Twitter is likely still reeling from a hack a few weeks back and Garmin is trying its best to restore an “outage”. That “outage” has now spanned four full days and seems a bit more nebulous than a simple system fault.
We bring both of these situations up because as we’ve all become accustomed to working from home, and look to be staying that way for the near future, we should chat about cybersecurity.
We say this because, while traditionally businesses have been able to safeguard data, systems and more with a “castle and moat” approach, the castle is now scattered.
The good side of a scattered workforce is that digital transformation has been accelerated and we’re seeing a lot more businesses take advantage of this. Whether it be adding an online component or making workflows more efficient, digital transformation is a great thing and seeing more local businesses embrace digital solutions is wonderful to see.
But specialist sales executive for security at T-Systems South Africa, Lukas van der Merwe, advises that firms address cybersecurity before it’s too late.
“While the transition to a digital economy is fundamental to enabling sustainable business growth, organisations were forced to adopt various digital platforms much faster than anticipated, resulting in the significant expansion of their attack surfaces, making them potentially vulnerable to cybersecurity breaches,” explains van der Merwe.
Of course when a threat is mentioned the first instinct we have is to lock everything down. See: South Africa in March as an example.
But in the context of digital transformation, locking everything down may be a bad idea.
“For example, organisations that stick to a traditional cybersecurity approach and try to limit the risk by reducing the attack surface will constrain their ability to transform digitally. On the other hand, businesses that adopt a digital platform and implement digital transformation without deploying appropriate security run the risk of not only being vulnerable to cyberattacks, but potentially significant damage to their entire organisation,” says van der Merwe.
What is needed then is balance but how does find balance in this instance?
The unfortunate news is that it is going to take time and a bit of effort on the business owner’s part.
This is because one has to assess every area of the business from the contact centre up to the C-Suite’s email. This will help determine what is needed to keep the wheels moving smoothly while also making sure those wheels don’t come off.
The good news is that there are several solutions that can assist with securing your digital environment but its best to know what you need before going shopping.
Another key consideration to make is how to implement security measures while also keeping the business functional.
Paying the piper
For the business owners reading this thinking they are immune to cybercrime we caution you to think twice.
In its latest State of Email Security Report, Mimecast found that 84 percent of South African organisations are concerned about a web domain, brand exploitation or site spoofing attack.
What is notable about these attack vectors is that they rely on the user to click something they shouldn’t click. The trouble here is that spoofing has become so clever that even experts can be fooled.
As we saw with Twitter last week, all it takes is one person to click or do something they shouldn’t to make your firm grab headlines in the worst way possible.
This should really help to hammer home the message that every precaution should be taken when developing a cybersecurity policy.
“The process to deploy the correct cybersecurity strategy in a digital economy is simple,” says van der Merwe.
“First, identify the risks that your organisation will be exposed to, then consider the likelihood of these risks being realised, the impact of a breach event and then look at the cost of defence. You need to understand what it would cost to address the risk versus the impact of the event taking place. Once you’ve built the risk matrix, you can start prioritising how you want to slow down or accelerate your digital transformation, while maintaining a healthy security posture.”
Of course “simple” is absolutely contextual as the complexity of your business and digital environment will ultimately determine how complex your approach to security should be.
Over and above this we would recommend embarking on a cybersecurity education campaign.
Looking back at that Mimecast report, employees without awareness training were five times more likely to click on malicious links.
While we understand that budgets everywhere are being cut as a result of lockdowns and the COVID-19 pandemic, security is vital to insuring a business can keep functioning to the best of its ability.
“This presents both a challenge and opportunity for cybersecurity practitioners as their offerings can underpin sustainability. However, customers’ investments in cybersecurity solutions must be positioned against a backdrop of facilitating growth and adding business value under these difficult conditions,” van der Merwe concluded.
And that is where we feel the best piece of advice sits, though it’s not said explicitly.
Consult with experts. Cybersecurity is a complex beast and it’s okay to not have a grasp one every threat your company might face.
Speak to experts, find out what your risks are and how to address them. As van der Merwe points out, the process is simple, one just has to start.[Image – CC 0 Pixabay]