It is becoming more and more important for our presence online to be kept secure in the face of increasing threats to the online security of individuals, businesses and even governments.
Cybersecurity has come at the front burner of significant discussions in technology circles with the rising tide of cybersecurity attacks and a range of criminal activity being perpetrated online.
The World Economic Forum’s Global Risks 2015 Report posits cyberattacks and threats are one of the most likely high-impact risks to be faced by organizations and governments.
The report also disclosed that Cybercrime costs the United State an Estimated $US 100 Billion a year.
For Nigeria, a report by the Nigeria Interbank Settlement System (NIBSS) Plc published in the Nigeria Electronic Fraud Forum (NeFF) report for 2016, disclosed that the industry recorded an 82% increase in fraud cases in the country resulting in an estimated loss of N2.16 Billion.
These figures call for concerted and deliberate measures to ensure greater awareness and reduced cybersecurity incidents, mainly within enterprises, organizations, and governments.
Cybersecurity experts at the Australian Computer Society have put forward five key aspects that enterprises and organizations need to consider to manage cybersecurity risks as follows adequately:
- Awareness and Education: At the forefront of cybersecurity awareness in any establishment is education and enlightenment. Cybersecurity experts posit that the conversation of cyber security must remain top of mind, become part of the decision-making process and staff must be educated to enable everyone maintains best-practice in cybersecurity processes.
- Preparation and Planning: Since the possibility of cyber attacks and cybersecurity threats always exist, it makes perfect sense to plan and be adequately prepared for any threats or attacks. These will include carrying out regular cybersecurity audits, implementing and enforcing best practice policies. With a clearer understanding of the possible risks and dangers to assets and data relevant to the organization, it becomes easier to monitor and detect threats and also protect critical data and infrastructure.
- Detection and Recovery: In the event of an attack, the faster the breach is detected and responded to more likely the chance of minimizing the extent of damage or loss. Organizations would need to develop an Incidence Response Plan to handle attacks should they happen. Analysis and preservation of data logs should be done to help identify the cause of the breach and thus aid the recovery process.
- Collaboration and Sharing: Collaboration is critical to mitigating current and future cybersecurity risks. Results of breach analysis from organizations should be shared with industry and relevant government agencies to help stop a known vector attacking organizations. Organizations should create, join or provide information or an Information Sharing and Analysis Centre (ISAC) for more comfortable collaboration and faster mitigation.
- Ethics and Certification: It is a fragile line between ethical hacking and unethical hacking. Enterprises and organizations must uphold and maintain specific set standards and code of ethics for professionals to abide by in the industry as a matter of principle and necessity.
The reality is that enterprises, organizations, and governments need to take proactive measures to avert cyber attacks and strengthen their cyber infrastructure.