Since the outbreak of Covid 19 and the resulting huge dependence on IT, both by businesses and individuals, cybercrime has sky-rocketed
According to research, UK businesses have lost over £6.2 million to cyber scams over the past year, with a 31 percent increase in the number of attacks during the height of the pandemic alone. And despite the gradual return to normality in terms of lockdown easing, the problem is escalating. Cybercrime Ventures anticipates that cybercrime will cost the global economy as much as $10.5 trillion by 2025 and the World Economic Forum lists cybercrime as the fourth largest global risk in 2021 (after extreme weather events, livelihood crises, and infectious diseases). To put it into perspective, businesses are reportedly 15 times more likely to have a cyber incident compared to a fire or theft. So how can enterprises go about protecting their data assets from cyber criminals and bad actors? Here are 5 key steps that Rasmus Holst, Chief Revenue Officer at Wire advises all enterprises to consider:
Adopt a Zero Trust approach
Zero Trust is a dynamic and hyper-vigilant security model that employs continuous monitoring and improvement to systems as a proactive defense against cyberthreats. The Zero Trust approach works on the principle that an organisation should not automatically trust anyone or anything inside or outside its perimeters. Platforms that run on the zero trust framework assume that all data, devices, apps and users both inside or outside of the corporate network are inherently insecure and, therefore, must be authenticated/verified before being granted access. Adopting a Zero Trust approach, entails leveraging stringent protocols and technologies such as multi-factor authentication, end-to-end encryption, identity access management, orchestration, and other comprehensive system permissions and safeguards. Rather than lowering cybersecurity safeguards within an internal network, Zero Trust ensures that anything inside or outside a corporate network (including data, devices, systems and users) is always treated with stringent security measures.
Provide clear company policies around use of tools
Research has continued to reveal that the majority of successful cyberattacks begin with a phishing email, often arising from “open” email systems, such as Gmail, where messages are able to be sent and received from anyone. This type of open email system provides an environment where those who are not trained on how to identify the warning signs of a scam (or people who are trained but are moving too quickly to pay proper attention) become easy targets for bad actors. As email is a ubiquitous practice in daily business operations, it is essential to establish concrete guidelines around which communication tools are appropriate for sensitive conversations. Conversations that include references to company IP, customer data, or other types of sensitive information should be reserved for trusted security channels and must be kept off platforms that are susceptible to known security and privacy flaws.
Invest in cybersecurity training
Enforcing cybersecurity training is a necessary procedure to help spearhead cybersecurity awareness across an organization. It is unwise to assume that cybersecurity practices are common knowledge to your employees. According to a survey from software company LoopUp, 70% of business professionals said it was normal to discuss company confidential information on calls, despite the fact that many popular solutions do not offer end-to-end encryption by default. In a fast-paced world where immediacy and ease is highly valued, building a true culture of security means taking the time to thoroughly educate employees on the importance of cybersecurity. Cybersecurity training should include, but not be limited to, educating employees on the weak points of cybersecurity, alerting them to the critical business and legal risks of a breach, providing teams with the right tools for sharing and discussing confidential information, and training everyone in proper protocol to defend against attacks (and recover in the event of a breach).
Update your tech stack
Chief security officers and IT leaders must not overlook the importance of re-evaluating and updating their tech stack on an ongoing basis. Ensuring that security technology is up to date on correct security protocols and protections is especially important, in today’s world of hybrid working, because remote workers (and therefore your company’s digital assets) are more vulnerable to cybercriminals, while operating outside of traditional perimeter-based security protections. Consider shifting all critical communications — where sensitive data and information is shared — to a secure environment that offers end-to-end encryption and is invitation-only.
Prepare your teams for the worst
Even organizations that do their due diligence to educate employees and utilize secure platforms and systems can still fall victim to cyber attacks. Therefore, it’s important to understand how the business will react in the event of an incident, and to develop a plan for action to be prepared for it. When developing these procedures, some key questions to ask yourself can be: how will business continuity be guaranteed if corporate networks or systems are compromised? What are the roles and responsibilities of key stakeholders in a crisis event? How will we secure the internal communications function? At the end of the day, effective management and response to a crisis is just as critical as proactive measures and can be a key factor in minimizing damage.
About the Author
Rasmus Holst is the chief revenue officer of Wire, an open source, end-to-end encrypted collaboration platform. Throughout his career, Rasmus has delivered growth, exits, restructuring, strategic direction and customer retention across start-ups and established multi-million-dollar businesses. He joins Wire from Huddle, where he served as the company’s Chief Operating Officer. Rasmus has served in senior leadership roles at Syniverse, Oracle, Intec, Digiquant, and Nokia.
Featured image: ©Santiago Silver
5 High-Scale Threat Monitoring Mistakes to Avoid Making
Cyber Security can be a Pillar of any Corporate Post-Pandemic Agenda, but are the CISOs ready for it?
How to Reduce Your Attack Surface in Six Steps
Technology at Work
Sign up for our newsletter