Tag: cyber crime

The World is Doubling Down on Cybersecurity — Here’s What Business Leaders Should Know | Entrepreneur

Opinions expressed by Entrepreneur contributors are their own.

In recent years, the cybersecurity environment has significantly transformed due to the adoption of more stringent regulations. As hackers become more sophisticated and audacious by the day, governments and regulators worldwide are catalyzing proactive measures to safeguard citizens and businesses alike.

Following the EU’s revolutionary General Data Protection Regulation (GDPR) legislation back in 2018, we witnessed the US and even NATO forging ahead in the war against cyber criminals. For CEOs, understanding and adapting to this evolving landscape is not just a matter of compliance but a strategic imperative.

Related: The Role of Leadership in Creating a Cybersecurity Culture — How to Foster Awareness and Accountability Across the Organization

The dynamics of modern cybersecurity regulations

Regulations have become more intricate and stringent in response to the escalating threat landscape. A prime example is last year’s SEC cybersecurity rules, which mandate public companies to divulge comprehensive information about their cybersecurity risks and the strategies to mitigate them. Moreover, these rules also advocate for the active involvement of CEOs in overseeing cybersecurity policies. This signifies a paradigm shift toward a more proactive and vigilant approach to safeguarding company assets.

CEOs must also recognize that cybersecurity regulations vary from one country to another. Depending on the physical position of their clientele, businesses might have to adhere to multiple regulations. Take, for instance, the EU’s GDPR. It stands as one of the most rigorous cybersecurity regulations globally, applicable to any entity that handles the personal data of EU citizens. Imagine a business serving the US, Europe, and India, along with the SEC’s cybersecurity rules and GDPR, the US’s national cybersecurity strategy, India’s Data Privacy Bill, and many more necessitates CEOs to possess an intimate knowledge of the specific regulations applicable to the data they handle.

Fines are only the tip of the iceberg in terms of the financial consequences of non-compliance. Legal fees, forensic investigations and potential lawsuits can take a heavy toll. Take GDPR as an example. Violations of its stringent data protection regulations can result in fines amounting to 4% of a company’s global revenue or €20 million, whichever is higher. This serves as a stark reminder that non-compliance can have severe financial repercussions, with the potential to cripple even the largest corporations. Additionally, there’s the less tangible but equally significant cost of lost opportunities and market share as customers migrate to competitors they perceive as more secure.

Beyond the financial repercussions, reputation is another currency no CEO can afford to squander. A cybersecurity breach can inflict immeasurable damage to a company’s standing, eroding trust among stakeholders, customers and partners. CEOs must recognize that compliance is not merely a checkbox exercise but a foundational element of corporate responsibility and trust-building.

Related: Cybersecurity Is No Longer An Option. Your Money Is in Immediate Danger.

Navigating the regulatory landscape and ensuring compliance

As a CEO, there are strategic steps you can take to prepare your organization for the labyrinth of cybersecurity regulations. This journey starts by embarking on a comprehensive risk assessment voyage to fathom the intricacies of your organization’s cybersecurity landscape. This entails delineating the scope of data collected and stored, identifying the systems and applications in use, and envisaging potential threats. Armed with this understanding, you can prioritize risks and craft a bespoke plan for mitigation.

A robust cybersecurity program serves as the linchpin of your organization’s resilience. It should encompass a spectrum of security controls, including Identity and Access Management solutions for access control, Unified Endpoint Management solutions for device management and data encryption, and Endpoint Detection and Response solutions for proactive response. Additionally, establish a regimen for periodic testing and evaluation of cybersecurity compliance to ensure its efficacy.

Lastly, the IT department and every employee are accountable for the organization’s security. The entire workforce must shoulder the onus of cybersecurity compliance. This requires a top-to-bottom commitment from the C-suite. CEOs are responsible for actively fostering a security culture, providing staff members with the skills and resources they need to recognize and address potential risks and setting the standard for the whole company. This involves regular engagement with the company’s cybersecurity strategy, understanding the risks, and making informed decisions. A well-trained workforce is an invaluable asset in the battle against cyber adversaries. This strengthens the company’s overall security posture and demonstrates a commitment to employee well-being. Concurrently, organizations must also invest in a skilled cybersecurity team to manage their compliance strategy effectively.

