Cyber Security Most Common Pitfalls

The Cyber Crime Industry Thrives On Our Negligence.

Luther.M.E.Bottrill Unsplash

Cybercrime is estimated to be a staggering six trillion-dollar industry by 2021.

While there are many tools and certifications that organisations adopt to safeguard their data from Cyber Crime attacks.

Many businesses emphasise specific certifications before they venture into a transaction or collaboration with companies. Specifically, tender/ bidding situations require organisations to be at least ISO 27001:2013 certified for participation, if not later versions.

What’s ISO 27001:2013?

ISO 27001:2013 is an International Standard that provides the requirements for establishing, implementing, maintaining and continually improving an Information Security Management System (ISMS).

ISMS preserves the Confidentiality, Integrity and Availability (CIA) of information by applying a risk management process and gives confidence to interested parties that risks are adequately managed.

Defined Ten clauses and fourteen controls (more like 114, considering the subsections) help an organisation achieve its ISMS goals. Securing people, processes and technology … not just IT!

How is ISMS being cheated?

Organisations poorly manage their ISMS, deviations are overlooked and accepted. “Who’s Looking” is the attitude, we shall put everything in order at the time of the Audit. Thus ISMS is limited to Audits Only.

Implementation of the Ten clauses and fourteen controls (more like 114, considering the subsections), and considering that ISMS is implemented is a big misnomer, canvased by consultants and bought by enterprises.

The fourteen Clauses are generic. An organisation can create and adopt new ones. The point is to mitigate risk and not implement everything mentioned in the standard. Trying to stick to the fourteen controls or their subparts might do more damage than good.

Management will, “Yea, these boys are doing some security activity. We have just appointed a CSO (Chief Security Officer).” The attitude needs to change Security is Management driven. Providing funds isn’t sufficient. Management needs to own it and drive it.

Organisations choose to grab the low hanging fruits. Accreditation bodies Certificates at throwaway prices, with no mess, no documentation, no audits, and glorified fictitious ISMS Scope statement on the certificate. Sometimes even mentioning activities that the organisation doesn’t even carry out.

The fall out of mishandled ISMS.

Cyber attacks, the deep dark web steeling millions of individual data sold in the market and then used.

Used to carry out financial fraud, terrorist activity, cyberbullying, blackmail, and other nefarious activities.

Look at your bank statements very carefully. You may see small denominations of money in cents being deducted at frequent intervals. This transaction has narratives very similar to bank charges and thus go unnoticed.

The Impact of cyber attacks

A quick hypothetical back of the envelope calculation.

Twelve Cents syphoned out from five million bank accounts across the globe. Makes it nearly twenty-two million dollars a year.

Opportunities for just financial cyberattacks are limitless, credit cards, securities, bank accounts, insurances, cargo, ticketing, retirement funds and many more. The non-financial aspect can be a nightmare.

Conclusion

Say No to quick fixes.

Gain Knowledge, Educate, discuss, be cautious while storing information.