The year was 2005 and I had just joined an IT multinational company. Interesting enough, I was not aware of their solutions, but I was sure to learn about them when I attended one of the best one-day programs. It is called Airport Simulation, which is not intended to train us on how to run an airport operation, but to show us the importance of ITIL, unified communication, prioritization, well-defined processes and the importance of aligning IT to support business operations. I enjoyed it so much that I got a certification on ITIL – Foundation Certificate in IT Service Management v2. IT problems and solutions were clear in my mind after that. It was all about processes. The question that remained was: “How mature were these processes?”.
It turns out that Information Technology is still new when compared to other fields of knowledge. Information Technology has emerged in the 1980s with the fourth generation of digital computing (1979 - Present) while the history of Engineering, Medicine and Law date way behind. The first engineer known by name and achievement is Imhotep, builder of the Step Pyramid at Ṣaqqārah, Egypt, probably in about 2550 bc. Medical information in the Edwin Smith Papyrus may date to a time as early as 3000 BC. Legal history or the history of law is closely connected to the development of civilisations and is set in the wider context of social history.
As a business developer and marketer, I am passionate about understanding organizations and their solutions in order to bring better results. Considering I am not an IT technical person, I was mesmerized to hear a vast number of stories from the techies about when and how data was lost, how processes could be messy and how the lack of training could jeopardise the operations.
The absence of mature processes, people development and adequate technology can also impact security. Processes should be implemented efficiently. Employees should be aware of their role in preventing and reducing cyber threats. Technology can be deployed to prevent or reduce the impact of cyber risks by creating layers of protection. Unfortunately, prevention of cyber attacks is still underrated.
Sony Pictures Entertainment in late November of 2014 suffered a significant cyber-attack that led to intellectual property and personal employee details being leaked online. The attack ultimately led to Sony Pictures pulling the release of its upcoming film "The Interview," following threats from hackers against movie theatres planning on showing it. Bank Info Security
In June 2017, Maersk fell victim to a major cyber-attack caused by the NotPetya malware, which also affected many organisations globally. As a result, Maersk’s operations in transport and logistics businesses were disrupted, leading to unwarranted impact. In particular, Maersk’s container ships stood still at sea and its 76 port terminals around the world ground to a halt. The recovery was fast, but within a brief period the organisation suffered financial losses up to USD300m covering, among other things, loss of revenue, IT restoration costs and extraordinary costs related to operations. Safety4Sea
“The WannaCry cyber attack had potentially serious implications for the NHS and its ability to provide care to patients. It was a relatively unsophisticated attack and could have been prevented by the NHS following basic IT security best practice. There are more sophisticated cyber threats out there than WannaCry so the Department and the NHS need to get their act together to ensure the NHS is better protected against future attacks.” Amyas Morse, head of the National Audit Office.
If even large organizations have problems, how can we protect ourselves from cyber attacks? Things can get worse if you think about cyber security of individuals and small and medium companies. There are many ways of preventing cyber attacks and minimizing risks. I will share a cyber security checklist from the NCSC - The National Cyber Security Centre in the United Kingdom. NAO Org UK
The National Cyber Security Centre helps people live and work online in a safe way. You can find below a summary of cyber security and checklists for individuals and small and medium companies. NCSC
What is cyber security core function?
Cyber security's core function is to protect the devices we all use such as smartphones, laptops, tablets and computers, and the services we access online - both at home and work - from theft or damage. It's also about preventing unauthorised access to the vast amounts of personal information we store on these devices, and online.
3 Top tips for Individuals and family online security
Protect your email by using a strong and separate password. Cyber criminals can use your email to access many of your personal accounts, leaving you vulnerable to identity theft.
Install the latest software and app updates. Software and app updates contain vital security updates to help protect your devices from cyber criminals.
Always back up your most important data. Safeguard your most important data, such as your photos and key documents, by backing them up to an external hard drive or a cloud-based storage system.
Cyber security for Small & medium sized organisations
Cyber security doesn’t need to be a challenge for small business owners. Following the five quick and easy steps outlined in the guide below could save time, money and even your business’ reputation. This guide can’t guarantee protection from all types of cyber attacks, but the steps outlined below can significantly reduce the chances of your business becoming a victim of cyber crime.
Step 1 - Backing up your data
5 things to consider when backing up your data.
Identify what data you need to back up
Keep your backup separate from your computer
Consider the cloud
Make sure the cloud you choose is secure
Make backing up part of your everyday business
Step 2 - Protecting your organisation from malware
5 free and easy-to-implement tips that can help prevent malware damaging your organisation.
Install and turn on antivirus software
Prevent staff from downloading dodgy apps
Keep all your IT equipment up to date by patching
Control how USB drives and memory cards can be used
Switch on your firewall
Step 3 - Keeping your smartphones and tablets safe
5 quick tips that can help keep your mobile devices and the information stored on them secure.
Switch on password protection
Make sure lost or stolen devices can be tracked, locked or wiped
Keep your device up to date
Keep your apps up to date
Don't connect to unknown Wi-Fi Hotspots
Step 4 - Using passwords to protect your data
5 things to keep in mind when using passwords.
Make sure you switch on password protection
Use two-factor authentication for 'important' accounts
Avoid using predictable passwords
Help your staff cope with 'password overload'
Change all default passwords
Step 5 - Avoiding phishing attacks
5 Steps to help you identify the most common phishing attacks.
Configure accounts to reduce the impact of successful attacks
Think about how you operate
Check for the obvious signs of phishing
Report all attacks
Check your digital footprint
If you are asking yourself if it pays off to invest in cyber security, there are many Benefits of Cyber Security for your Business:
Protection for your business
Inspires customer confidence
Protection for your customers
Stops your website from going down
How resilient is your organization to Cyber attacks?
You can find out at Exercise in a Box – A free online tool which helps organisations find out how resilient they are to cyber attacks and practise their response in a safe environment. NCSC
Perhaps you work at a large organization and you would like to deep dive into cyber security, so I suggest the following links:
NCSC - Large organisations
Cyber Risk Analytics - 2019 MidYear Quick View Data Breach Report, August, 2019
Risk in Focus 2020 - Hot topics for internal auditors
List of data breaches and cyber attacks in July 2019 – 2.3 billion records leaked
The Biggest Cybersecurity Crises of 2019 So Far