The internet has become the essential infrastructure for most businesses around the globe. But with increased connectivity comes unprecedented risk of fraud, theft and abuse.
The digitised world is growing at a phenomenal pace, transforming the economic, political and social landscape around the world. The falling costs of technology have fuelled rapid digitisation of developing economies in Africa and other regions, bringing huge benefits to disadvantaged people, including to those without bank accounts or access to electricity.
However, businesses and government organisations in Africa and other developing regions are often highly exposed to cyber attacks in which viruses are used to access valuable data, disrupt activities and blackmail those whose defences are inadequate.
A growing threat
The use of ransomware – malicious software that shuts down computer systems and then demands money to fix the problem – is a growing trend, as demonstrated by the recent Petya ransomware attack. This crippled firms initially in Ukraine, UK, Spain, Russia and India, with security experts expecting it to lead to even more widespread attacks in the future. This attack used a new ransomware variant, dubbed XData, believed to be spreading faster than WannaCry, which has already affected hundreds of thousands of businesses in more than 150 countries, including many in South Africa.
There is a common misconception that hackers only target large companies. On the contrary, most businesses affected by hackers are small. Many are ill-equipped to deal with these cyber security threats and rely on outdated protection strategies, leaving them highly vulnerable.
Personal blogs and company websites are popular targets for hackers looking for an opportunity to spread malicious software or steal information. Ransomware and malware are concepts that all businesses must familiarise themselves with, as incidents of cybercrime continue to increase and fundamentally change the threat landscape.
Guarding your business against cyber risk
Cyber security should be top of your management agenda as all companies have a responsibility to put measures in place to keep their employee and customer information secure. Formal processes need to be implemented in order to identify and prioritise cyber risks and to create mitigation strategies.
Companies need to shift from a mindset of ‘if we are hacked’to ‘when we are hacked’. The best-prepared companies are switching their cyber security strategies from focusing on outright prevention, to implementing techniques to quickly detect breaches and limit the damage once a breach has been confirmed.
The trick is to make sure you have layers between your systems. If your customer data is behind another wall, it’s safer. Make sure your most valuable information is hidden – even from your own employees.
Awareness and adherence to local rules and regulations in all areas of operation are also critical. The EU General Data Protection Regulation (GDPR), due to come into effect in 2018, requires every organisation operating in Europe to abide by a number of regulatory provisions. This also applies to companies offering goods or services to EU markets in a way that involves processing any European-owned data. Cyber challenges are global, and each region will have its own regulatory responses.
Above all, remember that senior management teams can’t do everything themselves. Businesses need to build security awareness into their culture by making it part of everyone’s role. Staff throughout the business should be given specific responsibilities and encouraged to speak up if they think something is wrong. If everyone thinks about security, they’ll ask the right questions.