To understand cyber security, it is important to first understand cyber risk – the business cyber security threats that can lead to business disruption, loss of data, action from regulators, and ultimately financial and reputational damage.
Cyber security threats in 2022
The cyber risks facing businesses do not stand still, because hackers are constantly working to find more sophisticated ways to evade business cyber security measures. That is why having a clear view of the threats that could impact a business is so important – without that knowledge, how can any business hope to defend against them?
The truth is that the cyber security risks facing businesses of all shapes and sizes are many and varied, but the top cyber risks are:
- Phishing: Phishing is a type of social engineering attack in which cyber criminals trick employees into handing over sensitive information or installing malware, usually via email but increasingly via platforms like Zoom.
- Remote working attacks: The rise of remote working in 2020 may have helped firms to continue operating during COVID-19 lockdowns, but it also opened up new possibilities for cybercriminals. They have targeted weak passwords on remote access solutions like virtual private networks (VPN) as well as less secure computers used by home workers to access business systems.
- Cloud computing attacks: The pandemic also drove an explosion in the use of cloud-based IT systems and tools, but rapid adoption left holes in cloud cyber security which cybercriminals were quick to exploit.
- Ransomware: It is believed that ransomware claims a new victim every ten seconds worldwide on average, and the cost of those attacks rose to around $20 billion in 2021.
- Mobile phone attacks: In recent research, almost half (46%) of companies reported that at least one employee had installed a malicious application on a mobile used for work – potentially giving hackers access to business networks and data.
On top of all that, cyberattacks against businesses are becoming more common. In 2021, almost 75% of organizations experienced at least one cyberattack. In fact, around one in six of the firms affected said the incident threatened the survival of the business.
What is cyber security all about?
Given the range of cyber security threats facing businesses, and the potential consequences when things go wrong, defending against these threats is clearly very important – and that is where cyber security comes in.
In essence, cyber security is a body of technologies, processes, policies and practices designed to protect business computer networks, devices, software and data from attack, damage, or unauthorised access.
Detailed guidance on cyber security is available from the national regulators such as the UAE’s National Electronic Security Authority (NESA), but alongside that, it is worth arming yourself with some key information - by asking some searching questions of your IT team.
Cyber security questions to consider
These days, it is crucial that business leaders are informed about and involved in cyber security – not just the IT experts. With that in mind, here are some of the key questions to consider as part of cyber security planning:
- What are the top cyber security risks facing our organization?
- Are we testing our systems before there’s a problem?
- Are we conducting comprehensive and regular cyber security risk assessments?
- Do we have an effective information security awareness programme for all employees , third parties working with you or any contractors?
- If we suffer a data breach, what is our response plan?
- Are we complying with leading information security standards such as United Arab Emirates’s National Cybersecurity strategy?
- Do we have the right tools in place to detect a cyberattack quickly?
- Are supplier and supply chain risks part of our risk assessments?
- When was the last time we tested our cyber incident response plan?
Common cyber security mistakes
Alongside the insight you will gain from those questions, it is also crucial to understanding and avoid some of the cyber security mistakes that can undo efforts to defend against cyberattacks.
Five common mistakes are:
- Assuming that your business will not be a target: Every company is vulnerable to cyberattack, so engage with the issue and defend against the hackers. Take an “in-breach” mind set – think like an attacker”
- Isolating cyber security as an IT only issue: Often cybersecurity is seen as an “IT problem”. The tone at the top from Senior Management is key for combating cyber risks/threats.
- Underestimating the cost of cyberattacks: As noted above, one in six firms affected by a cyberattack reported that the incident had been a threat to business survival.
- Failing to update security software: Security software is constantly updated to ensure it can deal with new, known threats, so failing to install patches and updates is akin to leaving the door open to hackers.
- Not educating employees about security: According to The Global Risks Report for 2022, as many as 95% of cyber security breaches are caused by human error; remembering that security is only as strong as its weakest link, ensuring that employees are aware of the risks is crucial to cyber security.
Key actions for organizations to take
- Evaluate your business’ cyber awareness: Review your cybersecurity policies, processes and communication procedures to ensure that your employees are aware of potential cyber risks and how to manage incidents if they occur.
- Assess your cybersecurity: What systems or software do you have in place to adequately protect your business from an attack? Consult with your internal IT expert or seek the advice of an external consultant or company to make sure you have the necessary security measures in place.
- Consider cyber insurance as an added layer of defense: Cyber insurance can assist to deal with the impact of a cyberattack by covering costs and liabilities around data security, viruses, hacking, system damage, business interruption, threats and extortion.