Cybersecurity Remains an Afterthought
Effectively embedding digital initiatives in your organizations strategy and your strategic planning is challenging in its own right as well as driving your digital transformation. It is often an exciting and equally challenging journey and more often than not seemingly less important items fall by the wayside—one of which is cybersecurity. As you are embarking on this exciting journey the last thing you want to be doing is dealing with distant threats such as security, right? Yet a nagging voice in your head wonders, “Are these security threats so distant?”
While we have observed this repeatedly in our client engagements, we would argue that these threats are as real and potentially just as impactful as a failing digital initiative. Not convinced? Let us review some facts.
A report from Malwarebytes’ “Cybercrime Tactics and Techniques Q1 2019” shows a rise of over 500% in ransomware attacks in Q1/2018 alone and an increase of Trojan’s by over 600% in the same period. These are stunning numbers that no one can ignore. And the trend is continuing which is also part of the reason why legislators are starting to force critical infrastructure providers to take this threat seriously. A good recent example is the EU NIS directive that requires member states to have a Computer Emergency Response Team that coordinates also at an EU level as well as mandatory measures that must be taken by critical infrastructure providers such as telecom operators, banks, healthcare institutions, etc. This is just one indication that things are serious. A recent article published by the Swiss “Neue Zürcher Zeitung” made the statistics of companies affected and associated losses very real by describing the case of a Swiss SME affected by ransomware and how the company just barely managed to survive what started as a seemingly harmless hiccup of one of the IT systems.
Make no mistake—ransomware is booming business and these operators are operating in a very innovative, brutal and commercial manner. The level of sophistication that some of the operators are exhibiting is impressive. Gone are the times of emails that are obviously spam. Attackers increasingly research your organization and target your organization with seemingly plausible communication and all it takes is one of the employees to slip up.
So what can you as an SME do about this you may ask? A lot! For starters, start taking this threat seriously and ensure that you have measures in place to protect yourself and to deal with a possible “worst case scenario”. Being prepared is half the work. Second, ensure your team is trained, not just once but regularly, and understands the importance, the threat and how to recognize and report potential issues quickly. Finally, as exciting as your digital initiatives are, never leave cybersecurity and data privacy by the wayside. They are not an afterthought, but an integral part of your strategy execution and digital transformation.
And finally, with these measures in place, you can hopefully sleep well at night.
The Directive on security of network and information systems (NIS Directive)
Wie ein Schweizer KMU ohne Lösegeld, dafür mit Militärtaktik einen Hackerangriff überlebt hat (German)
Why the European Union Network Information Security (NIS) Directive should be on your Radar (English)