Friday, 17 Jan 2020


Because of reputation and cost. When customers do not trust you to protect their data, or your systems have been disrupted because of a cyber-attack and transactions have gone awry, will they part with their dollars to you? 

    At the other end of the equation, there are companies who de-prioritise cyber-security as part of operational necessities, but is the risk of cyber-vulnerability worth the ‘price’ you pay post-cyber-attack?

    Data breaches and other cyber threats are a PR and financial disaster. Let’s examine this fully.

    Not too big to fail

    Some may remember the larger and headline-making incidences of cyber-security breaches – Sony Playstation’s network breach of 2011 where over 70 million users’ details were uncovered and leaked; the network was knocked offline for weeks. The company faced lawsuits from former employees on the accusation of Sony’s negligence and failure to protect personal data.

    In September 2018, British Airways became one of the most high-profile victims of cyber criminals when over half a million records of customer information were acquired by criminals after the airline’s system was hacked. 

    The incident took place after users of British Airways' website were diverted to a fraudulent site. Through this false site, details of about 500,000 customers were harvested by the attackers. This attack cost British Airways over £150 million in fines for their failure in preventing the data breach.

    The message is clear - if corporations and enterprises don't treat their customers' data with the utmost care, they should expect severe punishment when things go wrong, especially when laws such as the General Data Protection Regulation (GDPR), the biggest shake-up to data privacy in 20 years, came into force last year.

    Many within the cybersecurity community hope that these instances serve as reminders and wake-up calls for corporations and enterprises to beef up their defences against digital adversaries and have a Plan B for back-up capability.

    Here, we explore the full gamut of the issue concerning cybercrime, cyber-attack, cyber-security and why a digital defence system needs to be prioritised on your business agenda.

      Does the size of my business matter to cybercriminals?

      Yes, it does. Cyber criminals can and do target small and medium-sized business primarily because the amount of automation present in numerous processes in these businesses lays these companies vulnerable to cyber-attacks.

      Remarkably, an investigation by an American congressional small business committee found that over 70% of cyber-attacks happen to businesses employing less than 100 employees.

      What enterprise and business owners must remember is that as larger enterprises become better-equipped with costlier cyber defence systems, criminals tend to move down the food chain and target what is unfairly termed “the low-hanging fruit”, i.e. the SMEs.

      The situation has the potential to worsen, says one US-based cyber-security risk expert, as smaller companies cut back on security spending.

      Why your business is attractive to cybercriminals

      Experts agree on one fact: it is the data, not the size, which makes a business attractive to cyber thieves. 

      Especially, they highlight, if it is delicious data, such as swathes and drives full of financial data, customer contact information, credit card data, health data, or valuable intellectual property and trade secrets.

      Data breaches lay bare your trade secrets. Trade secrets are what help companies have that competitive edge over competitors especially in a market where goods and services are competing for customer dollars. 

      This is why corporations go to great lengths to protect trade secrets. A data breach exposes these documents containing either or both intellectual property or sensitive trade secrets to attackers who may profit from disseminating these secrets. Certain corporate information can be damaging to the corporation when made public.

      Erosion of trust and reputation

      What happens when there is the theft or exposure of customer details on public forums, online or on other platforms? 

      There is an erosion of trust between customer and corporation, and there is an erosion of reputation borne by the company.

      The bottom-line is that data breaches tarnish reputations.

      The Costs of Cybercrime and Forensics

      Cyber-attacks are not only undesirable but also complicated, firstly, as cybercriminals become more agile and sophisticated in knowledge and stealth, but also, digital forensics are often costly to commission and may turn up unsatisfactory results.

        Best practices and beefing up

        Businesses should formulate a cyber-defence policy that articulates security precautions for their employees. There are several lines of defence a business can put in place to avoid falling victim to cyber-attack:

        • Backing up data regularly 
          This ensures all your documents, electronic spreadsheets, databases, and files are properly backed up, because it is still possible to be breached despite the best precautions. Backing up data can apply to data stored on the cloud. 
          Celcom provides protection in the form of its Cloud Secure - Web Security solution for businesses, providing your business with protection from cyberthreats and cyberattacks. Powered by Secucloud, Celcom’s Cloud Secure works across Android, iOS and Windows devices, giving cloud-based security for mobile users, businesses and IoT devices. Business and enterprise owners and management teams can rest assured that their operations are secured in real-time with no impact on performance or speed, optimising operational efficiency.
        • Installing anti-malware software 
          This minimises the risk of malware when an employee unknowingly clicks on a link in a phishing email. According to reports, about a third of employees click on such links in these emails, later finding that malware has infected their computer. 
          Celcom Cloud Secure - Email Security is a hassle-free product that can add an extra layer of security for your business as it guards against harmful spam and data loss. The ease and simplicity of its zero-installation process, coupled with its compatibility across different operating systems makes it a smart choice, and it is also supported by 24/7 proactive, expert support.
        • Education and awareness
          Lastly, educating employees also goes a long way when enforcing best digital safety and security practices. Employees can be made to sign policy forms where they understand the implications of a breach in cyber-security actions. Enforcing quarterly passwords as well as multi-step authentication can also add an extra layer of prevention from cyber-threats.
          Remember that cyber-criminals are becoming smarter by the day, and so, a cyber-security plan needs to evolve and change -- be audited and updated regularly – in order for it to be absolutely effective.