Preventing Cyber-Attacks to Embrace New Technologies

By Johari Jalaludin, CISM, CISSP, P.TECH, Prince2 (Head Of Cyber Security, Drb-Hicom [MYX: 1619])

Johari Jalaludin, CISM, CISSP, P.TECH, Prince2 (Head Of Cyber Security, Drb-Hicom [MYX: 1619])

IT infrastructures in businesses are beginning to shift from physical to cyber control interconnecting with public data networks such as smart devices, internet of things (IoT) and cloud-based system. These new systems provide a unique platform for businesses to serve their customers and clients efficiently and effectively. The new technologies have transformed the way an organization performs its businesses. To be relevant, businesses need to be online and be innovative to serve its customers better. While embarking in these new technologies, businesses face major cybersecurity threats such as sensitive customer and employee’s data are stored in the cloud and indirectly exposed to the public.

A successful cyberattack can cause major impact to businesses. The effect of a security breach can be broadly divided into three categories which are financial, reputational and legal.

The first impact of a cyber-attack is a result of a substantial financial loss to a business. It usually transpires from the theft of corporate information, financial information or money.

The second type of damage from a cyber-attack is a reputational risk to a business. Trust is an essential element of the customer relationship. Cyber-attacks can damage the business' reputation and erode the trust of customers or clients. This, in turn, could potentially lead to the loss of valuable customers, sales, and reduction in profits of a business.

The third impact of a cyber-attack is when a business faces legal consequences due to data breaches. If any customer or employee’s data is accidentally or deliberately compromised and the business has failed to deploy appropriate security measures, it may face legal suit or fines which could sway its profits and reputation.

Spear phishing is the current and common threat which is used to attack most of the companies, especially in Malaysia. The objective of spear phishing is where an email is carefully designed to get a single recipient to respond and to typically entice users to click on a malicious link or attachment. It includes a link to a login page where the attacker will harvest the credentials of a user to perform malicious activities such as obtaining sensitive information.

To combat these cyber-attacks, businesses must ensure all their employees are aware of cybersecurity threats. They should be wary of unsolicited emails, particularly those that ask for a prompt response and be suspicious of unexpected emails request. Periodic awareness training must be performed across all departments to ensure all employees are aware of the latest cyber-attacks that could impact the business.

A comprehensive cybersecurity policy and procedures must be developed and implemented across all business functions. For example, if an employee resigns the business must ensure all their access to systems must be deactivated.

To protect data leakage, businesses may consider limiting the access of employees to systems or files. Least privilege access must be applied to all IT systems. Employees must be only given access based on their job roles. Another way to protect data leakage is to control the use of portable storage devices, such as USB memory keys, portable hard drives and media players.

Business must also invest and install reliable anti-virus and malware protection software. Besides that, organizations must ensure all applications are patched to its latest software versions , and a series of well-managed data back-up must be implemented in order to restore and recover the data in the event where incidents occur.

In conclusion, having a robust cybersecurity posture could help businesses win customer loyalty, protect reputations and attract new prospects. Besides that, it will enhance the company’s reputation. This can also lead to new potential clients and turn them into actual clients.

Enterprises that have implemented strong cybersecurity posture excel in having a true competitive advantage from their competitors. They excel in embarking in new technologies to perform their business. This agility makes them more productive and drives enhanced financial performance. This also allows businesses to differentiate their brands, product or services by conveying a strong perception of customer trust.