Cybersecurity: What you need to know

As Cybersecurity Awareness month concludes, you may be asking yourself ‘Why should I be concerned about cybersecurity?‘

Simply put, cyber crime is a growing threat to our economy. Make no mistake about it, almost everybody owns something of value to a cyber criminal. Customer data just waiting to be mined, credit card details to steal, money, passwords, personal information… the list is long. With figures for cyber crime rising each year, it’s now more important than ever to understand what you can do to protect yourself and your business. In order to do that, you need to effectively leverage cybersecurity.

What is cybersecurity?

Cybersecurity is a way of protecting your computers, networks and programs and the data they hold from attack, loss or damage. While this is a simplistic explanation, cybersecurity is a huge field, and consists of many different threats and solutions, from managing passwords and installing antivirus software, to dealing with national incidents and educating staff.

According to the UK’s Action Fraud, online fraud and cyber crime cost the UK economy nearly £11 billion in the year 2015/16. Similarly, cyber crimes cost the South African economy R35 billion in 2015. And it’s not just the cost of the crime itself you have to worry about. Failure to adhere to data protection guidelines can be extremely costly. Organisations that don’t implement adequate cyber safety measures could be subject to significant fines. This will be apparent with the introduction of the new General Data Protection Regulation (GDPR) in the EU from May 2018 and the pending South African POPI Act.

Not having adequate protection from cyber threats can be a costly mistake to make.

Here’s what you need to know…

Since the 1990s, the image of the hacker has permeated popular culture. Sitting in a darkened room, clicking away at a glowing keyboard, screen filled with green text and acronym-filled instant messages, the hacker engages in online duels with cybersecurity experts who are rendered powerless to stop him. No password, online security measure, or firewall can prevent his attack. These depictions aren’t very true to reality, but to most of us who don’t work in the IT or security fields they sometimes feel like the closest thing we’ll get to understanding cyber criminals.

Even if you work for one of the 50% of SMEs who reported having been targeted by cyber crime in the last year, chances are you will remain somewhat in the dark about how cyber criminals work and, most worryingly, how to protect yourself from future threats.

One recent and well-publicised example of inadequate cybersecurity measures is the global WannaCry attack from earlier this year, in which hackers were able to access huge amounts of data and attempted to hold it to ransom.

https://krebsonsecurity.com/tag/wanna-cry-ransomware/ A map tracking the global spread of the Wana ransomware strain. Image: Malwaretech.com

You’ve probably heard mention of DDoS attacks, cyber terrorism, phishing, and other technical terms and may not know what these all mean. However, you don’t need to be an expert to protect yourself. The vast majority of cyber crime committed globally is relatively simple and easy to prevent with some basic security measures.

You might be asking yourself: Why am I at risk? Who’s going to target me?

Cyber criminals decide on who to target just like any other criminal, they either target the big prize, or the most vulnerable. An unlocked car is an easy target for a thief, and a small business with no cyber protection is similarly enticing to an online scammer.

Cybersecurity, just like health and safety or compliance plans, is all about risk management. What if your business were to fall prey to a cyber attack… Are you prepared? Would you recognise a scam? Is your data secure?

How do I protect myself and my organisation from cyber crime?

We’ve all heard the saying: “by failing to prepare, you are preparing to fail.”

Cyber crime is often a result of a failure to prepare. We all think that we are not at risk, that cyber criminals only target large corporations or government institutions. The rapid growth of cyber crime, and the easy access criminals now have to carry it out, means more people than ever are a target.

Unfortunately, appropriate cybersecurity is an ever-changing goal. Technology moves fast. New, creative methods of cyber crime means online security measures must be frequently updated. This is especially true for smaller businesses with no dedicated IT department, cybersecurity can sometimes seem like a minefield.

The team at GoldPhish focus on educating employees company wide with web-based training. Our dynamic CybACADEMY platform adapts with the on-going changes to cybersecurity, ensuring modules are always relevant. A workforce aware of the risk, and more equipped to recognise weaknesses in cybersecurity, will better protect your organisation. Cybersecurity must be accessible. It must be maintained by everyone who works on your network.

Our future blog posts will cover necessary controls and simple steps everyone can take to become cyber aware. For now, if you have any questions or comments, please post below!