By Ni?o Valmonte
It was only a few months ago when the WannaCry ransomware infected millions of devices around the world. It crippled organizations by taking control of computer systems, holding data, and blocking access to it until a payment is made.
WannaCry is an example of ransomware, a nasty cyberattack that can halt an institution?s critical operations (such as those in hospitals, schools, banks, and government agencies), create reputational harm, and result to economic losses due to the damage or destruction of data, lowered productivity, and post-attack rehabilitation of computer systems.
While it didn?t take long for authorities to discover the kill switch of this ransomware, our battle against this, and other lurking cyber threats are far from over. In fact, shortly after, another massive ransomware attack called Petya rippled across the globe.
Recently, the International Telecommunication Union (ITU) published the Global Cybersecurity Index (GCI) 2017 which measures the member states? commitment to cybersecurity. According to the report, only about 38 percent have a published cybersecurity strategy, while 12 percent are currently in the process of developing one.
This is particularly troubling because according to a recent report by Cybersecurity Ventures, a leading researcher and publisher about the global cyber economy, cybercrime is expected to cost more than $6 trillion by 2021 globally. With high estimates for the number of Internet of Things (IoT) devices in the next years, this amount may even grow bigger.
That said, we strongly urge organizations to make cybersecurity a priority. Here?s what you can do to protect your data against cyberattacks:
- Involve C-level management
Now is the time for top executives to discuss cybersecurity on the boardroom table. Talk about the worst-case scenario if a cyberattack takes place, how prepared your company is to face a cyber threat, and what can be done to prevent it from happening or minimize the damage at the very least.
Decision makers with a background in digital security and risk management, as well as the company?s information security professionals, should explain and encourage the need to plan out and execute cybersecurity strategies.
Having a cybersecurity policy that lists down the company?s roadmap and execution plan would go a long way.
While some may argue that cybersecurity is too costly to be implemented, imagine how much your company stands to lose with one major attack. Some companies have reported incurring damage in the millions.
- Educate employees about the value of cybersecurity
Aside from implementing a cybersecurity policy, Information technology professionals should talk to employees about safe online habits — the need to take extra precautions when clicking links, opening email messages, and surfing the web, taking every warning box that appears on the PC monitor seriously, and understanding that every new piece of software comes with its own set of security vulnerabilities.
There?s also a need to draw the line on what Internet practices are prohibited within the office and its network.
- Strengthen IT operations
And finally, the business? IT team must be assertive in protecting the company against cyberattacks. IT professionals must keep data safe by turning to robust encryption tools, regularly updating applications, and to prevent internal compromises, ensuring the physical security of servers (e.g. data center or cloud hosting).
Upgrading all systems is a great first step to protect the business. WannaCry was able to infect millions of computers by taking advantage of the old Windows 7 operating system, which is still the most popular operating system in the world.
Staying with outdated programs is dangerous since most of them receive little to no support anymore. By keeping up to date with the latest developments, you can fend off the newest cyberattacks hounding businesses.
Now that digital is the new normal, every organization needs to embrace cybersecurity as part of the company culture. No one person can do the job alone. Implementing effective cyber defenses entails the commitment of everyone in the company.
The author is the director for marketing and digital innovation at IP Converge
