Bangkok April-May 2022
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
BUSINESSES NEED TO STRENGTHEN
THEIR ONLINE DEFENSES
The war in Ukraine and its diplomatic
conflict with the west continue
to escalate, the warnings that Russian
hackers could go after foreign
businesses have gained new urgency.
Businesses should strengthen
their online defenses, as cyberattacks
could be used as a means of
escalating the crisis. In a March 18
advisory to US businesses the FBI
warned that hackers linked to Russian
internet addresses have been
scanning the networks of five US energy
companies.
And experts have warned of 'significant'
vulnerabilities in systems
that Russian hackers can exploit, as
evidenced by attacks last year that
breached Florida's water supply, hit
one of the world's largest meat producers
and shut down one of America's
largest fuel pipelines for several
days.
Here's what businesses can do to
better protect themselves.
Updates, patches and backups
It may sound like an obvious and
straightforward fix, but experts say
keeping your system's software up
to date is an important way to prevent
many attacks. Those software
updates will often include security
patches to fix loopholes that hackers
can and do exploit.
"It's like raising the cost for the
adversary... if I make it a little harder,
they go on to the next victim," said
the Cyber Readiness Institute, which
provides resources for businesses to
shore up their cyber defenses.
Multi-factor authentication, which
supplements passwords with an additional
login method such as a numbered
code from a separate device or
a fingerprint scan, is also becoming
something of a must-have for companies
to secure potential entry points
into their networks.
It's important for businesses to
also have a contingency plan in case
they do get attacked, and one of the
best ways to do that is having backups
of critical or sensitive data stored
outside the system.
"Can I restore operations from
my data backups if I go down? Do
I have an alternate way to do business?"
the institute says "Those are
the business resiliency, the continuity
plans that small businesses have to
have, and in the middle of the crisis is
not the time to find out I have a gap."
Cyber insurance
As the risk of cyberattacks increases
— particularly ransomware
attacks that can extract millions of
dollars to restore systems — companies
are increasingly opting for additional
insurance plans that can help
pay for damages and losses from
cyberattacks.
Demand for cyber insurance has
gone up in recent years, according to
providers and industry experts, driving
up premiums for those plans by
as much as 22% between 2019 and
2020. But for companies that can
afford it, it's a good way to not only
protect against damages but also
to keep them more vigilant against
threats in the first place.
'This is different': Why internet
backbone services are cutting off
Russia
Cyber insurance is becoming extremely
expensive, but also kind of
levying requirements on businesses
to make sure that they're covered
and protecting themselves as well
highlighting that insurance firms will
often have a list of questions companies
have to answer and protections
they must have in place to even qualify
for a plan.
But companies should be wary of
treating cyber insurance as the beall
and end-all of protection against
attacks, Evans warns. Companies
need to evaluate their risk and make
systemic changes regardless of
whether they're protected after the
fact.
It's not necessarily: 'Oh, I bought
cyber insurance and I'm done,'".
To complicate matters further
when it comes to Russian cyberattacks,
insurance companies often
have clauses making exceptions for
acts of war and attacks by nation
states, in which case the policy does
not apply.
Employee awareness
Although companies must protect
themselves at the network and system
level, past precedent shows that
attacks can originate from even a single
compromised device, account or
email address.
Three of the four pillars of cyber
protection that the Cyber Readiness
Institute urges companies to address
— weak passwords, external USB
drive usage and phishing attacks
(where hackers use deceptive links
to obtain personal data) — tend to
exploit individual users.
When you look across the board,
it's a culture change that has to happen.
No matter what the size of an
organization is — it's the leadership,
it's the CEO, it then cascades down
to all the employees."
Ultimately, many cyber vulnerabilities
come down to human error and
lapses in judgment, and that's why
companies need to raise awareness
among employees about cyberattacks
and steps to mitigate them. The
rise of remote work during the pandemic
has further complicated that
task, with distributed workforces providing
hackers with many more potential
entry points into the network.
May be it’s time to review your
preperations!
Steve Dickens
has worked in managerial and consultancy roles
for over 40 years with international technology
companies,15 of which have been here in
Thailand He can be contacted at
stevedickens@hotmail.com