How Organisations Should Guard Against Potential Cyber Security Threats

Organisations need to have robust security measures in place as individual employees can also expose them to risk

Data protection is a rising concern worldwide, for individuals who are more vulnerable to online attacks given the lack of awareness and infrastructure as well as organisations whose systems are used by individual employees. According to a report by cyber security software company Norton LifeLock released earlier this year, a whopping 59 per cent of Indian adults had their data exposed to cyber criminals in 2020. Also, a report by IBM showed that Indian organisations suffered a loss of over Rs 16.5 crore during the pandemic (May 2020 to March 2021) due to data breach. Breach of personal data can be alarming, especially if it’s sensitive information, including your email address, photos, IP address and biometric data. “Cyber crime is a threat to day-to-day operations and a data breach or cyber attack might cause business and reputational damage as well as regulatory and compliance issues. Owing to the nature of risk, cyber risk management is an area of utmost priority for businesses today,” says Wilfred Sigler, senior director, market development and digital solutions, CRIF India

So, how do individuals end up compromising data for organisations? Zaki Qureshey, director general, Hyderabad Security Cluster, says, “Mobile devices, both corporate-owned and bring your own device (BYOD) [personal], are now the dominant productivity platform in any enterprise organization: 60 per cent of enterprise endpoints are mobile, according to Microsoft.” However, mobile devices are under-protected and disproportionately targeted, he adds. “These devices operate extensively outside of corporate firewalls, in the hands of users who may not prioritise precautions like vetting Wi-Fi networks or keeping their devices patched and updated. Mobiles often represent a wandering corporate data repository. That’s why Zimperium (one of the leading mobile security solutions, which offers only real-time, on-device, machine learning-based protection against Android, iOS, and Chromebook threats) detects an average of 600 million threat events involving enterprise mobile devices daily.” 

Implication of A Data Breach For Organisations 

• It can have damaging effects on business operations that cause a financial loss of around $5,600 per minute towards network downtime, according to industry surveys cited by a Gartner blog. This calls for an elaborate investigation that looks at aspects like how the breach happened and which systems were intruded, followed by a complete shutdown of the operations. 

• Individuals can pursue legal action against an organisation and seek compensation, in case their data is compromised. Under the data protection Act, organisations are legally obliged to undertake certain measures for data protection.

What Can Organisations Do? 

Some of the data protection technologies that organisations can consider are: 

1. Implementing the use of a set of tools and ideas that can protect sensitive data. 

2. Building and implementing a firewall to prevent any unauthorised access to data. 

3. Establishing solid authentication and approval measures that facilitate verification of user credentials, while ensuring that the user privileges are implemented in the correct manner using the IAM (Identity and Access Management) and RBAC (Role Based Access Controls) solutions. 

4. Enforcement of encryption that keeps your data protected from any unauthorised access, for example, by making the data indecipherable, even if it gets leaked. 

5. Use of Endpoint protection tools that helps organizations to keep a check on their network boundaries and refine the traffic as and when required. 

6. Automation of removal of redundant data, which is already processed or evaluated, and is no more required. 

7. “Reporting unfamiliar email sources by employees, creating a responsible Phishing plan, hiring cyber experts with regulations around data privacy, protection, and penalty, running an internal compliance course, or conducting regular cyber risk reports, are some of the ways an organisation can keep itself protected from cyber attacks,” says Sigler. 

According to Qureshey, modern enterprises should especially take note of mobile security solutions. “There is a need for an advanced technology solution that leverages machine learning to protect against a device, network, application and phishing attacks,” he says, adding that the solution should fit into the existing security ecosystem. 

Whether it’s the increased online activities by individuals or increased dependency on mobile devices for productivity by an organisation, cyber security measures can’t be ignored.

Source: Publication: OutlookIndia ,7^th Dec,2021