Article

Staying on top of cyber threats

By increasing your understanding of the top cyber threats facing your company, by constantly monitoring and assessing your cyber risks and engaging in regular training, you can help decrease the chance your company will be sidelined by a cyberattack.

Across the globe, cybercrime is becoming ubiquitous. What’s more, businesses are operating in a world in which 95% of cybersecurity issues can be traced to human error.

Staying up to date with the evolving threat landscape is essential for both preventing cyberattacks and maintaining resilience, especially with the increase in the number of employees working remotely.

Cyberattacks can have significant impacts on organizations in key areas, including:

  • Financial: Cyberattacks generally enact a financial cost on targeted organizations. In some cases, it may be through a ransom demand, in others intellectual property may be stolen, while in yet others the ability to conduct business may be compromised. Additionally, there are often legal, public relations, repair and recovery, IT investigation, and other costs.
  • Operational: A cyberattack can often lead to business interruption — such as preventing customers or clients from accessing products and services — and a resulting loss of profit. Increasingly cyber threat actors can cause operational outages, such as attacks on manufacturing facilities and infrastructure.
  • Reputational: Depending on the scale of the incident, organization type, and jurisdiction, an attack may require the notification of customers and/or vendors whose privacy has been breached. Whether due to such notifications or an inability to provide services, reputational damage, such as loss of trust, is often difficult to repair.

Top cyber threats in the Middle East and Africa

Ransomware: According to a recent survey from Marsh and Microsoft, 33% of MEA respondents consider ransomware their top cyber threat. Ransomware is a type of malware that uses encryption to prevent users from accessing their system until a ransom is paid.

Many organizations, both globally and in the MEA region, feel that they are inadequately prepared to combat this threat. In fact, ransomware has become so pervasive that ransomware-as-a-service (RaaS) is sold to would be cyber attackers, much the same way software-as-a-service (SaaS) is legitimately sold. RaaS enables attackers who may lack the time or skill to develop their own ransomware to infect organizations with ease. 

As 62% of MEA respondents believe that a lack of assessment of their vulnerabilities to ransomware contributes to attacks, it is crucial for companies to take steps to better prepare themselves.

Social engineering: Home and remote work, which generally increased during the COVID-19 pandemic, is considered by 71% of MEA respondents to put their organization most at risk of a cyberattack, as it may lead to increased phishing and social engineering attacks. By using disguised emails that seem to come from a reputable source, attackers can trick recipients into downloading malware — such as ransomware — or giving up important information, including login credentials, financial information, or company data.

Ultimately, successful phishing or social engineering attempts can lead to privacy breaches, business interruption, and financial losses. Phishing is often successful due to insufficient employee training and awareness.

Third-party vulnerabilities: Data breaches may also come from compromised third-party vendors and suppliers. It is critical for companies to assess the full scope of their third-party relationships and take effective cybersecurity measures to mitigate the risks.

Strengthen your security

Preventing cyberattacks and maintaining resilience requires enterprise-wide participation, as every employee is a link in your security chain. Employees should be aware of measures such as the 12 key cyber controls, which many underwriters look for as signs of effective cyber risk management.

To help increase cyber resilience, department leaders, including those in risk and insurance, finance, and IT and cybersecurity can take steps including:

  • Regularly monitor, review, and share threat assessment updates from inside and outside the organization.
  • Maintain a cyber incident response plan that is reviewed and tested annually.
  • Engage in training exercises to help all stakeholders understand each other’s roles and responsibilities in the event of an incident.
  • Create multiple backups and store them on separate devices in different locations.
  • Test backups regularly to enable IT teams to understand the complexity of the restoration process.
  • Conduct annual internal phishing campaigns.

C-suite executives can takes steps including:

  • Receive regular threat updates to bolster understanding of such risks as RaaS.
  • Ask questions and provide guidance on the links between cyber risk and organizational growth strategy.
  • Approve a response strategy that includes scenarios in which ransom will or will not be paid.
  • Participate in annual cyber incident response plan testing.

Unawareness of your organization’s cyber risks increases the chances of it and your employees falling prey to specific attacks. By increasing your understanding of the top cyber threats facing your company, by constantly monitoring and assessing your cyber risks and engaging in regular training, you can help decrease the chance your company will be sidelined by a cyberattack.

You can speak to a cyber expert by contacting us here.