Technology plays a key role in a company’s growth and efficiency; in fact it is essential to maintain one’s competitive edge. Yet, rapid technological change is constantly creating new threats. Companies therefore need to adapt and adjust their security measures in order to keep pace with the changes.
Guarding against cyber attack is a major challenge
No company is immune to cyber attacks. According to the International Business Report (IBR) published by Grant Thornton International in the fall of 2016, one out of five companies around the world (21%) were victims of a cyber attack in the 12 preceding months, as compared to 15% in 2015. A total of 2,500 business leaders based in 36 countries were surveyed for the study.
The explosion of data generated by digital technology, now exacerbated by Internet of Things (IoT) devices, combined with the high level of connectivity among organizations, creates many opportunities for cyber criminals to do some damage. In the manufacturing sector, for example, all data production, acquisition and management systems are inter-connected and companies work with a network of suppliers and distributors. These are all areas of vulnerability for a company.
Cyber crime is very costly for the global economy. According to the IBR, cyber attacks cost a total of US$280 billion each year. The attacks are carried out by criminals who often are well organized, some even acting as mercenary hackers on behalf of governments and organized crime groups. These hackers use increasingly sophisticated methods to penetrate an organization’s defences.
Canada is not immune to cyber attack!
Unfortunately, Canada is not immune to the problem. Almost 19% of companies surveyed for the IBR study reported that they had been the victim of an attack in the previous year. The aim of these attacks was primarily to damage infrastructure (IT systems, databases, etc.) or to steal money by making fraudulent requests or threatening to hack the company’s computer systems (e.g., Ransomware attacks).
Financial losses are not the greatest fear. In fact, 31.6% of organizations surveyed consider that the main consequence of a cyber attack would be the amount of time spent dealing with the aftermath. Other consequences include damage to the company’s reputation (29.2%), the loss of clients (10.2%) and lost revenues (9.8%).
Exemplary cyber security practices are therefore essential to reassure and attract customers, who want a secure environment for their electronic transactions. They also demand that personal information be adequately safeguarded. Companies must pay especially close attention to this matter and ensure that they are well versed in, and adhere to, federal and provincial legislation.
Safeguarding measures that are part of the corporate strategy
Cyber security is more than a set of binding measures to protect a company’s data and systems. Such measures must be a part of the company’s strategic approach in order to ensure that its operations are more efficient and secure. To be truly effective, cyber security must become part of a company’s ethos and fully adopted and implemented by all company employees at all levels and strictly monitored for adherence by connected partners.
Prevention and preparedness remains the best way to deal with cyber attacks, knowing full well that no defensive measures are perfect.
The first step consists in calling upon experts to assess the risk factors—both within the company and in its broader network—in addition to its cyber security weaknesses. This information can then be used as the basis for developing and implementing a policy, as well as security procedures and mechanisms (such as penetration tests), to reduce these risks as much as possible and react quickly in the event of an attack.
Since every organization is different, tailored solutions must be developed according to the company’s area of activity, structure, dependence on technology, supply chain, network and sales methods, etc.
Finally, it is important to remember that cyber security is everyone’s business and must be part of the corporate culture. As soon as new employees are hired, they must learn about the policies and procedures that must be followed and then be reminded of these policies and procedures in different ways on a recurring basis. For example, it could be ensured that each person is acting responsibly by discussing cyber security during annual performance appraisals.
This article was written following a study conducted by Grant Thornton International. To access the original content, consult the study.