This post is brought to you by Celcom.
In this increasingly digital world we live in, your business’ cybersecurity shouldn’t be taken lightly. A threat analysis by Cisco found that 61% of businesses experienced an increase in cyberthreats or alerts by more than 25% since the start of the pandemic. Cisco found the most common cybercrimes were phishing, unsolicited cryptomining, ransomware, and information-stealing malware.
Now, according to Sophos’s The State of Ransomware 2021 report, the number of ransomware attacks has decreased by a significant amount with only 37% of businesses saying they have been attacked by ransomware in 2020 compared to 51% just a year ago. However, this doesn’t necessarily mean that cybercriminals are giving up, but merely prioritising “quality” over “quantity”.
Just last year, we saw high-profile companies falling victim to ransomware attacks like the American oil pipeline system, Colonial Pipeline and Kia Motors America. In March 2021, the seventh-largest commercial insurance company in the US reportedly paid USD40 million (RM176.8million) to obtain the decryption key from its attacker. By comparison, the highest demand made in 2020 and 2019 were USD30 million (RM132.6 million) and USD15 million (RM66.3 million) respectively.
One example of how a cybercriminal can gain access to your system is by leveraging weaknesses in software and services used in your business. Apache’s Log4j is a ubiquitous logging system used by developers to record errors and route system operations which are then relayed to the system administrator and users. This system can be found in open-source software, cloud platforms, web applications and email services.
In December of 2021, cybercriminals found a vulnerability in the Log4j system known as Log4Shell. It allows nefarious individuals to create custom code for formatting a log message which instructs Log4j to record other information like username and password. As a result, your company’s sensitive information and IT systems are at the mercy of cybercriminals.
The Federal Bureau of Investigation (FBI) advises against paying ransoms as it will just encourage the attacker to do it again or invite other ransomware attackers. Besides, there is no guarantee that you will even get any of your data back.
However, the cost to your business to recover from the attack might be more than the ransom amount. According to IBM’s Cost of a Data Breach Report 2021, the average cost of a data breach reached over USD4.2 million (RM18.5 million), a 17-year high. Cybersecurity Ventures estimates that by 2025, the global cost of cybercrime to businesses would reach USD10.5 trillion (RM46.4 trillion).
But monetary damage is not your only concern. Yeo Siang Tiong, General Manager for Southeast Asia at Kaspersky told Business Today, “However, once an attack was exposed to the press, the aftermath significantly increases. Reputational impact comes into play, and this proves to be more damaging than the upfront monetary aftermath.”
Reputation takes decades to build but can come crumbling down after just one successful cyberattack. Industries that offer financial or legal services that rely upon trust and positive customer perception are the ones that will be severely affected. You wouldn’t trust a law firm that’s not capable of keeping your sensitive data secure now would you? For these businesses, the challenge to gain customer trust could be so tough that a complete rebrand may be required.
So, despite the heavy toll that a cyberattack can take on a business, why are there still many companies not taking this threat seriously?
Well, in his article published in Harvard Business Review, Alex Blau says that heads of organisations tend to treat cybersecurity as a finite problem that can be solved, rather than as the ongoing process that it is.
So how can you safeguard your business from cyberattacks?
Modern cyberattacks are becoming increasingly complex with multiple stages including encrypting your company’s data, locking personnel out of the company network, and stealing sensitive data to sell on the dark web. Moreover, you might not even be aware that your data and digital assets have already been stolen.
Therefore, your business can benefit from a cyber security service provider to further strengthen the protection of your enterprise’s IT systems.
Celcom is partnering with Telefónica Tech, a member of the Cyber Threat Alliance (CTA) and the Anti-Phishing Working Group (APWG) to provide your business with a range of cybersecurity services. These services fall under two categories – Digital Risk Protection (DRP) and Vulnerability Risk Management (VRM).
Digital Risk Protection (DRP)
Celcom’s Digital Risk Management provides you with a strategic advantage and situational awareness to better identify and anticipate threats that pose a danger to your IT systems. This is achieved by a proactive team using specialised feeds to monitor the open web, deep web, and dark web to search for references and mentions to assets of your business. The team then analyses the situation to provide you with actionable alerts in real-time in addition to browser and network blocking services 24 hours a day, seven days a week.
If necessary, the threat will be resolved by utilising content removal and takedown, with added tech and admin support. Moreover, your IT team are able to take advantage of Celcom’s specialised tools via its web portal to keep an eye on potential threats.
Vulnerability Risk Management (VRM)
Vulnerability Risk Management (VRM) identifies and remediates threats in your IT system through a combination of automated scanning, 24 hours a day, seven days a week with persistent pentesting and manual pentesting by Celcom’s expert team. Pentesting is a simulated cyberattack against your IT system to check for exploitable vulnerabilities.
The results are then analysed by a Local Analyst to determine the severity of the threat and remediation required. You will also receive round-the-clock notifications and reporting via Celcom’s Customer Portal. If required, the appropriate measures will be taken to resolve the detected vulnerability.
Celcom ensures that through this process, your enterprise’s real level of risk can be identified, and the correct resources can be allocated to keep you ahead of the continuous evolution of cyberattacks.
Safeguard your business with a tailored-made solution and a dedicated team of cyber security experts with Celcom’s Cyber Threat solutions today.