How businesses can protect themselves in the ‘new normal’ of cybercrime

In the “new normal”, as internet scams and cybercrime seem increasingly to dominate headlines, businesses and individuals are being forced to adapt quickly to combat wily cybercriminals.

One of the most high-profile hits this year was an attack that took a major US fuel pipeline offline in a ransomware cyber-attack, sparking crisis disrupting the flow of 2.5 million barrels of fuel a day, making up 45 per cent of the East Coast’s supply of diesel, petrol and jet fuel.

Though an extreme case, the event thrusts into collective consideration the massive potential implications of cyberattacks, as well as the vulnerability of even enormous operators to attack.

Locally, a search of the keyword ‘scam’ through BusinessNow.mt’s search function underscores the prevalence of online scam and fraud cases, large and small. Just this week, HSBC Malta’s Head of Financial Crime Compliance, Mark Drago said 2021 could be described as the year of fraud.

To help concerned businesses fall victim to similar crimes, particularly in light of an increase in cyber attacks targeting financial institutions in recent months, FinanceMalta, a public-private initiative working to support and promote Malta’s status as an international financial centre, invited two leading cybersecurity experts to address its annual conference.

The keynote speaker, Sheila Pancholi, partner and leader of national technology risk assurance at RSM Risk Assurance Services broke down some of the things businesses should do to avoid falling victim to scams.

At the front end, she begins, businesses need to work on preventing attacks. This is about the controls companies have in place to stop a cyber attack, or at least make its success as difficult as it could possibly be.

One way to do this is through layering cybersecurity, which makes it much more difficult for cybercriminals to successfully attack businesses’ digital environments.

This layering takes several forms, she expands, “from perimeter security, right through to replication level security”.

Then, in the middle, it’s important to have detection processes, meaning regular monitoring controls to keep track of any attempted attacks which might have been made on companies’ digital environment.

People should also keep track of any vulnerabilities in systems, and Ms Pancholi warns that new ones can be found and reported on a daily basis.

As such, businesses need to keep track of any loopholes and have the resources to plug them.

On a “simpler” level, there are also a number of good habits companies need to be aware of.

They should have strong firewall systems in place and make sure they are operating with up-to-date and rigorous rules.

Additionally, companies should make sure their anti-virus systems are “robust” and that they have anti-malware software running across the company.

A final consideration is containment, which Ms Pancholi emphasises the importance of.

“All organisations are unfortunately at some point going to face some sort of attack”, she says, and some will likely face multiple.

This is because cybercriminals, after being successful in one attack against an environment will often try to capitalise on what they know about the organisation and its systems to launch subsequent attacks.

“Once an attacker is successful, they’re going to keep coming back”, the expert warns.

As such its is vital that companies are able to react “very quickly” to attacks, tracking a “root cause” as soon as possible and then closing any loopholes to contain the incident.

The faster companies act, the more they can mitigate damage to their organisation’s finances, operations, and reputation.

Also providing advice to the event’s attendees, Leon Allen, innovation director at Continent 8 Technologies encouraged concerned businesses to seek specialist advice if they feel unable to properly implement stringent cybersecurity measures.