Related: How Artificial Intelligence Is Changing Cyber Security Landscape and Preventing Cyber Attacks

Bottom line

Compliance should not be viewed as an imposition but rather as a shared objective that aligns with the organization’s broader goals. Incentivizing compliance fosters a sense of collective responsibility and reinforces the importance of cybersecurity across all departments. While they might inadvertently strain business operations, cybersecurity regulations are no longer a choice but a necessity in the digital world.

As the regulatory landscape tightens its cybersecurity grip, CEOs face challenges and opportunities. Embracing compliance safeguards the organization from regulatory penalties and fortifies its reputation and resilience in the face of evolving threats. By cultivating a culture of security, staying vigilant in the face of shifting regulations, and recognizing the holistic impact of compliance, CEOs can not only meet the demands of the present but also thrive in the age of cyber resilience.

Apu Pavithran

Source link

November 17, 2023
Schools Aren’t Safe From Cyberattacks. Here’s How to Navigate Cybersecurity in the Modern Classroom | Entrepreneur

Opinions expressed by Entrepreneur contributors are their own.

Education has always been at the forefront of societal progress, shaping the minds of future generations. In recent years, as we further delve into the modern age, the traditional classroom is undergoing a profound transformation. This digital shift in education has completely changed how we teach and learn, from tablets and interactive whiteboards to online learning environments and virtual reality. This shift, however, is not without difficulties.

The proliferation of mobile devices and cloud workspaces broadens the attack surface, making it easier for bad actors to access your network. Schools, universities and other educational institutions hold vast amounts of sensitive data, like academic records, student and parent addresses, phone numbers etc.

This makes them an enticing target for cyber attackers. Reports show that, from June 2022 to May 2023, there have been 190 known ransomware attacks against educational institutes. This is an 84% increase in attacks in the 6 months.

Apart from the monetary repercussions of such attacks, the danger to a student’s privacy, the damage to these institutes, and their impact on society is genuinely troublesome. For instance, last year, Lincoln College, Illinois, a 157-year-old institution that had survived two great wars, the Spanish flu, the great depression, and the Covid pandemic, became a victim of multiple ransomware attacks and was finally forced to shut down.

So, the seriousness of cybersecurity in education cannot be understated. Fortunately, cybersecurity training in schools has been gaining steam recently. In March, the governor of North Dakota signed a bill that makes cybersecurity training a mandatory part of the curriculum for K-12 students. However, safeguarding the privacy and securing endpoints and networks while providing an unhindered learning experience is tricky.

Related: Will Colleges Survive in the Age of AI?

The balancing act between security, privacy and productivity

In an increasingly interconnected world, where technology is deeply integrated into education, protecting students, institutions and their data is a prime concern.

The backbone of any institution’s security lies in its network infrastructure. The network infrastructure of every organization serves as the foundation for its cybersecurity. Strong firewalls, intrusion detection systems, secure network access controls and threat prevention systems are essential components of a secure network. Furthermore, to avoid unauthorized access and data breaches, monitoring the network and fixing any vulnerabilities regularly is essential.

Along with the network, securing the endpoints is also pivotal as more and more schools provide computers, tablets, or mobile devices in the classroom. Instituting policies that require the use of strong, periodically updated passwords and regularly applying security patches and updates to operating systems are essential to keeping these devices secure. Alternatively, utilizing a Unified Endpoint Management (UEM) solution will provide endpoint security features such as enforcing strict password policies remotely pushing app and OS updates or patches etc.

Related: Google Is Getting Sued for Collecting Data From Kids’ Educational Chromebooks

Apart from securing endpoints, when the number of devices keeps increasing, managing them and ensuring they are not misused creates another hurdle. Provisioning all school-owned devices with a UEM allows administrators to hone these devices into focused learning tools. Its app management capabilities help push essential applications to the devices directly from the UEM console without any external user intervention.

