Security is the first priority of all organizations. In the new world of businesses where digital channels become their major mechanisms and information fuels the growth of organizations. Amid economic recession in 2021, business organizations are more likely to become targets of cyberattacks anytime. Such attacks can affect businesses in numerous aspects; including their processes of work, confidence from the perspectives of partners and customers and their future competitiveness.
Business organizations tend to face more risks due to their operational expansion through online channels which virtually become the main platforms of many businesses. Under the circumstance, business organizations are exposed to risks almost around the clock; unlike their previous operations that were mainly offline. It is more difficult to guarantee security because online incidents can happen swiftly within a fraction of a second.
Grave danger awaits many organizations that see the digital world only optimistically as the world of opportunities for their business growth and new sources of revenue. They simply overlook the fact that risks lie in every opportunity. Thus they do not attach importance to business security. It is like a house expansion project that omits fence reinforcement. The latest report by World Economic Forum shows that nearly 80% of the organizations that are to enter the digital world are not adequately prepared to cope with cyberattacks.
Moreover, the ongoing economic recession amid the COVID-19 pandemic is promoting cyberattacks.
Google reported that it found out as many as 18 million phishing emails were sent daily in April 2020. Other online threats also rise. They include the ransomware that attacks business data and fraud related to online purchase.
Therefore, security and defense against threats are top priorities for businesses because damage caused by cyberattacks is growing. The worldwide damage is expected to reach 180 trillion baht in 2021 and increase to 315 trillion baht in 2025, according to Cybersecurity Ventures, a research firm on cyber security in the United States. The average damage of an attacked organization is estimated at 115 million baht. It will take as long as 280 days to find an attacker and fix an attacked system, according to IBM. Reports said that information retrieval cost nearly 10 times as much as the cost of prevention.
Besides, as many business organizations digitize most of their systems, attacks happen to not only information but also the main systems that run businesses. Consequently, damage can be great enough to stall businesses, pose financial risks or shatter confidence in businesses. The greater the damage is, the higher the cost of system restoration will be. Organizations must attach great importance to the three following areas to secure their business in 2021.
Reinforcing 3 areas to eliminate cyber threats
Although online channels are important in the present world, defence should cover both online and offline perimeters. This is because the border between online and offline worlds has been fading and both territories become virtually one.
Therefore, organizations must do their best in the defense and risk reduction. This is possible by improving security in three areas – people, processes and technologies. This will eliminate the risk of organizations being targets of attacks and facilitate business in the digital world.
Most operators may assume that organizational security requires heavy technological investment to eliminate risks in their systems. In fact, their personnel are the most important area to take care of when it comes to cybersecurity. Worldwide statistics show that people are the weakest and most common target of hackers. Their important information was stolen with phishing emails, ransomware and fraudulent phone calls that lure personnel into sharing their information. The COVID-19 pandemic forced many companies to allow their staff to work from home and this makes personnel-related security efforts more difficult.
Therefore, the first step towards organizational security must begin with protecting personnel from cyberattacks. Organizations should raise security awareness among staff. There are many methods to do this including training on various forms of cyberattacks, tips on how to respond when there are cyberattack to devices, and incentives to encourage staff to pay more attention to cybersecurity.
Organizations have different processes to ensure their cybersecurity. However, it is important to have strong governance on the issue as follows.
- Systematic policies on organizational security. For example, there are access control to protect the information of organizations, the encryption that requires identity verification and regular information backups to reduce damage in the event of data loss or theft. There should also be measures to secure working environments including restricted access to server rooms, buildings and equipment rooms. They can be equipped with security devices such as surveillance cameras and biometric scanners at entrances.
- A dedicated team to supervise organizational security. Such a team will supervise the operations of different departments of an organization and ensure that they comply with its security policies. Besides, the team will update tools or software, maintain the security of data networks, install programs in the computers of staff, authorize access to information etc.
- An emergency response plan in the event of cyberattacks. This is to reduce the possible damage of business and to maintain as many operations as possible when there are untoward incidents such as system crashes, information leaks and data theft.
Organizations should allocate a budget particularly to security investment. The investment process can start with risk assessment to find loopholes in their systems, followed by the selection of the technologies, tools and software that will boost security. There are 4 suggested parts of a budget to cope with cyber threats; 1. discovery, 2. investigation, 3. containment and 4. recovery.
Investment in capabilities to detect cyber threats is and will be increasingly important because organizations are accumulating information and increasingly sharing it internally. Therefore, the early detection of threats can significantly reduce damage from cyberattacks. Security technologies for such detection include Intrusion Prevention System (IPS), Intrusion Detection System (IDS), Unified Threat Management (UTM) and Data Loss Prevention (DLP).
Regarding the three other parts namely investigation, containment and recovery, organizations have more technological choices that will boost efficiency and cut costs.
They are cloud services that facilitate investigation into the sources of cyber threats; automation, artificial intelligence and machine learning; and advanced analytics that speed up the containment of threats and information recovery.
In the world that is full of uncertainties and risks, security is the first priority of organizations. However, it is difficult to achieve especially in organizations unprepared in this field because it requires comprehensive knowledge. This refers to the assessment of organizational systems, the formulation of security policies for both short and long-term risks and emergency response plans. Besides, organizations must know how to choose and apply technologies that suit their contexts. Therefore, seeking advice from experts who can offer adequate assistance that covers preparation, strategies and implementation is another option to strengthen the security of organizations before they fall victim to cyber threats and face incalculable damage.
For more information and updates about Bluebik, please contact us at