What happens when corporate IT infrastructure is compromised by a cyberattack? In an age where the cyber security landscape is evolving with sophisticated malware and almost every employee is connected to the organisation’s server and the Internet, Riaan Badenhorst, General Manager at Kaspersky Lab, says that reputation damage is a real risk.
As the growth of e-payments increases, if you combine this with new technology developments and the shift in business needs, many organisations have now been forced to enhance the effectiveness of their business processes – by implementing e-flow systems to interact with suppliers and clients to save time and costs. However, what happens when a cybercriminal floods the whole accounting department with phishing emails from the ‘supplier’?
Many companies have admitted that the information security incidents they have experienced have had a negative impact on their reputation and bottom line. According to Kaspersky Lab’s recent study, ‘IT Security: cost-center or strategic investment?’, which was done in partnership with B2B International, revealed that the five IT security incidents which have the most severe financial impact on organisations in the Middle East, Turkey and South Africa are electronic leakage of data, incidents affecting suppliers and incidents affecting third party cloud service.
Further to this, in 2017, enterprises in these regions paid up to US$1.5 million for incidents involving electronic data leaks from their internal systems and more than US$1 million for incidents affecting suppliers that they share data with.
As a result, the approach of ‘it will not happen to me’ attitude among businesses, coupled with the view that cyber security only entails a firewall, an anti-virus solution and some Internet filters will always propel such figures. Businesses must understand that technology alone, cannot, and will not, protect any company’s server.
Change the reality
In our experience, businesses tend to spend 80% of their security budgets on trying to prevent security breaches, which means that only 20% is then spent on predicting, detecting and responding to attacks. Often, we get asked if it even possible to solve every corporate security challenge with new technology? Our answer is that security is best understood as a process and many companies must deal with these in four distinct phases, as it will assist with mitigating the chances of a security breach. These phases include:
Prevention – which is the best understood phase, as it mostly covers technology that is already in an organisation. Here, the products essentially just block generic threats that are emerging, which our research shows is at a rate of 310,000 a day.
Detection – means detecting sophisticated and targeted attacks. This requires advanced tools and expertise, as well as the time to identify the indicators of attack, spot an incident, investigate it and mitigate the threat. The latter is covered by threat response, where the unique skills of forensic experts are needed the most.
Prediction – examines possible future attacks, as well as understanding the attack to define the long-term strategic defence capabilities of a company. This is done through running penetration testing and security assessments.
However, if a cyber-attack makes it through the organisation’s perimeter and compromises its corporate network then cybercriminals can spend months siphoning off sensitive corporate data, without ever being noticed and the impact can be massive, to you and your clients, so threats must be taken seriously.
Therefore, IT spend must be redirected towards services and solutions that go beyond preventative technologies – in fact the spilt should be a 60/40 approach. Only then are companies able to develop a security strategy that can manage the realities of modern-day cyber warfare.