Risk

Professional Perspectives: Cyber Security with SRG Security Resource Group Inc.

Cyber Security is Every Company’s Concern

The ever-growing risk of cyber attacks is an issue that every business, large and small, must devote more attention to. As technology and software advances and becomes more complex, so to do the potentials of cyber attack. Specifically, Malware (short for malicious software) has become the topic of conversation across the cyber security service industry.

Malware is any software used to disrupt computer or mobile operations, gather sensitive information, gain access to private computer systems, or display unwanted advertising. These types of attacks are typically very stealthy and difficult to recognize and track. Even once the attacks or hacking has been discovered, it is very difficult to determine the extent of what was affected and what was taken. It is similar to the iceberg analogy, where a portion is visible, yet the bulk remains hidden.

An important malware for businesses to be aware of is being referred to as Ransomware (Cryptolocker). As the name suggests, this is a type of attack that locks down a company’s data and then demands payment for its release. Attacks like these are often initiated on unsuspecting employees who fall victim to malicious websites or email phishing, and end up opening an attachment that activates and allows malware into their system.

It is important to understand that attacks are not only directed at personal computers. Mobile device attacks grew by an average of 17% per quarter in 2016 and this trend is steadily continuing in 2017. This demonstrates the continued sophistication of these attacks and how they are infiltrating any, and all, technology that may be holding sensitive and valuable information. Ten plus years ago these actors were focusing on stolen credit cards; now they are kidnapping highly sensitive data and ransoming it back to the owners for multi-million dollar bitcoin transfers to offshore accounts that can never be traced by the authorities.

As disturbing as these scenarios can be, companies are not helpless against cyber security concerns. Here are three areas for consideration:

  • Technology – What are you using to conduct company business? (computers, tablets, cellular phones, office printers, etc.)
  • Business assets – What corporate information should you be protecting? (customer systems, financial systems, buildings, inventory, etc.)
  • People – How are your employees using corporate assets to conduct company business?

These three factors need to apply, not only to an owner’s consideration of their computer system security, but also security at their physical buildings. For example, hackers have infiltrated systems by leaving thumb drives outside buildings that have the company logo on them. An unsuspecting employee sees the logo and picks it up, assumes its harmless, opens it on their system, and the hack is successful. It can be that easy.

The new thinking on the subject is that companies need to have the mentality not of “if we ever get hacked”, but rather “when we get hacked”. If a company maintains sensitive and valuable information, then it is in their self-interest to develop a formal approach to counter cyber security risks.

The simplest steps to this process are: a) educating your employees on cyber risk awareness, b) implementing technology that adequately counters cyber attacks, and c) establishing a governance approach to effectively monitor and assess your cyber security strategy.

Today’s digital world holds a new array of threats to companies’ security. It is time to educate yourself on them.

Brian Zerr
Director, Cyber Security Services
SRG Security Resource Group Inc.
300 – 1914 Hamilton St.
Regina
Office: 306.522.1670
Cell: 306.537.6542
Fax: 306.352.4110
Email: bzerr@securityresourcegroup.com
securityresourcegroup.com