Tag: cyber crime

By Amritesh Anaand, practise lead for unified Communication at In2IT Technologies

Cybercrime is a growing threat to businesses globally, and South Africa is no exception. The country ranks third in the world for the highest number of users experiencing targeted ransomware attacks. No industries or sectors are immune, and a breach can cost companies millions in lost revenue, not to mention the cost (and time) to recover. Cyber insurance is a growing trend, aimed at helping mitigate the risk around cyber threats. However, while it can help businesses to handle some of the financial fallout from an attack, it is by no means a replacement for a comprehensive data management and protection strategy.

The rise of cyber insurance

The last decade has seen thousands of highly publicised and cost-heavy cyber incidents, which have impacted organisations across the globe as well as a range of industry sectors. Most recently in South Africa, the Department of Justice was hit by a ransomware attack in September, and the recovery from the attack is ongoing after several weeks. No company or industry is immune, and since businesses are heavily reliant on technology and data to operate, a successful ransomware attack can be devastating financially.

This is where cyber insurance comes in, helping the primary risks associated with cyber incidents, including network security and privacy liability, network business interruption, media liability, and errors and omissions. Cyber insurance is designed to provide first- and third-party coverage to mitigate risk exposure by offsetting the costs involved with the recovery of cyber losses.

Cyber insurance is not a security strategy

Coverage from cyber insurance may include losses from network security breaches, data and systems recovery costs, legal expenses and third-party indemnification related to data breaches, as well as business interruption costs. However, financial risk is only one element of the cost associated with a cyberattack. The reputational damage, which no insurance policy can mitigate, can be devastating after the fact. In this instance, as with many others, prevention is always better than cure.

Preventing a breach of your network and its systems requires protection against a variety of cyberattacks. For each attack, the appropriate countermeasure must be deployed/used to deter it from exploiting a vulnerability or weakness. The first line of defence for any organisation is to assess and implement security controls, through a multi-layered security approach that considers the following six elements.

1. Education and awareness

One of the most common ways cybercriminals gain access to your data is through your employees. They’ll send fraudulent emails impersonating someone in your organisation and will either ask for personal details or for access to certain files. Links often seem legitimate to an untrained eye and it’s easy to fall into the trap. This is why employee awareness is vital.

2. Frequent software and systems updates

Often, cyberattacks happen because your systems or software aren’t fully up to date, leaving weaknesses. Cybercriminals exploit these weaknesses to gain access to your network. Once they are in – it’s often too late to take preventative action.

3. Endpoint protection

Mobile devices, tablets and laptops that are connected to corporate networks give access paths to security threats. These paths need to be protected with specific endpoint protection software.

4. Data security

There are so many different types of sophisticated data breaches and new ones surface every day and even make comebacks. Putting your network behind a firewall is one of the most effective ways to defend yourself from any cyberattack. A firewall system will block any brute force attacks made on your network and/or systems before it can do any damage.

5. Identity and access

Physical access remains a critical element and having control over who can access your network is important. If somebody can simply walk into your office and plug in a USB key containing infected files into one of your computers, allowing them access to your entire network or infect it, then systems are not secure.

6. Strong password policies

Having the same password setup for everything can be dangerous. Once a hacker figures out your password, they now have access to everything in your system and any application you use. Having different passwords set up for every application you use is a real benefit to your security and changing them often will maintain a high level of protection against external and internal threats.

Insurance is the fallback

As with anything in life, insurance should be a last resort when all else has failed. It can help to mitigate some of the financial damage of an attack, but it cannot form the basis of a cybersecurity strategy, as this places businesses at risk for other areas, including compliance.

However, it can be difficult to know where to begin when it comes to protecting your business from cybercrime and cyberattacks. There is so much information out there that it can become overwhelming, especially when we have so much interrelated information. The right technology partner is essential to delivering a cybersecurity solution that works for a business and its employees.

 

Source: Fin24

South African businesses of all sizes, including educational institutions, have been particularly hard hit by an onslaught of cyber-attacks, although this is not always public knowledge, according to Kerry Curtin, cyber risk expert at Aon South Africa.

Cyber risk was ranked as the #1 risk facing educational institutions and is likely to remain so for the foreseeable future, according to Aon’s 2018 global risk management survey.

Curtin says the potential theft or leakage of data, particularly confidential information in an educational setting, should be top of the list in risk planning.

“The need to strengthen institutional resiliency against potential damage, compromising hacks and downtime is crucial,” she adds.

This is because schools, like any other business, are increasingly dependent on technology. The knock-on effect of a cyber incident at an educational facility has the potential to be financially and reputationally catastrophic.

For example, in 2016 it was reported that the University of Limpopo’s website was taken down, leaking exam papers and the details of over 18 000 students, in addition to perpetrators publicly posting what was believed to be the login details for the University’s intranet.

The sheer number of cyber-attacks on educational institutions suggests that the sector is not as prepared as it should be in its efforts to safeguard networks, according to Curtin.

Aon provides the following tips for the education sector:

Safeguard institution-owned devices

All computers, laptops and smart devices owned by the educational institution should at the very least have a current anti-virus programme installed, in addition to adware and malware protection.

One of the biggest threats to any business is the people operating these devices and their naivety regarding cyber risks, so education is key.

BYOD policy

The practice of students and staff members bringing devices to school or university that interact with the institution’s network is very likely. The first line of defence is keeping guest devices separate from the network, allowing the institution to keep data secure on an administrative network, as well as monitor traffic more closely.

When it comes to sending sensitive information, it is crucial to implement a secure file exchange solution that can protect against cyber threats such as phishing scams.

Multi-factor authentication

While passwords alone do not provide adequate levels of security and hackers are able to circumvent physical biometrics such as fingerprint identification as a single layer of authentication, Multi-Factor Authentication (MFA) is fast becoming the next line of defence.

Social media policy

Not only does the policy need to stipulate what is deemed as acceptable behaviour from employees and students, but it also needs to explain what the benefits are of becoming an ambassador for the brand and the legal ramifications inherent to social media platforms.

Follow us on social media: 

               

View our magazine archives: 

                       


My Office News Ⓒ 2017 - Designed by A Collective


SUBSCRIBE TO OUR NEWSLETTER
Top