Cybercrime has become an increasingly bigger threat to digital businesses in recent years given its ability to generate lucrative profits with minimal risk of attribution or interdiction. The challenges cybercrime poses to businesses and how they can mitigate against this risk was the focus of a recent Business Day Dialogue in association with Dimension Data held in Cape Town on 17 July and Johannesburg on 19 July.
According to the NTT Security 2018 Global Threat Intelligence Report, ransomware is the cybercriminals’ weapon of choice with global malware findings pointing to a 350% increase in ransomware year on year. More than half of all malware infections (61%) occur in just four industries: gaming, business and services, healthcare and manufacturing. The sectors seeing the greatest number of cyber-attacks include finance, technology, business and professional services, manufacturing, retail and education with gaming being the top ransomware target.
Paying the ransom is not the primary problem, the report found, but rather the biggest cost to every industry is the resulting business downtime. The challenge for digital businesses is to stay ahead of cyber threats by moving from a reactive approach to a more predictive approach. As technology evolves and business ecosystems expand, businesses need to implement and establish greater cyber-resilience and agility by embedding cyber security features into the design of their network. However, given the speed at which cybercriminal ingenuity is developing, there is no silver bullet in terms of a single technology to mitigate against the risk of a cyber-attack.
This means that the onus is on businesses to innovate more rapidly than their adversaries in order to ensure they remain protected. Security features need to be holistic, end to end and layered. Digital businesses need to develop a culture of responsibility for cyber security with security becoming everyone’s business.
During a panel discussion including representatives from SAP South Africa, Cisco, Britehouse and Dimension Data, the panel agreed that although there was no silver bullet to mitigate against ransomware attacks – and no one technology solution from any company that can effectively protect against cyber threats - there are measures companies can put in place to mitigate against risks including implementing appropriate layers of technology and embedding security features into business networks.
Cisco, for example, has a product called Stealthwatch, which detects anomalies in digital traffic and acts as a security alert while SAP has embedded security measures to protect both back end and front end systems from cyber-attacks including proactive alerts to protect digital information.
In addition to embedding cyber security from the outset into networks and ensuring that they are secure by design, the panel agreed that educating employees around cyber security was imperative. Employees need to be made aware of the risks and how they can avoid threats. Businesses need to have the right internal controls in place including securing personal devices. Accountability for cyber security, the panel agreed, needs to start with the board and chief executive and needs to permeate throughout the entire organisation.
In an increasingly digital age, no business is immune to cyber threats, agreed the panel, advising that even small businesses need to identify their vulnerabilities and apply the right level of securities. Out of the box solutions, they said, work well for small to mid-sized businesses while all businesses need to invest in incident response plans and be in a position to execute on these response plans.
Having the right security measures in place is ultimately the only safeguard against cyber-attacks.