Cyber Security: A Critical Board Level Concern For Enterprises

by Sanjay Katkar, Co-Founder, MD & CTO, Quick Heal Technologies

Cybersecurity remains an important yet unaddressed issue of current times for enterprises. I hope this article is read not only by the CISOs or IT Heads but also by the other members of the senior management or founders of organizations. We will not be discussing technology or cyber security steps and processes in this article. Instead, we focus on the bigger picture of having the right approach to cybersecurity at strategy level so as to bring the right importance to security needs of organizations.

The recent incident of WannaCry ransomware attack has increased the cybersecurity awareness among large corporates, small businesses and individuals across the world. Our observation has been that often such awareness levels drop back to normal in all those organizations where security is not given a priority. And the reason is that many decision-makers in these companies do not comprehend the severity of cybersecurity issues. Ignorance is no bliss; thus, we urge decision-makers to get involved in understanding and defining a robust cybersecurity strategy for their organizations.

Innovations in the field of cybersecurity have led to security for different levels such as gateway, network, and endpoint security. Advanced security features include data loss prevention (DLP), device control, automated patch management, behavior-based detections, threat intelligence, SIEM, and much more. Most businesses, however, still feel it’s enough to have an antivirus protection on all the computers to prevent their organization from emerging cyber threats. What most of these companies do not realize is that cybersecurity looms a much larger threat than simply having to deal with virus or malware. The threat landscape is much bigger and evolved than ever, social engineering attacks are becoming more sophisticated and difficult to identify. If USA’s National Security Agency, one of the most powerful military intelligence organizations in the world can get hacked, one can imagine how secure their organizations are.

What is the worth of your data?

To begin with, companies need to accept that they are just as vulnerable as any other organization or individual; hackers do not discriminate while launching an attack. Security should be given the highest priority in this age of data and connectivity as prime drivers of businesses today. Businesses must be aware of the fact that there are several market places on the Dark Web where all sorts of data gets sold and buyers are ready to pay for this data. Recently, a popular Indian food-tech company’s massive data breach led to sensitive records of 17 million users getting stolen. This data was being sold on the Dark Web marketplace for as low as 1000 USD. However, this data leak could cause the food-tech company a fortune. There are 1000s of such deals happening on the Dark Web on a regular basis. While making business decisions on how much to spend on cybersecurity, companies must ask themselves, what is the worth of the data stored on their servers and endpoints? You will need no business advisor to explain the importance of securing this data for your enterprise.

Hire the right people

The recent ‘WannaCry’ ransomware attack which crippled multiple users and organizations in over 150 countries has taught us a very important lesson that no one should compromise on cybersecurity. A dump of MS-17-010 Windows OS vulnerability, responsible for the WannaCry outbreak, was made public by the notorious Shadow Broker group on 14th April, 2017. This vulnerability affected most desktop and server editions of Microsoft Windows. Microsoft had released a patch for the vulnerability in March, 2017. Systems which did not apply a patch update for this vulnerability were affected by the WannaCry ransomware which uses worm like behavior to affect vulnerable systems on the network. Hackers studied the vulnerability, assessed the opportunity of exploiting it for a large scale impact and then used it as a weapon for launching a global cyber-attack. This incident tells us that individuals and businesses alike, had ample time to apply the patch, however, they failed to do so which made them a victim to this large-scale cyber-attack. This event also brought to light that companies need to hire the right resource responsible for handling the IT ecosystem. The CISO/Security expert must be equipped with threat intelligence to ensure information assets and technologies are adequately protected against emerging threats. Professionals handling the cybersecurity of companies must have the vision to anticipate and safeguard the organization from the evolving threat landscape by using appropriate security solutions.

Impact of a cyber-attack

Cybercrime is one of the greatest threats plaguing the digital world we are living in. Compromising on cybersecurity may lead to irreparable damage and the business recovery path may get more complex and costlier than anticipated. Several past incidents have shown a direct correlation between a cyber breach and a company's share price performance and valuation. We saw that last year, US telecoms giant, Verizon cut the price of its $4.8bn (£3.9bn) takeover of Yahoo's internet business by $350m after two massive data breaches were revealed at the internet company. Computing the cost of a cyber breach involves several factors. These costs may include lost business cost during the attack period, compensation (potential) to affected customers, reputational damage, and other incident response costs. Business leaders need to estimate the potential consequences of a cyber-attack and better plan their security strategy to safeguard the company’s strategic interests and improve the business’ ability to survive a cyber attack.

Post the WannaCry ransomware attack, we have seen a rise in the early renewal and adoption of our security solutions by our clients. This reinforces the fact that people will only believe what they see. However, it’s about time businesses accepted that cyber threats are real and challenging enterprises across the world. Cybersecurity is no longer an IT issue, business leaders need to get involved in framing the cybersecurity strategy of their companies. When it comes to cybersecurity, prevention really is the best cure. Rather than dealing with the consequences, it’s always a good idea to invest in precautionary measures such as adopting multi-layered security solutions for your enterprise.

 

Facebook