Cybersecurity Basics for Business Leaders
BANDAR SUNWAY – Clearview AI is perhaps the poster child of data privacy concerns — collecting billions of photos of public sources and the internet to hone its facial recognition technology. Imagine the horror when they announced a data breach that occurred in February last year, leaking its entire client list database.
Even without Clearview AI serving as a case study, ensuring data security was already top of our priority list. Being a facial recognition solutions provider ourselves, we are sensitive towards recent developments within the cybersecurity space, especially with the rise of ransomware and digital threat actors.
Moving forward, ensuring data security will no longer be an option but a necessity for all companies, both large and small. There are already plenty of online resources outlining best practices, but we have consolidated many of these points into actionable steps that business leaders can implement this very day.
Increased cybersecurity awareness
According to TheEdge, ransomware attacks usually stem from threat actors gaining access to employee business accounts with sufficient IT permissions. In other words, human employees are generally the weakest link, even with the latest cybersecurity infrastructure in place.
Cybersecurity awareness is first on this list because it enables organisations to take a proactive approach to protect themselves against cybersecurity threats. Most cybersecurity solutions on the market are generally passive in nature, such as e-mail scanning and network monitoring — alerting business owners of the danger after it has happened and not before.
Equipping employees with even basic cybersecurity knowledge, such as having complex passwords and identifying signs of ransomware attacks, will have compounding effects later on. It is also perhaps the easiest solution to implement immediately, requiring minimal changes to existing business processes and investments in additional infrastructure.
There are many online workshops that offer different courses that target organisations with differing IT maturity levels. Here is a link for a local provider:
Data governance
The reliability, accuracy and safety of the data hinges entirely on its foundation we call “data governance”. It is an umbrella term that encompasses the people, process and technology involved in handling data across the organisation, which includes both customer and organisational data.
How does data governance relate to cybersecurity? Well, the best way to prevent and possibly detect any threats before they happen is to have visibility over what data you have, where it is located, how it is used, and who it is being shared with.
While there are existing solutions that help business leaders keep track of these variables, it is the systems surrounding people and processes that determine the data’s journey throughout its entire lifecycle.
Hence, the most straightforward way to reduce cybersecurity risk would be formalising the entire data governance process. There are many ways to do so, from inscribing it within the employee handbook to PDFs highlighting the standard operating procedures. It is also essential to establish the chain of accountability and determine the key personnel involved at every stage of the data’s life cycle.
For readers who wish to establish such systems from scratch, a comprehensive (albeit dry) resource would be the Data Management Book of Knowledge. (DMBOK).
Third-party security solutions
Would it be possible to pay our way into cybersecurity, some of our readers might wonder. In short, yes. However, most cybersecurity solution vendors will still deploy the fundamentals of data governance and cybersecurity awareness we have mentioned earlier.
The solutions themselves may vary wildly, from anti-virus/anti-malware software to network monitoring solutions; these solutions can address threats both before and after they occur within the organisation.
One solution, however, deserves a special mention. Penetration testing, or pen-test, is a service where experts evaluate the security status of an IT infrastructure by exploiting and documenting any vulnerabilities within the system — similar to white-hat hackers, in a way.
Rather than implementing cybersecurity solutions without prior investigation, it is more efficient to use pen-test services to identify the security bottlenecks and address them one by one instead. Imagine spending large sums of budget on firewall solutions just to discover that an attack has occurred through e-mail phishing instead.
Fortunately, there are plenty of pen-test solution providers currently in the market, which you can explore, here, here and here.
Is it truly worth the effort spending efforts and resources beefing up cybersecurity for an attack that may never happen? Well, statistics from Sophos states that three in five companies are likely to be hit with a ransomware attack in the near future.
If a ransomware attack were to occur, the damage may be more than just the monies paid to the cybercriminals. It may even damage the company’s reputation, threaten employee privacy, and even a potential legal lawsuit. Not to mention, it is not uncommon for hackers to leverage an existing victim’s network to penetrate IT infrastructures of suppliers, vendors and customers as well.
Perhaps the risk of not opting for cybersecurity measures is greater than implementing them in the first place. Regardless, WISE AI understands the breadth and depth of the sensitive information we harbour within our servers, and we take great precaution to ensure that the data on our hands remain safe and secure, from now and onwards.
WISE AI is an award-winning Artificial Intelligence company specialised in digital identity technologies. We develop world-class emerging deep tech that is adopted by the government and multiple industries. Our AI-powered solutions include EKYC, digital ID, digital signature, and blockchain. Our technology is optimised for the recognition of ASEAN faces.