Digital security should be core of management strategy
Digital Security challenges at a glance:
Advanced threats continuously targeting businesses
Maintaining sophisticated security solutions is tough
Monitoring those solutions around the clock is even tougher
Threat intelligence that is evolving fast
Making sense of security data can be a headache
There are so many defense solutions to choose from
With the fast changing business world, digital security should not only be a technical issue but a concern for top management. See Also:KCB boss Joshua Oigara crowned top CEO in Africa
Customers are demanding it as worries about privacy, the protection of personally identifiable information, and identity theft grow.
Business partners, suppliers, and vendors are requiring it from one another, particularly when providing mutual network and information access.
There is general agreement that technology is the way forward for the financial sector but it brings heightened risks of cyber-attacks of a magnitude never anticipated in the past.Read Also:Cheap Toilets Accelerating Progress Towards Sanitation for All Goal
Security breaches and data disclosure increasingly arise from criminal behavior motivated by financial gain as networked efforts to steal competitive intelligence and engage in extortion are becoming more prevalent.
Development of standards that will guide the global financial sector in the area of operational risk in the years to come will therefore be necessary.
Therefore, days of digital security being just a technical issue are long gone. It is becoming a central concern for leaders at the highest level of many corporates as integrity of data becomes central.
Concern for digital security has gained importance due to rising cases of online fraud.
A recent research titled ‘Connected but not Protected’ from Kaspersky Lab show that employees are weak links through which penetration happens
The research reveals that besides being aware of the threats online, people are failing to install security solutions on their devices, and they are behaving carelessly. This makes them easy targets for cyber criminals, and as a result, 29% have been affected by online threats. Related story:How technology is disrupting manufacturing sector, World Bank
The research shows that variety and sophistication of online financial threats against consumers are growing with losses from online fraud, identity theft and hacking now running at billions a year. And with many cases going unreported, the true economic cost is likely to be significantly higher.
This is why digital security for organizations should never be left to the technical departments only but managers must understand and be part of the digital solutions and strategies.
Banks being at the core of global trading systems cannot afford to be careless at how they deploy and manage technologies.
“The importance of gaining insight into how your employees, business partners or customers interact with your technology cannot be underestimated, agrees YouTap Marketing Manager-Africa, Mwema Kerich.
According to Mr. Mwema, many technologies in the financial sector are made with security in mind and during deployment of any technology; users should be conversant with loopholes and how to protect their money from fraudsters.
Today, the worry is not only on the traditional threats that include, viruses, malicious codes, but also the emerging ransomware, espionage, skills shortage and poor cyber expertise.
We also have the cloned websites which is a duplicate of websites created to obtain customer log in details.The Distributed Denial of Service (DDoS) attacks and ransom demands have been on the increase meaning organization must put measures in place to be safe.
Experts aver that cyber-enabled fraud can be a repeat occurrence in an institution unless the detection system is updated. Also Read:How to download on Showmax and watch offline
According to Job Oloo McAgeng’o , Regional Director EA, Professional Technologies Ltd (PROTEC)– A Cognosec Company, In today’s environment, companies either know they have been hacked or they don’t know that it happened hence there should be collaborative trusted units who share information on breaches and support each other.
“Tighter corporate governance and auditing regulations are forcing firms to store huge volumes of data, which in turn increases their data security challenges. Companies realize they have neither the time nor the expertise to deal with security, and therefore it is easier to go to a specialist third-party,” adds McAgeng’o.
What should be done
The governance structure should provide independent assurance on the effectiveness of the cyber risk management and senior management of an institution must be responsible for overseeing and implementing cyber risk strategies.
“The risk management framework should be comprehensive and facilitate effective assessment, prevention and monitoring of the cyber related risks,” adds Robert Brown, CEO Cognosec AB Company.
Mr. McAgeng’o says there should be regular asssessment and tests of system to assure overall effectiveness of the activities performed by the institutions in managing and mitigating cybersecurity risks and threats.
He says that corporates should not entirely leave the task of their digital security to third parties or service providers.
“After choosing a service provider, there are still some further important responsibilities. Don’t forget to read the reports provided on vulnerabilities found and threat status, and evaluate the recommendations made. Take action to close the vulnerabilities – whether that is to change a firewall rule, apply a patch or change a standard,” he advises.
As the business and IT systems change, argues evaluate whether the service provided is still meeting security requirements, and keep up to date with the changing threat landscape and take appropriate steps to deal with emerging threats. That may require renegotiating service levels or scope of services.
“Institutions are required to educate and empower their staff and customers to better protect themselves in cyberspace,” he adds.
With cyber risks are still evolving, greater collaboration is needed in training, reporting of threats and implementation of security solutions across businesses.
Current and former employees and contractors who have or had authorized access to their organization’s system and networks are familiar with internal policies, procedures, and technology and can exploit that knowledge to facilitate attacks and even collude with external attackers.
Malicious insider acts that need to be mitigated include sabotage, fraud, theft of confidential or proprietary information, and potential threats to an organisation’s critical infrastructure.
Be on their guard at all times
Even more worrying is the fact that more users are now doing business online and fraudsters are looking for opportunities to cash in, making it important for users to have robust Internet security in place to protect themselves and their money.
Moving forward, we need to see boards of directors increasingly making information security an intrinsic part of governance, integrated with processes they already have in place to govern other critical organizational resources. See Also:Tweeting tips to get more followers
Ultimately, directors and senior executives have to set the direction for how enterprise security (including software security) is perceived, prioritized, managed, and implemented since cybercriminals are continually looking for new ways to exploit and defraud consumers.
By James Ratemo, email@example.com Twitter: @KenyaCurrent