Cyber attacks 2nd biggest risk to business – 12/06/2019
In a recent survey conducted by Allianz Global Corporate & Specialty (AGCS), based on insight from more than 2400 risk management experts in over 80 countries, cyber Incidents ranked as the second biggest business risk internationally. This was only surpassed by business interruptions like supply chain disruption and service outages. Cyber incidents ranked above concerns such as natural catastrophes, changes in legislation and regulation, and even fire and explosions. Over the past 5 years, cyber incident risk went from a ranking of fifth in 2015 to third in 2016 and 2017 and then to second in 2018.
Schematic of world’s largest data breaches between 2017 and 2019.
Cyber incidents such as privacy breaches, DDOS (Distributed Denial of service) and ransomware encryption attacks can cause business interruptions, loss of reputation, liability claims (from other businesses and people) and extensive financial loss. According to AGCS, the average insured loss over the past 5 years from a cyber incident is now in excess of R33.6M ($2.3M). Such claims of this nature revolve around mega-data breaches like the recent cases of Marriott Hotels (380 million records), Uber (57 million records) and Facebook (50 million records). The cost of the Marriott breach was estimated at exceeding R2.9bn ($200M) according to AIR Worldwide. As cyber criminals become more pervasive and threats evolve, the risks and costs to businesses are sure to increase. For small to mid-sized (SME) businesses, these incidents can be terminal.
Marriot International suffered a massive drop in share price after the announcement of the breach on 30 November 2018 and a similar effect was experienced by Liberty Holdings after their breach announcement on 15 June 2018.
I 2019 we are witnessing cyber criminals turning away from large, well-funded organisations to start targeting SMEs. The simple truth behind this change is that it’s just easier. SMEs have less staff, lower grade infrastructure (network hardware, workstations, servers etc.), smaller budgets, limited to no IT departments, and in most cases little cyber security expertise compared to the larger corporates. Fortunately, there are numerous cyber security offerings available to protect organisations against external as well as internal threats. These security offerings can be customized to best suit a businesses’ needs and as the saying goes, ‘one size does not fit all’.
The following are some of the options available to protect organisations:
- Endpoint security (Antivirus) – scans files on access and protects against traditional virus and malware threats
- Email Threat Scanning – scan emails before delivery
- Patch Management – reduce chances of vulnerability breaches
- Regular Backups – onsite & offsite backup for redundancy purposes
- Vulnerability Scanning – scan for security weaknesses in IT infrastructure
- Network Monitoring – real-time network activity monitoring
- Staff Training – raise awareness and reduce chances of a social engineering attack
- Managed Security as a Service (SECaaS) – external managed protection services by cyber security professionals
- Managed Infrastructure as a Service (IaaS) – hosted infrastructure (servers, remote desktops, etc.)
- Software as a Service (SaaS) – MS Office 365, Maximizer, Dropbox, etc
Most companies already have some of the above-mentioned solutions incorporated into their annual operational budget, which means they don’t have far to go to implement a more complete protection plan. A minimum of five of the above points should be met to have peace of mind. The cyber world is ever-evolving and businesses should have the tools readily available to cope with the changing tide and to avoid getting caught with outdated cyber security practices.