The world’s transition to remote working and increased reliance on digital platforms pose numerous challenges for businesses, most notably heightened security risks.
As people spend more time online and access office networks from home or while on the move, an increasingly sophisticated cohort of criminals is looking to exploit the vulnerability created by this new operating model.
So how should businesses be dealing with cybersecurity? What are some of the current trends and future issues and what does success look like? These were the questions that were tackled during a recent Investec webinar.
Attack vectors have changed now that so many people are working remotely. The most prevalent attacks we’re witnessing globally across industries are cyber extortion attacks, in which criminals try to compromise data and install ransomware.
Unsurprisingly, cybersecurity has become a discussion at boardroom level across the globe. And South African companies remain a prolific target. Research by Comparitech ranked the country 31st out of 75 in terms of cybersecurity exposure.
As these threats continue to rise, customers and partners will require assurances from the businesses they engage with that their cybersecurity measures offer sufficient protection.
Trust remains the core component in business success. Customers need to trust that their data and their finances are safe and that systems are always available to operate and transact as more engagement happens online.
And in the burgeoning digital economy, a cybersecurity scorecard will become a vital measure to determine a company’s trustworthiness.
Cybersecurity scorecards use publicly available information collected from the internet to offer a holistic view of a company’s security capabilities and effectiveness.
From a business differentiation perspective, cybersecurity scorecards offer a visible representation of a business’s security measures. And if scorecards became mandatory, they would act as a tangible measure to rate and compare financial service providers such as banks.
While a few companies globally already produce cybersecurity scores, I believe that a standardised scoring system applied across industries would help make entire sectors more secure.
Speaking on the panel, Cisco technical solutions architect Greg Griessel said: “Irrespective of the industry and what other companies are doing, it is best to work according to some form of cybersecurity framework based on a universally accepted standard. That sets the baseline for what you do beyond that.”
I think it’s critically important that the banking sector takes the lead on this. At present, the industry tends to respond reactively to regulations and compliance.
However, an additional incentive, like the ability to attract and retain new customers, would accelerate the adoption of advanced cybersecurity solutions. This would benefit the industry and the customer, given the evolving risk landscape.
Experts predict that, even once the pandemic is over, cybercrime’s impact will only grow in magnitude as the world transitions to a digitised future amid the fourth industrial revolution.
According to cybercrime researcher Cybersecurity Ventures, global cybercrime costs will grow by 15% year-on-year to reach $10.5 trillion (R150 trillion) annually by 2025, up from $3 trillion in 2015.
We will increasingly see scripting-based automated attacks, while artificial intelligence and quantum computing attacks pose significant future threats and will change the game altogether.
Businesses will need to automate their defences to respond because you can’t manually defend against automated attacks.
While attacks with this level of sophistication are still some way off, businesses must start building quantum-resilient encryption today; cybersecurity scorecards could proactively advance this agenda.
Pioneering industry-wide cybersecurity scorecard adoption in Africa would also advance digital competencies on the continent and help local businesses compete in the global marketplace.
The opportunity for Africa is to learn from others and leapfrog more developed economies as companies sweat sunk investments in older technologies. Cloud-based solutions offer significant opportunities in this regard.
Young is the global chief information security officer for the Investec Group, where he crafts and executes the global security strategy and provides assurance to the various Investec boards and executives