Do You Make These Eight Common Cybersecurity And Data Risk Mistakes?
According to PwC’s 2018 Global Economic Crime and Fraud Survey, about half of all organisations across the globe have reported being a victim of fraud or of some sort of economic crime. Cybercrime figures are near the top of the list with 31% of all organisations being affected. What makes these instances of cyber-attacks even more alarming is the rapidity with which they have been increasing over the years. In this article, we look at the 8 biggest cyber and data security risks faced by corporations in 2018:
Rather than actively seeking out vulnerabilities, most companies react only after the damage has already been done. The problem with this strategy is that cyber threats are rapidly evolving and protecting yourself from a type of attack that was prevalent last year will not offer much protection from the latest vulnerability.
Lack of a proper cybersecurity and data protection policy
Whilst many large companies do have a cyber and data security policy, the implementation is usually haphazard with employees lacking proper training. Additionally, the threats evolve so quickly that most policies cannot usually keep up with them.
Dated physical infrastructure and old software can be a significant vulnerability. The financial cost of updating systems can be large but the cost of a breach has been increasing exponentially as well.
The human factor
The biggest single risk factor continues to be the human element. As per the PwC report, about half of all frauds were perpetrated by people inside the organisation. Cyber and data security is not only about protecting from outside attack but also protecting against privilege abuse and insider manipulation.
The internet of things
IoT refers to the billions of small connected devices that we see all around us such as internet routers, photocopiers, and even smart TVs. These are increasingly being targeted by malicious actors as they often do not receive security updates as frequently as computers and laptops. Any breaches are also harder to detect or isolate.
Bring your own device
BYOD is popular with employees and offers cost savings for companies, however, it puts heavy stress on the security infrastructure. It is harder to protect the system when there are thousands of diverse types of devices running different operating systems and security patches. About 70% of all companies believe that data breach is a significant risk with BYOD whilst about 50% are concerned about malware.
The issue of inadequate training comes up at almost every cyber security discussion. The challenge here is the rapid pace of technological advancement which means that training materials need to be refreshed on an ongoing basis and then disseminated.
No recovery plans
It is said that no battle plan survives first contact with the enemy. However, having a proper strategy for recovery, backup and damage control can ensure that the losses from a cyber-attack or data breach are not catastrophic. Whilst it costs more to have redundant systems that are not used 99.99% of the time, they can still prove their worth in the event of an emergency.
These are some of the most common vulnerabilities for companies which are facing increasingly sophisticated and damaging cyber-attacks. The first step for a company to counter this is to create a comprehensive cyber security policy that assesses the risk, mitigates it, monitors it and puts recovery mechanisms in place. We shall discuss the key elements of such a comprehensive cyber security policy in future articles.
Send Us Your Vacancy and one of our consultants will be in contact to discuss your requirements and how we may assist.
Our Renaix Guide to Governance, Risk, Compliance and Internal Controls provides information on trends in the industry.
Similar posts: How to Build Up Cybersecurity Policies and Contingency Plans to Protect Business Data and Information, Auditing a Company’s Cyber Defences, Third-Party Risk Management – The New Elephant in the Room.
On the hunt for your next role? Upload your CV below and we’ll be in touch to discuss your requirements.
For employers seeking the right skills and cultural fit for your business, send us your vacancy to find out more about how we can help.Submit CV Send Us Your Vacancy