With data being likened to the oil of the digital age, decision-makers cannot afford to ignore evolving cyber threats especially given recent examples of ransomware attacks targeting local companies.
Ralph Berndt, director of sales at cyber resilience expert Syrex, examines the importance of thinking differently about cyber security.
“International research shows that 54 percent of the global respondents admitted to being hit by instances of ransomware. The median financial impact per affected business – a staggering R1,8-million. Even more significantly, an average of two ransomware attacks per organisation were reported. Given how vital data has become to the competitive success of any business, protecting it should be an organisational priority,” says Berndt.
However, it is no longer good enough to install an anti-virus or a firewall and think it is sufficient. Cyber security does not happen in isolation of other business processes or is a once-off consideration. Instead, a company should view it as an organic component that needs to be adapted continually and permeate all facets of the enterprise.
Already, this has seen the advent of the likes of next-generation firewalls that combine the traditional solution with other network device filtering functionalities. These include an application firewall using in-line deep packet inspection and intrusion prevention systems.
Security done differently
“It is all about embracing an all-encompassing approach that includes cyber security, disaster recovery, and business continuity management. This has seen the emergence of cyber resilience to provide a company with the ability to continue delivering on its strategic business directives in the face of malicious cyber-attacks.
Decision-makers should think of it as a natural evolution from pure cyber security to a cyber resilience approach that is more of a methodology focusing on the measures and policies that need to be put in place to ensure continual business operations.”
The traditional way of thinking about security is very much driven by the nuts and bolts of solutions. This results in the business losing sight of the larger organisational impact that malicious attacks could have on the success of the company. Cyber resilience represents a huge shift in the industry – one which is more geared towards managing risk.
This entails all facets of data, from its security through to its backup and the business continuity measures put in place to resume operations in the event of a disaster (man-made or otherwise).
Cyber resilience espouses a layered approach that incorporates the technology, the systems and processes, as well as the human resources within an organisation. In this way, security covers all the potential entry points into the organisation. This way of combating cybercrime is something that is integral to how security should be treated in the connected world.
“Many companies are still using older, more traditional ways of looking at security without factoring in the risk component,” says Berndt. “Adding to this is an expanding C-suite with more specific corporate roles being introduced such as the CSO and CDO that report to the CEO from a strategic perspective. In this environment, does the issues of risk and compliance only still form part of the CFO’s duties? Definitely not.”
Security has moved away from being purely one based on opportunities to become more of a functional environment where people are employed to conduct attacks. And thanks to the rise of cryptocurrency where there is less of a paper trail to track such payments, the likes of bitcoin and others are enabling the hacking industry by getting them to incentivise people for attacks.
“Decision-makers need to be educated about the importance of effective cybersecurity policies and solutions. In the digital business environment, ignorance can no longer be used as an excuse. Similarly, no company (irrespective industry or size) can afford not to have cybersecurity integrated into all facets of the organisation,” says Berndt.
Cyber resilience requires a layered approach to be managed effectively. It is as much a technology problem that needs solving as it is a human one. Being cognisant of all the entry points into an organisation and how to deal with them, should be the foundation on which cyber resilience is built.
“It is imperative to embrace cyber resilience as a way of doing business if companies are to mitigate the risks that operating in a digital environment can bring,” Berndt says. “From ransomware to data corruption, phishing attacks to identify theft, the environment is a fast-paced one needing an integrated way to safeguard data.
“There is no choice but to accept it as a reality of doing business and embrace it wholeheartedly. Organisations need to think of risk as prevention, security, and recovery if they are to remain effective and safeguard their data.
“More importantly, security is not purely about technology any longer but also about the people and processes. Cyber resilience helps with this,” Berndt adds.