“Cybercrime is one of the greatest threats (outside of climate change which threatens our very existence) we face moving ever into this deeper ever deeper changing IT world” says Peter Wallace, Founder/Chair of the Wallace Business Forum.
Cyber risk is top priority of businesses with the rapid technology development, customers shift to online transactions and companies adapt to changing customer behavior. Let’s face it, more people out of jobs have more free time.
It is no longer IF but WHEN, an organization will be breached. How can companies protect their data and information under a hybrid work setup, and address situations once data security has been breached?
To address these issues, the Wallace Business Forum hosted the “Cybercrime Everywhere (Paralyzing Businesses).” Webinar.Keynote speaker was Dr. Stephen Cutler, former FBI/Legal Attache of the US Embassy who provided an overview of the cybercrime landscape and its impact on businesses.
He advised businesses to plan ahead similar to having sprinklers and fire extinguishers, putting on seatbelts in vehicles, and getting insurance etc. He said the most common forms of attack are (1) business email compromise campaigns which deceive companies into transferring money into a malicious person, and (2) phishing wherein people take the bait setup by cybercriminals, allowing them to steal user information. Cybercriminals are exploiting the widespread use of global communications on information related to COVID to deceive unsuspected victims. Another form of attack is e-commerce data interception which can pose a threat to online shoppers and undermine trust in online payment systems.
He said cybercriminals have also come up with new schemes during the pandemic such as impersonating government and health authorities to lure victims into providing their personal information and download malicious content. Government officials should use official addresses (@gov.ph) for official businesses rather than personal accounts.
Data privacy expert and former Deputy National Privacy Commissioner Dondi Mapa provided useful tips in protecting data. Employees should be responsible in protecting data and not rely on their IT teams to troubleshoot everything. Cybercriminals employ several strategies to infiltrate and steal data which include the use of: (1) master keys (zero-day vulnerabilities); (2) cloned keys (owned accounts); (3) backdoors (intentional vulnerabilities; employee who wants to get back to their employers); (4) trojan horse (malware); (5) broken windows (previously attacked; cyber soldiers testing their techniques and leaving broken windows to the system); and (6) unlocked doors (user error).
To protect data at home, practical tips he suggested are : (1) Isolate (use separate devices and networks for personal and work); (2) Wear a mask (use mobile device manager and VPN); (3) Clean hands (keep operating system and anti-virus updated); (4) Social Distancing (Beware of stuff sent over plug-in cables, WiFi, bluetooth, and air drop); and (5) Protect those around you (make sure those around you follow the rules too).
Jallain Manrique, KPMG Cybersecurity head discussed how to strengthen the network. He emphasized that cyber risk is not a technology problem. Rather, a business problem – a shared responsibility across all parts of business. Technology is just a component of cybersecurity framework which include strategy and leadership, business continuity, risk assessment, legal and compliance, audit etc. Organizations are only as strong as their weakest link. Everyone in the organization should recognize the importance of cybersecurity and know their role.
Organizations need to strengthen their three lines of defense :
- IT team and management to ensure that security policies are implemented.
- The risk management which provides checks and set the standards and
- The assurance side or the audit.
Cisco ASEAN Director on Cybersecurity Koo Juan Huat provided his insights and responses to cyberattacks. He explained that hackers today don’t just go after applications that are heavily secured. Rather, they attack weak links and weak devices then move to applications and data which can damage the company.
Security is a team sport and the staff play a crucial role. For example, the cyber breaches in the past 12-18 months started off with a simple phishing or identity theft. Companies can install the latest security technology. But not enough as employees need to do their part also.
He emphasized there is no silver bullet in security and mentioned that it takes about 100 days for a typical organization to detect a breach in their system. 100 days means tons of assets and data could have been stolen already. Companies need to be a lot faster and surgical in responding to threats.
Mr. Huat recommended the ff:
(1) Establish comprehensive visibility inside the environment (If you can’t see, you can’t protect).
(2) Collaborate and communicate amongst internally within the organization and with peers in the industry. Hackers
communicate all the time and share information on vulnerabilities.
(3) Be prepared to deal with breaches through training and conducting simulations to mimic a breach coming into the company’s environment.
Cybercrime is real and an ongoing threat, evolving and increasing in sophistication. Technology alone to prevent these threats not enough. We also need community effort by everyone complemented by awareness and education.
Be vigilant. “Think before you click”and pray too!
*****
Ms. Tarriela was the first Chairwoman of the Philippine National Bank. She was the first and only independent director/ chairwoman in the commercial banking industry. She is a former Undersecretary of Finance and the first Filipina vice-president of Citibank N.A. She is a trustee of FINEX and an Institute of Corporate Directors fellow.
A gardener and an environmentalist, she established Flor’s Garden in Antipolo, an ATI Accredited National Extension Service Provider and a DOT Accredited Agri Tourism Site.
(The views expressed herein do not necessarily reflect the opinion of these institutions.)