Moreover, any undesirable apps could be blocked or restricted from being installed on the devices. The web content filtering capability does the same with websites, preventing students from visiting unwanted or malicious sites. A UEM supporting multiple operating systems also removes the hassle of using a different solution for each OS.

Educational institutions will always have a significant quantity of sensitive and personal data. Therefore, it is imperative to protect this data to retain the privacy and confidence of students, parents, and staff. The scariest part is that losing sensitive data, such as student records, can put students or their families at risk of dangerous attacks such as phishing scams or even identity thefts. One way to prevent this is to employ strong data storage procedures and encrypt data at rest and in transit.

To that extent, deploying a Data Loss Prevention (DLP) solution goes a long way in protecting data privacy. A major element of avoiding breaches of such nature consists of closely monitoring the flow of sensitive data. DLP systems can help these institutes track and protect their data by enforcing preconfigured policies. Additionally, institutions must make it a top priority to comply with data privacy laws like the Family Educational Rights and Privacy Act (FERPA), the General Data Privacy Regulation (GDPR) or other legislations based on your location.

Related: The How-To: Protect Your Business From A Data Breach

Finally, no cybersecurity system is foolproof, which is why educational institutions must have a well-defined incident response and disaster recovery plan in place. The effect of a potential cybersecurity incident can be reduced by regularly backing up important data and testing disaster recovery plans, ensuring that the institution can recover quickly and carry on with business as usual. In the event of such an attack, having a cyber insurance policy offers a solution to diminish the fallout. An insurance policy covers the monetary expense in the face of ransomware, data breaches and other cybersecurity dilemmas.

Promoting a culture of cybersecurity awareness

A predestined step in constructing a formidable cyber defense is developing a culture of cybersecurity awareness. Strong password usage, recognizing phishing attempts, and preserving personal information are just a few of the safe online habits that may be inculcated through regular training sessions and awareness programs. The changes brought by North Dakota in its curriculum and pedagogy are a palpable example of promoting cybersecurity awareness.

As educational institutions become more dependent on technology, addressing cybersecurity is not an option—it is a necessity. Schools and colleges move towards a more secure zero trust-based architecture by fostering a culture of cybersecurity awareness, installing secure network architecture, preserving data and privacy, enhancing endpoint security and developing proactive incident response procedures. With cyber scams getting more problematic to identify, going forward with a zero-trust mentality can bolster their security architecture and protect their students and data.

Apu Pavithran

Source link

July 3, 2023
The $8 Trillion Risk: Why Investing in Cybersecurity Will Save You Future Pain and Risk | Entrepreneur
Opinions expressed by Entrepreneur contributors are their own.
Today’s cyber threat landscape is elaborate, fast-paced and continuously evolving. The complexity of such threats has raised the predictions that the total cost of cybercrime will exceed $8 trillion by the end of 2023. It includes, for example, the money stolen by cybercriminals, the subsequent investments in security tools and services, and the money spent on ancillary activities such as staffing, remediation, legal fees, fines and more.

So, why do many organizations still fail to see cyber hygiene or even cybersecurity as a boardroom priority, even in 2023? Many business leaders, especially small to medium-business leaders, fail to perceive themselves as targets. From their perspective, spending more on cybersecurity is a wasted effort, and those resources can be used elsewhere.

On average, companies worldwide only allocate around 12% of their IT budget to IT security! Thus, persuading the boardroom to invest in cyber hygiene can be challenging. However, while it is hard to implement and even harder to maintain, these habits, security practices and solutions help make the world safer. And that is where every organization needs to start.

Related: Why Is Cybersecurity Important for Your Business? Neglecting It Could Be Your Downfall.

Reviewing the numbers

Looking back at just a year, cyberattacks worldwide have shown a 38% increase in 2022 compared to 2021. The attack on the Australian health insurance provider Medibank, the data breach on the Los Angeles Unified School District (LAUSD) or even the social engineering hack on games company Rockstar are just a few of the thousands of data breaches happening all over the world.

