Too few companies are ready to deal with the growing threat of online attacks.
By Jane Hosking
We all know to avoid replying to those emails from strangers offering to transfer millions of dollars into our bank account, and most of us have at least a vague idea of the threat posed by hackers and malware. But when it comes to ensuring cyber security across a company, management teams often seem to underestimate the growing digital threats to their networks.
Faris Aloul, a senior information security consultant with Ernst & Young, said cyber security threats come in many different forms and can range from people who just want to have fun to state-sponsored attacks. For companies and individuals, however, he believes the biggest threat is from financially motivated attacks and hacktivism— an act of activism to spread a message via a cyber attack.
Aloul said the number of cyber attacks taking place across the world is hard to measure because companies that have been targeted are often reluctant to go public out of fear it would damage their business. As a result, the perception of risk is much lower than what it should be.
Another reason companies and individuals fail to prepare themselves for a cyber attack is because they make the mistake of believing they don’t have anything worth stealing. “Nobody is safe. As long as you have a computer, then you’re a target. It doesn’t mater what you do on it,” he said, adding that cyber attacks are on the rise. “There are lots of organizations that have been under attack recently. Even antivirus and security companies are becoming targets of cyber attacks.”
It’s no longer a question of if you will be under attack, or even when you will be under attack, said Aloul. Now he believes the question that should be asked is: Do you know you’ve been under attack? “Hackers nowadays, once they go in, they don’t want you to know that they’re in, they want to stay in there and do their thing and remain in there. So they will take lots of steps to ensure that they remain undercover,” he said, adding that he thinks most companies would have been breached at one point or another, whether they know it or not.
A successful cyber attack has the potential to be devastating for a company, its customers, and its reputation. Not only can it result in the loss of financial or personal information, but it can also have an impact on the core functions of business operations. For example, according to Aloul, a fertilizer company last year had their industrial machines hacked and their formula was changed so that the fertilizers started killing plants instead of helping them grow. This forced the company to recall everything.
To reduce the risk of cyber attacks Aloul advises individuals and companies to turn on the automatic updates for all the programs that they use. He also said that companies must understand that this is not just an issue to be dealt with by the IT team, but should be a concern for the executives in a company as well. They must ensure to activate a comprehensive cyber security plan that anticipates that one day they will be under attack.
As we become more reliant on technology and as the Internet of Things becomes more widespread, Aloul predicts that we are going to be increasingly surrounded by daily devices that are vulnerable to attack. “Cyber security is going to become even more important than ever, regardless of what you do or what industry you’re in,” he said. “Anyone can be attacking from anywhere.”