back up all critical data to the cloud. This will help ensure the business is properly protected from ransomware attacks. It is also essential to educate employees on best practices for passwords and to turn on features such as multi-factor authentication.
Nothing today should be more important than the security of a company's data. In today's complex and regulated environment, businesses need to take a proactive approach to cyber security by investing in improved technology such as the intelligent cloud and by making it part of their business culture.
Four services key to effective cyber security in the cloud that businesses should keep top of mind:
1. Privacy control and access: A company's cloud provider should give them full ownership and control over their data.
2. Data encryption: Cloud encryption is the conversion of data into another form called cipher text. This text cannot be understood by anyone other than authorised parties.
3. Risk management processes: Businesses should ensure their cloud provider has these processes in place in order to reduce security incidents.
4. Transparency: Cloud providers must be transparent about security and compliance and provide customers with information on where their data is stored and processed.