I attended a webinar to explore cybersecurity in order to drive adaptability and resilience in businesses. I will share my takeaway from the webinar and provide you with 5 questions that can act as a quick self assessment for companies to determine whether they are subject to cyber attacks.
Sachin Deodhar, the keynote speaker, shared his insights into the matter, started with the current world state: the new normal, the pandemic and the political stage which makes us all interconnected. The work from home culture is on the rise. The phishing attacks are increasing causing more vulnerability. Are we entering a bio-cyber warefare?
The change in geopolitical landscape means there are new questions that are worth exploring: is the new presidency of the US going to pose new collaboration worldwide? Is Brexit and the UK’s presence on the world stage going to change the way cyber-intelligence is conducted between UK and EU, and UK and APAC? There are different types of cyber attacks and different types of remedial actions that can be put in place. This is way too technical for me to understand in a granular way. I did however learned 5 kew questions for self assessment. A self assessment that helps businesses assess whether they are potentially subject (i.e. at risk of) cyber attacks.
Single point failure, Cyber-Kinetic attack, critical infrastructure failures, ransomeware are different types of threats that companies are facing. Hackers organisations are becoming very sophisticated in the type of attacks they conduct. An example was given on an attack that took place on insurance companies. Why? Because when other financial and SME businesses who were subject to cyber attacks and hackers demanded ransom, the insurance companies didn’t cover this type of damage. This meant that hackers in return did not get the money they demanded. Result? Revenge from hackers and hence attacks on those insurance companies.
During the presentation, Sachin explained the first level and second level ransom that are applied by hackers. These 2 levels of ransom are created to double their opportunity to make money. They exclude some data from the data set and demand ransom, and then they will demand another set of money to release the remaining data set – or they could sell the data to the competitors of the victim company.
‘This will not happen to me’ is the notion many companies and individuals have. So let us cover some of the questions for a self assessment:
- How significant am I in the socio economic and/or geo political environment?
- In my jurisdiction, am I constrained by any law and regulation to pay ransom?
- If I am allowed to pay, is there a limit I cannot exceed?
- What is the likely intent of the adversary? Do I store, process, exchange personal identifying information (PII) data?
- If my business cripples by the attack, will the impact go the beyond the immediate radius of the attack? i.e wider supply chain and customer base be impacted.
If you answer yes to any of that, it means that you are on the hit list of cyber attacks.
For me, the interesting part of this webinar is that it gives this high level simple self assessment for businesses to start their journey for adaptability & resilience. This no longer applies for financial or medical businesses only. It is much wider. That is why companies adopt the KYC – Know Your Customer approach, and in some cases KYCC – Know Your Customers’ Customer approach: a framework implemented to ensure businesses are fully aware of their supply chain and ensure they are not dealing with organisations that fall on a black list or a banned list of some jurisdictions.
Sachin then went on to explain that 90% of successful attacks on businesses are the direct cause of phishing. Phishing is were hackers send malicious emails with links for employees to click on. This has now progressed further into a new approach called Whaling: where they target the board and executive team of a company. These emails don’t only aim at the chief’s of the companies, but also to their executive assistants and their direct team.
All in all, Covid has certainly driven the entire world into a more digitised work environment. Businesses who were slow on the tech adoption journey have been forced to adopt and adapt quickly. This means that even more data is now available and more businesses can be subject to cyber attacks. To everyone out there, a message of caution and alertness is required when we interact with our digital tools so we can better support the experts in our businesses who do their best to keep any company’s ecosystem protected.