2020 CYBERSECURITY GUIDELINES FOR C-SUITE EXECUTIVES

THE BRAVE NEW WORLD OF CYBER-ATTACKS

Cyber-attacks arguably pose the single biggest modern threat to businesses. The number of cyber-attacks, their level of sophistication, and the financial and reputational impact they have all continue to increase at an alarming rate. The research firm Cybersecurity Ventures predicts that cybercrime will cost $6 trillion globally by 2021. Inside actors, nation-state groups, and criminal organisations now often work together to deploy an ever-expanding array of social-engineered cyber-attacks. Common tactics include: spear-phishing, business email compromises (BEC), ransomware, distributed denial-of-service (DDoS) and Trojan horse malware.

The impact on both the public and private sectors is significant, creating unprecedented financial, operational and reputational risk factors for organisations worldwide. According to the U.S. Securities and Exchange Commission (SEC), the average cost of a cyber data breach is now $7.5 million. And the average cost of cyber liability insurance coverage has increased by 30% or more each year for the past several years. Worse still, with the growing popularity of the Internet of Things (IoT), there has been a 600% increase in the number of cyber-attacks on IoT-connected devices in the past year, especially those focused on medical devices.

The expanding use of the Internet and software applications has dramatically increased the number of vulnerabilities within information systems, networks, software and their respective endpoints, exposing each to the potential for fraudulent actions such as identity theft, identity fraud, business email scams and data breaches. The types of information that hackers consider most valuable include: intellectual property (IP), personally identifiable information (PII), protected health information (PHI) and payment card information (PCI).

From a regulatory standpoint, the continually evolving cybersecurity and data privacy requirements in South Africa and abroad create significant liabilities for companies. The pending implementation of the POPIA act is of significant concern to organisations who do business in South Africa, and could open a Pandora’s box of potential litigation related to data breaches involving the personal information of residents.

As a result, C-suite executives are struggling to determine the right strategy and investments to secure their vital data assets, ensure business operations meet evolving regulatory compliance requirements, and reduce the impact of data breach litigation. The best practice to address each of these concerns is to implement a threat-based cybersecurity program, which takes steps to safeguard against the most likely threats an organisation will face, juxtaposing internal vulnerabilities against the evolving external threat environment.