28 Apr 2021
Cybersecurity score cards will differentiate businesses as online risks rise
The world's transition to remote working and increased reliance on digital platforms poses numerous challenges for businesses, most notably heightened security risks.
Get Focus insights straight to your inbox
As people spend more time online and access office networks from home or while on the move, an increasingly sophisticated cohort of criminals are looking to exploit the vulnerabilities created by this new operating model. So how should businesses be dealing with cybersecurity? What are some of the current trends and future issues and what does success look like? These were the questions that were tackled during a recent Investec webinar.
“Attack vectors have changed now that so many people are working remotely,” affirms Herman Young, Global Chief of Information Security at Investec. “The most prevalent attacks we're witnessing globally across industries are cyber extortion attacks, where criminals try to compromise data and install ransomware.”
Unsurprisingly, cybersecurity has become a boardroom-level discussion across the globe. And South African companies remain a prolific target. Research by Comparitech ranked the country 31st out of 75 in terms of cybersecurity exposure.
As these risks and threats continue to rise, customers and partners will require assurances from the businesses they engage with that their cybersecurity measures offer sufficient protection.
“Trust remains the core component in business success. Customers need to trust that their data and their finances are safe and that systems are always available to operate and transact as more engagement happens online,” explains Young.
And in the burgeoning digital economy, a cybersecurity scorecard will become a vital measure to determine a company's trustworthiness. Cybersecurity scorecards use publicly available information collected from the internet to offer a holistic view of a company's security capabilities and effectiveness.
“From a business differentiation perspective, cybersecurity scorecards offer a visible representation of a business's security measures. And if scorecards became mandatory, they would act as a tangible measure to rate and compare financial services providers such as banks, for example,” adds Young.
While a few companies globally already produce cybersecurity scores, Young believes that a standardised scoring system applied across industries would help make entire sectors more secure.
“Irrespective of the industry and what other companies are doing, it is best to work according to some form of cyber security framework based on a universally-accepted standard. That sets the baseline for what you do beyond that,” explains Greg Griessel, Solutions Architect at Cisco.
“I think it's critically important that the banking sector takes the lead on this. At present, the industry tends to respond reactively to regulations and compliance,” continues Young.
However, an additional incentive, like the ability to attract and retain new customers, would accelerate the adoption of advanced cybersecurity solutions. This would benefit the industry and the customer given the evolving risk landscape.
Cybersecurity – the business differentiator of the future
Cybersecurity has become a hot topic in boardrooms across the world as an increasingly sophisticated cohort of criminals look for new ways to hack into our systems. Watch this video where Investec and Cisco experts unpack what this means for your business.
Cybercrime is going to become even more prolific
Even once the pandemic is over, experts predict that cyber crime's impact will only grow in magnitude as the world transitions to a digitised future amid the fourth industrial revolution.
According to cybercrime researcher Cybersecurity Ventures, global cybercrime costs will grow by 15% year-on-year to reach US$10.5 trillion annually by 2025, up from US$3 trillion in 2015.
“We will increasingly see scripting-based automated attacks, while artificial intelligence (AI) and quantum computing attacks pose significant future threats and will change the game altogether. Businesses will need to automate their defences to respond because you can't manually defend against automated attacks,” cautions Young.
While attacks with this level of sophistication are still some way off, businesses must start building quantum-resilient encryption today, believes Young and cybersecurity scorecards could proactively advance this agenda. Pioneering industry-wide cybersecurity scorecard adoption in Africa would also advance digital competencies on the continent and help local businesses compete in the global marketplace.
“The opportunity for Africa is to learn from others and leapfrog more developed economies as companies sweat sunk investments in older technologies. Cloud-based solutions offer significant opportunities in this regard,” concludes Young.