While the global proliferation of technology benefits users, it also increases the number and complexity of cyber risks, and companies cannot afford not to factor in the damage that a cyberattack can have on their reputation, says global cybersecurity company Kaspersky Lab Africa MD Riaan Badenhorst.
He points out that cybercriminals are very adept at leveraging new technologies for illegal profits and are aware that many organisations do not always protect their information technology (IT) assets sufficiently.
While a business’s focus is usually on developing cost- effective products and services for customers, decision-makers should never forget the importance that trust plays in the relationship. This is of particular importance in a highly competitive environment where consumers are looking for any excuse to change brands.
“This is especially true in an age where personal data is one of the most prized assets to any business. Just consider how much data an organisation has access to, from customer information to partner agreements, as well as sensitive intellectual property and financial records. It is clear that any breach, however slight, could significantly damage the trust relationship between the company and its stakeholders.”
In addition, Badenhorst stresses the material implications of a cyberattack, noting that a breach can stop business processes, causing an organisation to lose money. According to Kaspersky Lab’s ‘Measuring the Financial Impact of IT Security on Businesses’ report, based on the company’s 2016 Corporate IT Security Risks survey, on average, one cybersecurity incident can cost large businesses as much as $861 000, while small and medium-sized businesses face an average loss of $86 500.
While South Africa is not one of the top countries or hot spots for cyberattacks, the country is not immune to attacks, with the same report highlighting that many South African companies admitted that information security incidents had had a negative impact on their reputation.
Further, Kaspersky Lab found that the average cost of brand damage incurred, per incident, by small and medium-sized businesses was approximately R115 000, while the damage to enterprises exceeded R2.8-million.
“It is clear in this case that prevention is better than cure,” says Badenhorst.
According to Kaspersky Lab’s yearly business-to-business survey of organisations globally, the most common threats encountered last year were spam, viruses or other malware, as well as phishing. These were followed by a more diverse range of cyberthreats, such as software vulnerabilities, leaks from employees (including through mobile devices), network intrusion, theft of mobile devices and targeted attacks.
“Some categories of cyberthreats don’t seem very harmful at first glance, such as spam or adware, but even these can result in loss of time by employees and lead to serious security incidents if used by cybercriminals in a targeted attack, for example. “All types of risks relevant for businesses should, thus, be considered.”
Badenhorst recommends that businesses should take particular caution regarding ransomware, data storage protection and targeted attacks.
Ransomware is a malicious software that installs covertly on a device and either mounts an attack that holds the victim’s data hostage or threatens to publish the data until a ransom is paid. This software can influence private users and businesses, and Kaspersky Lab has observed an emerging trend in which cybercriminals are organising targeted ransomware attacks against businesses, which is particularly harmful in critically important industries such as hospitals and government institutions.
Storage of valuable data should also be carefully managed so that the machine – where it is kept – and the software it contains are guarded by a proper security solution. Hardware risks should also be eliminated by securing data with regular backups.
Targeted attacks can be aimed at any organisation, but business should know that even the most dangerous targeted attacks can be blocked using existing technologies, says Badenhorst. “Effective deployment of these technologies, with different security methods implemented in a multi-layered fashion, is the best way to safeguard your business.”
While there is increasing realisation of the importance of cybersecurity globally, Badenhorst stresses that businesses cannot afford to get complacent.
To ensure that companies stay abreast of cyberattacks, Kaspersky Lab security experts advise that companies should follow certain steps. Companies should conduct a security assessment of the network to identify and remove any security loopholes, and then implement a strong and easily manageable security solution that secures all parts of the IT infrastructure, including mobile devices, servers and the Internet gateway.
Installed software should also be checked regularly for all security updates and a proper and timely backup of the company data should be created so that it can be used to restore original files after data loss.
Employees should, moreover, be trained to identify areas of potential attacks and how to guard against them; security policies should be implemented and updated when necessary to provide guidance for employees.
“It is not about if businesses will encounter cyberthreats, but . . . when. Cybercriminals will always try to find a way inside and it is crucial that companies are prepared for this,” concludes Badenhorst.