The world is not what it used to be, COVID-19 showed us that the dreaded, unexpected, ‘could-never-happen-in-a-hundred-years loss events’ can happen, and that when it does, we are not prepared. Nor was anyone capable of accurately modelling how this will affect the world, how long it will last and how we will rise up to face the challenges.
Many businesses treat Information Security in the same way as they treat these once-in-a-hundred-years loss events. They ignore it, because they believe it will not happen to them. They think they are too small, that they don’t really have anything of value for cybercriminals, or that their outsourced IT-companies are responsible, and have it under control. Sound familiar to you? The reality is that Cybersecurity related events are much more real and can do much more damage than most companies realize, and many companies can never recover from certain Cyber-attacks.
Most business leaders and decision-makers have very vague ideas about Cyber and Information Security and believe they are covered by having firewalls and some very fancy, software that use AI and whatever the latest buzzwords are. The reality is much more complex, Cybersecurity is not something you can buy, it is a culture that is part of everything you do, it sounds complex and hard work, but it is actually very simple.
Cybersecurity risk is just like any other risk you may have in your business, every time a vehicle leaves the premises, there is a risk of theft or an accident (which may not be your fault) or a breakdown, most companies accept these risks, and mitigate them by taking out insurance. The problem with Cybersecurity is that most companies don’t even know their risk.
Do you know your Cyber risk? Do you know what can happen if you are hacked? What will it cost your company if it had to happen?
So can your company survive another lockdown? The answer is probably no! So would you still take the chance? Various publications and organizations that study cyber events have reported an increase in ransomware attacks in 2020, especially since the COVID-19 pandemic. Ransomware can affect any size business, from the likes of Garmin (they paid a reported 10 Million USD in August 2020) to South African Entities like City of Joburg (twice, first in July 2019 and then again in October 2019), Telkom allegedly in June 2020 and then the Life healthcare group, during the height of their preparations for the coming COVID-19 storm in early June 2020.
What do all these companies have in common? They use and rely on IT Systems and data that are exposed to the internet, you would think that they could prevent this from happening, but if it happened to them, who says it won’t happen to you? Ransomware is big business for criminals, and because they effectively lockdown your systems or Data, they know they can ransom the access back to you. This is just as devastating to a business as the real-world lockdown has been.
Besides the loss of your data or access to your systems, and paying a ransom, there are various other costs involved for companies, these costs can range from Hundreds of thousands of Rands to Millions, depending on the size of the company, the severity of the attack and the preparedness of the company to respond to such an event.
Like most risks, the cost-effective solution is to prevent the risk from happening and if you cannot prevent it entirely, to then mitigate the impact should the risk materialize. So, can you answer the following questions?
* Do you know your Cyber risk exposure?
* Are you 100 % confident that your IT team or outsourced IT has the basics in place?
* Should you have an incident, can you recover and can you afford the costs of such a recovery?
If you hesitated in answering any of these questions, you might want to revisit your companies approach to Cybersecurity? You would not drive a car without a dashboard; you would also not leave your business open, at night, without locking any doors? So why would you expose your company in the same way?
Being Cyber Secure is much more than just having a firewall, anti-virus, backs-ups and spam filters on your emails. Cybersecurity is having the right hardware and software, having the right skills to use them correctly, and having a plan for when they don’t work as intended.
ACDS, with vast experience and decades of combined know-how and technical knowledge, can assist you in determining if you are prepared and can survive a second lockdown. We will do a free, high-level security value check (also known as a vulnerability assessment) for your company, it only takes around 4 hours of your time, and then you will know what your company is doing right, and also where to start to ensure that you keep on doing it right.
ACDS offers full-service Information & Cybersecurity solutions that identifies, analyzes and detects a variety of cyber threats while helping you to better respond and recover from any unwanted intrusions in your business with real-time results. Our cybersecurity resilience services cover all avenues of potential breaches through the combined efforts of key Information & Cybersecurity principles and the deployment of ACDS’ rapid detection and response system.