Cybersecurity Protection Needs To Reach The Next Level
Here in Hackercombat.com, we recently reported about IBM’s security study about financial cost due to breaches are getting expensive. A similar study, this time by Accenture with partnership with Ponemon Institute also confirms IBM’s disclosure about the cost of breaches is increasing. Accenture’s focus in their study is under what they call the “ever-changing digital landscape”:
1. Evolving techniques
Cybercriminals only have one goal these days: earn profits, generate income. That is the motivation why ransomware, banking trojans, and cryptocurrency mining malware came into existence in this generation. The vandalism of websites, prank virus and other 15-minute of fame cyber attacks are no longer common. Social engineering and creation of phishing websites are increasing in intensity and sophistication. It is not easy to detect them, because the fake emails are not coming from someone that the employees do not know, but those who they actually work with. A phishing email with a signature of your boss is very hard to ignore, the possibility of an employee opening an attachment of such email is fairly high. Cybercriminals do research and development themselves, adjusting their operations to meet new challenges imposed by the cybersecurity vendors.
2. Evolving targets
It is not a stranger for small and medium-sized businesses. After all, anyone attacking the default device will indiscriminately. It has already been hijacked in large quantities. There are many devices such as routers and surveillance cameras that have not changed their default settings, including the initial password. In addition to that, from now on we call “smart”, and factory control systems and home appliances are going to be IoT-oriented. These are the new targets by cybercriminals, the low hanging fruits where they can maximize their profitability.
3. Evolving impact
Information leakage issues are often deliberately done by employees in addition to the areas that can be addressed with technology, and more comprehensive measures will be needed.
Recognize cyber security risks, and formulate an organizational response policy
- Building a Cyber Security Risk Management System
- Securing resources (budget, human resources, etc.) for cyber security measures
- Create a plan for understanding cyber security risks and dealing with them
- Build a mechanism to respond to cyber security risks
- Development of emergency response system when an incident occurs
- Promotion of supply chain security measures
- Measures and conditions of the entire supply chain including business partners and outsourcing partners
- Acquisition of attack information through participation in information sharing activities, effective utilization and provision thereof.
Even in small and medium-sized enterprises, it is highly likely that personal information and secret information will be leaked due to cyber-attacks and serious situations will occur, but in reality, many companies have not even noticed that their own IT facilities are attacked by cyber attacks. That is a more serious concern, given that the company itself lacks all the capabilities to even detect that they were already breached. Serious amounts of data can be extracted right under its nose, the business operates as normal yet already receiving damage as even intellectual property stored on corporate PCs are stolen.
Ponemon Institute and Accenture’s study regarding the increasing risks and number of unknown vulnerabilities that companies face every day. A serious consideration of firms to change their ways is in order.