With data being likened to the oil of the digital age, decision-makers cannot afford to ignore evolving cyberthreats especially given recent examples of ransomware attacks targeting local companies. Ralph Berndt, Director of Sales at cyber resilience experts Syrex, examines the importance of thinking differently about cybersecurity.
“International research shows that 54% of the global respondents admitted to being hit by instances of ransomware,” said Berndt.
“The median financial impact per affected business – a staggering R1.8 million. Even more significantly, an average of two ransomware attacks per organisation were reported. Given how vital data has become to the competitive success of any business, protecting it should be an organisational priority.”
However, it is no longer good enough to install an anti-virus or a firewall and think it is sufficient. Cybersecurity does not happen in isolation of other business processes or is a one-off consideration. Instead, a company should view it as an organic component that needs to be adapted continually and permeate all facets of the enterprise.
Already, this has seen the advent of the likes of next-generation firewalls that combine the traditional solution with other network device filtering functionalities. These include an application firewall using in-line deep packet inspection and intrusion prevention systems.
Security done differently
“It is all about embracing an all-encompassing approach that includes cybersecurity, disaster recovery, and business continuity management,” added Berndt.
“This has seen the emergence of cyber resilience to provide a company with the ability to continue delivering on its strategic business directives in the face of malicious cyberattacks. Decision-makers should think of it as a natural evolution from pure cybersecurity to a cyber resilience approach that is more of a methodology focusing on the measures and policies that need to be put in place to ensure continual business operations.”
The traditional way of thinking about security is very much driven by the nuts and bolts of solutions. This results in the business losing sight of the larger organisational impact that malicious attacks could have on the success of the company. Cyber resilience represents a huge shift in the industry – one which is more geared towards managing risk. This entails all facets of data, from its security through to its backup and the business continuity measures put in place to resume operations in the event of a disaster (man-made or otherwise).
Cyber resilience espouses a layered approach that incorporates the technology, the systems and processes, as well as the human resources within an organisation. In this way, security covers all the potential entry points into the organisation. This way of combating cybercrime is something that is integral to how security should be treated in the connected world.
“Many companies are still using older, more traditional ways of looking at security without factoring in the risk component,” said Berndt.
“Adding to this is an expanding C-suite with more specific corporate roles being introduced such as the CSO and CDO that report to the CEO from a strategic perspective. In this environment, does the issues of risk and compliance only still form part of the CFO’s duties? Definitely not.”
Business education
Security has moved away from being purely one based on opportunities to become more of a functional environment where people are employed to conduct attacks. And thanks to the rise of cryptocurrency where there is less of a paper trail to track such payments, the likes of Bitcoin and others are enabling the hacking industry by getting them to incentivise people for attacks.
“Decision-makers need to be educated about the importance of effective cybersecurity policies and solutions,” said Berndt.
“In the digital business environment, ignorance can no longer be used as an excuse. Similarly, no company (irrespective of industry or size) can afford not to have cybersecurity integrated into all facets of the organisation.”
Cyber resilience requires a layered approach to be managed effectively. It is as much a technology problem that needs solving as it is a human one. Being cognisant of all the entry points into an organisation and how to deal with them, should be the foundation on which cyber resilience is built.
“It is imperative to embrace cyber resilience as a way of doing business if companies are to mitigate the risks that operating in a digital environment can bring,” added Berndt.
“From ransomware to data corruption, phishing attacks to identify theft, the environment is a fast-paced one needing an integrated way to safeguard data. There is no choice but to accept it as a reality of doing business and embrace it wholeheartedly. Organisations need to think of risk as prevention, security and recovery if they are to remain effective and safeguard their data. More importantly, security is not purely about technology any longer but also about the people and processes. Cyber resilience helps with this.”