Interestingly, these breaches, like most, could have been prevented with good cyber hygiene. Furthermore, the examples I chose demonstrate that attackers seem unconcerned with a company’s size, location or industry. Yet, even with cyber threats like data breaches, phishing scams and ransomware, cybersecurity investments fall short.

Over the last few years, we’ve made great strides in security, especially following the global pandemic. Still, a study conducted by Foundry shows that 9 out of 10 security experts still believe their organizations are not prepared to address the risks of a cyber-attack.

Related: 5 Ways to Protect Your Company From Cybercrime

Investing in cyber hygiene: a checklist

So, what can we do? Establishing a strong and resilient cybersecurity architecture demands deploying security measures on multiple fronts such as data, devices, employees and network. Any elementary security architecture must include solutions to enforce strong password policies, protect data in transit and at rest, identify and protect against attacks and regularly back-up mission-critical data. This seems excessive, especially considering how limited the budget is. Yet, acquiring as many tools as possible within your financial limits shouldn’t be your final objective. The most effective strategy results from selecting the appropriate collection of tools after carefully assessing one’s demands and the current level of security precautions. The solutions I’d suggest include the following:
- Identity and access management (IAM) solutions to ensure the right user is linked to the right resources
- Unified endpoint management (UEM) solutions for securing endpoints and managing, patching and updating operating systems and applications
- Extended detection and response (XDR) or Endpoint detection and response (EDR) solutions to detect and mitigate new and existing vulnerabilities
- Remote browser isolation (RBI) for a safer browsing experience
- Firewall as a service (FWaaS) to protect the perimeter less network border
- Additionally, a combined implementation of Zero Trust Network Access (ZTNA) or Software Defined–WAN (SD-WAN) can provide faster connections, improve latency and secure your remote workers.
Also, it would be wise to select solutions that already have established interconnections among them. This would offer more centralized and seamless access, thereby reducing the workload on your IT administrators and saving you from recruiting larger teams.

Alternatively, some vendors offer multiple tools in a combined package. For example, Cisco Umbrella offers RBI, SD-WAN, and much more, Hexnode provides IAM and UEM capabilities, and Okta gives you both ZTNA and IAM. Make sure to carefully examine such vendors and the integrations between them before finalizing your architecture. In my experience, customers have always preferred a consolidated approach because, economically or due to staffing, they can’t handle the complexity of multiple solutions.

Related: The Correlation Between Covid-19 and Cybercrime

Roadblocks along the way

We are all aware that the financial facet of any venture will inevitably be difficult. Assuming that the aspects mentioned above identify with your company’s objectives, the following query would most likely be regarding the return on investment. It might be challenging to locate the facts and data needed to identify the advantages of cybersecurity hygiene. I would suggest reviewing the financial implications of previous data breaches and comparing those numbers against the investment cost. You will discover that the latter dwarfs the former sum.

Another hurdle is the monotony associated with good security hygiene. A robust security architecture requires periodic observation, maintenance and upgrades. This is often a bit boring, especially for non-tech-savvy investors, entrepreneurs and leaders. Additionally, the repetitious nature might cause inaccuracy and personnel exhaustion. The only solution is to clearly communicate the necessities of cyber hygiene and make them understand that security is an ongoing process rather than a one-time stop. Also, using tools to automate tasks and setting reminders can help employees stay on track without it being a bother.

The recession bound to happen this year will surely put an even tighter hold on the already stretched budget. However, being the victim of a cyberassault during such trying times would be a far scarier reality. As business leaders, we must pay close attention to the hazards and repercussions of a cyberassault in our organization. Thankfully, many businesses are unwilling to face the risks associated with losing client data and having production or operations halted due to a system breach. If they do, it is either out of ignorance or a lack of a thorough understanding of the entire process.
Apu Pavithran

Source link
May 3, 2023