By the SMU Digital Marketing Team
As our lives move increasingly online and more businesses go digital, the need for robust cybersecurity measures has never been greater. Cyber criminals are becoming more sophisticated in their attacks, and a single breach can have devastating consequences for a company. As such, cybersecurity is not just an important issue in its own right, but also a critical part of any organisation’s overall risk management strategy. It is essential to have plans in place to protect networks and data from theft or damage, and to respond quickly if an attack occurs.
SMU Executive Development programme director and Cyber Security for Business and Risk Management faculty Dr Flocy Joseph reveals top cybersecurity risks businesses need to watch out for, and how business leaders can optimise their cyber defence capabilities to protect their organisation’s most critical information – and their own.
Risks in a digital economy
The proliferation of mobile devices, cloud computing, and the Internet of Things (IoTs) has created a new landscape of cyber risks. In particular, the shift to remote work and the increasing use of data storage and big data sets have made organisations and individuals more vulnerable to cyber-attacks.
SMU Executive Development Programme Director, Dr Flocy Joseph
As Dr Joseph explains, a recent report by McKinsey & Company highlights the growing scope of cyber threats and the need for organisations to take action to protect themselves. The report emphasises the importance of risk management, incident response planning, and security investment in order to mitigate the impact of cyber threats. As the number and sophistication of cyber-attacks continue to rise, it is essential that businesses and individuals take steps to protect themselves.
“With hackers using AI, machine learning, IoTs and complex algorithms, the kind of cyber-attacks have become more sophisticated when compared to the past,” adds Dr Joseph.
“Add to this a big gap in the fact that there are loopholes in the regulatory landscape, with major shortfall in talent possessing relevant domain knowledge on cyber security aspects.”
With the advent of digital transformation, many businesses have become increasingly reliant on technology to operate. This has led to a corresponding increase in the number of cyber-attacks, as criminals seek to take advantage of vulnerabilities in digital systems. Some industries are more susceptible to these attacks than others, due to their handling of sensitive information or an insufficient investment in upgrading and maintaining technology.
According to Dr Joseph, the six most vulnerable industries are small businesses; the healthcare and medical sector; banking, credit or financial firms; government and military organisations; educational institutions; and energy and utilities companies.
A security-first mindset
With the rise of sophisticated cybercriminal activities, businesses have to future proof themselves to stay well-protected. This means that off-the-shelf, generic antivirus software and firewalls have become obsolete, adds Dr Joseph, and businesses need to take proactive steps to beef up their defences. In addition, regular training for staff on how to spot scams, investing in cutting edge technology like artificial intelligence and machine learning powered solutions, and hiring dedicated cybersecurity personnel are other steps that can be taken to increase cyber security.
“In this ever-changing environment revolving around cyber security, businesses must invest in accelerating digital transformation and make the necessary choices to navigate how they can forecast for the next three to five years,” she cautions.
“The decision made today will impact the businesses in the years to come.”
With the ever-growing reliance on technology, it is essential for leaders to be trained to understand issues related to cyber risk, to make informed decisions about cybersecurity. For example, Dr Joseph suggests the use of event simulations as an important tool for organisations to prepare for and respond to actual cyber crises. By utilising trained professionals in simulated cyber events, businesses can ensure that they are prepared for the worst-case scenario.
As Dr Joseph elaborates: “Businesses must also set aside budget for training their employees on aspects related to cyber hygiene, and create mock exercises to see how prepared the employees are with respect to identifying a cyber threat or vulnerabilities.”
Moreover, poor cyber risk management decisions can have a crippling effect on an entire organisation. With the increasing interconnectedness of decisions and interactions between different mechanisms and departments prevalent in most organisations, it is essential that risk management strategies include all three pillars of cyber security – people, processes, and technologies. By taking a holistic approach to cyber security, businesses can more effectively protect themselves from the ever-evolving threats posed by hackers and cyber-criminals.
With greater innovation, comes increased complications
Data has always been a key driver of business decisions. Organisations can now steer their strategies based on analysing large amounts of data quickly and accurately to improve their bottom line, track trends and predict future demand for products or services.
“Data is the new oil,” says Dr Joseph.
“With multiple decisions that are made based on data, it is important for organisations to protect systems and networks to achieve data availability, integrity and confidentiality. It is therefore necessary to implement prevention control wrapped around sensitive information which in other words is data encryption.”
Beyond just being an essential element of digital currency, cryptography is a critical tool for protecting information in the digital age. It is used in various applications, from military communications to secure financial transactions. As Dr Joseph suggests, cryptography is both an art and a science, requiring a deep understanding of mathematics and logic.
“Data is the new oil.”
She notes: “While encryption will not solve all data-centric security issues, in the case of cyber security strategy, cryptography aims to serve as part of a control strategy to mitigate cyber threats, among many other applications.”
Unfortunately, hackers are always looking for new ways to exploit vulnerabilities in systems. This means that organisations must continually update their defences against cyber-attacks, and one of the best ways to do this is by learning from past incidents.
Dr Joseph cites the case of the 2017 ransomware attack on shipping giant Maersk, which affected computer systems in more than 150 countries, including that of companies such as FedEx and NHS hospitals in the UK. The Maersk cyber-attack caused massive disruption across the world. But as the company’s officials were transparent with updating stakeholders on what had transpired, it earned the goodwill of the rest of the business community.
“Hence an innovative mindset to deal with cybercrime and prevent such crimes are the need of the hour,” shares Dr Joseph.
“It is also important for those organisations who have experienced a cyber-attack to share openly with stakeholders on what happened, and the response mechanisms adopted.”
As businesses continue to grow their online presence and become more reliant on digital tools, the risk of cybercrime also grows. Cybersecurity risks can have a devastating impact on businesses, from data breaches that leak customer information to ransomware attacks that lock down company files. However, equipped with the latest knowledge and breakthrough cybersecurity innovation, business leaders can take the necessary steps to protect their organisations, strengthen resilience and stand out in a competitive digital economy.
Learn more about how you can grasp the latest capabilities to manage cyber threats and prepare for the challenges of tomorrow, with the SMU Executive Development Cyber Security for Business and Risk Management programme.