Digital transformation has been a top business priority, since the pandemic struck in 2020, but companies are discovering that the rush has made them vulnerable to increasingly pernicious cyber attacks.
From 2017 to July 2021, Malaysia suffered RM2.23 billion in losses from cybercrimes. Just this year, we’ve seen both the Ministry of International Trade and Industry (MITI) and National Registration Department’s (NRD) face data breaches. As new threats emerge, it is crucial for businesses to understand where they might be vulnerable to cyberattacks and what can be done to mitigate these risks.
Can you trust your team?
Whether accidental or intentional, companies need to recognise that their employees pose a risk to their security. In its Global Risk Report, the World Economic Forum revealed that up to 95% of cybersecurity breaches or attacks to organisations can be traced back to some form of human error. There’s many ways this plays out. Sometimes, it involves deliberate, malicious intent, but more often than not, it is because of a series of inadvertent mistakes or poor online habits.
Data-jeopardising accidents are just that: accidents that seem to have no repercussions as we go about our usual working day. It can range from sending the wrong file to the wrong person to using less trusted software, services and websites to get work done. Fortunately, many of these errors can be mitigated by educating employees, and by providing network securing services such as a VPN or trusted cloud solutions.
Safeguarding Cloud and Digital transmissions
Each technological advancement requires businesses to address their security head on, regularly. There is always risk in transmitting data digitally. These include data leakages which can occur from consistent use of digital data sharing and transmitting services, and Man In The Middle (MITM) attacks, which trick you into believing you sent your data to the right destination.
Vigilance and research are key in getting the upper hand on these threats. MITM attackers usually rely on user complacency, like inserting false links that mimic familiar sites such as cloud services or the third party that you wish to send your data to. Businesses should take steps to ensure their data is being sent to the correct destination – sometimes just checking HTML links to verify they belong to a legitimate cloud service beforehand can successfully thwart a sly attack to steal your data.
Researching and being selective of your cloud provider also go a long way in preserving your data from leaks, by entrusting your organisations’ data to only reputable providers and ensuring employees use robust third-party solutions.
Phish and Pharm
Phishing scams have persisted since the dawn of the internet and still remain a common malicious tactic today, plaguing all internet users. Over time they have evolved to become more sophisticated, hiding behind a veil of legitimacy. Phishing emails bearing malware-ridden links or files tend to impersonate large, trusted organisations or institutions such as banks or government bodies that can easily deceive an unsuspecting user.
Meanwhile, pharming often targets employees of an organisation. This method attacks organisations’ servers, faking legitimate web pages that can leech off employee data and credentials, subsequently compromising an organisation’s database. Again, vigilance is key – email addresses with too many additional and unusual characters are often a tell for fake emails. Similarly, cross-checking the HTML can ensure you are logging into an official site instead of a pharming site, and goes a long way in preventing data breaches.
However, cyber threats are continuously evolving, and to truly protect your data and ensure business continuity, companies should look to adopt a multi-layered approach to their security strategy. The importance of employee education cannot be understated either and should be every business’s first line of defence.
There is no one-size-fits-all to data security. Ultimately, organisations should consider not only solutions that will protect and secure their business, but also services that are prepared to remedy, restore and recover data in the event of a breach.
By Sandy Woo, Country Director, Veritas Technologies Malaysia
