Protect your business today

Boosting cybersecurity against data breaches and other cyber threats is not an option in the post-pandemic era

The federal enterprise depends on information technology (IT) systems and computer networks for essential operations. These systems face large and diverse cyber threats ranging from unsophisticated hackers to technically competent intruders using state-of-the-art intrusion techniques. Many malicious attacks are designed to steal information and disrupt, deny access to, degrade, or destroy critical information systems.

Cities across the globe want to become more intelligent — ‘Smart City’ is the catchphrase. It represents a vision of urban space in which millions of interconnected devices and sensors use data analytics and intelligent controls to improve the quality of life for everyone. This concept is already taking shape with the exponential growth of the Internet of Things (IoT), accelerating mobile and broadband networks and rapid progress in machine learning and artificial intelligence. However, each new IoT device, server or data transmission increases the risk of cybercriminals finding and misusing gateways to steal or sabotage.

Cybersecurity spending

Worldwide cybersecurity spending will reach $133.7 billion by 2022, according to a Gartner Inc. Post meeting with US President Joe Biden, Google and Microsoft promised to invest a total of $30 billion on cybersecurity over the next five years. Google and Microsoft pledged $10 billion and $20 billion respectively. More sophisticated cyber attacks are forcing organisations to invest heavily in data breach prevention. Half of the large enterprises spend $1 million or more annually on security. The benefits far outweigh the costs.

Why investment is needed

Data breaches exposed 4.1 billion records in the first half of 2019. Seventy-one per cent of these attacks were financially motivated, and 25 per cent related to espionage. There’s also been a 67 per cent increase in breaches since 2014. On average, hackers attack 2,244 times a day, or once every 39 seconds. Sixty-eight per cent of business leaders believe their cybersecurity risks are increasing.

In 2020, just over half of all data breaches involved hacking. Other common forms of data breaches included malware, phishing, and social engineering.

There are several causes of cybercrime including weak or stolen usernames or passwords, application vulnerabilities, poor access control and insider threats.

Cybercrime strategies

Some common hacker strategies like Denial-of-Service and Distributed-Denial-of-Service (DDoS) attacks, zero-day exploits and Man-in-the-Middle (MitM) attacks use system vulnerabilities in overwhelmed networks, two-party transactions, and issues waiting to be patched to infiltrate and damage networks.

Another popular method involves malware software that penetrates a system and disrupts key networks. Phishing uses end-user deception, such as fraudulent communication. Other strategies rely on programming or coding disruption, such as SQL injection or DNS tunnelling.

Tips to prevent cyberattacks for individuals

Update devices to address security vulnerabilities, and back up data regularly to protect against ransomware. Never click on suspicious links when browsing the web. Always create new passwords for online accounts and do not recycle old ones. Use two-factor authentication whenever offered. A lawful Virtual Private Network (VPN) can allow individuals access to their home networks and limit their internet service provider’s ability to track internet activity. Finally, individuals should never use public Wi-Fi without protection.

For organisations

An organisation should identify and implement cybersecurity, information security and data privacy regulations and standards like Abu Dhabi Healthcare Information and Cyber Security (ADHICS), Dubai International Financial Centre (DIFC) and Abu Dhabi Global Market (ADGM) data protection law, Dubai Healthcare City (DHCC) data protection standard, UAE federal law, EU General Data Protection Regulation (GDPR), and others. Organisations should evaluate their cyber risk at regular intervals. They should train employees in basic security principles such as building strong passwords and establishing internet use guidelines with penalties for violating cybersecurity policies. They should also install an antivirus software set to scan devices after each update. Additionally, organisations should have firewalls to prevent outsiders from accessing their data. Security rules for mobile devices such as requiring employees to password-protect their devices are another way to fight cybercrime. Companies can also control physical access to digital devices like laptops, allowing only trusted and key personnel to have administrative privilege. Organisations must follow best safe practices for processing payments. They should require employees to change passwords regularly.

Help is at hand

MBG’s cybersecurity and GRC services ensure security, compliance with data protection and privacy regulations and strong organisational cyber controls.

Get in touch with us today to know more:

Email: uae@mbgcorp.com

Whatsapp us or call: +971-52-6406240

— Naresh Manchanda is partner and Madan Mohan is director — technology advisory, MBG Corporate Services