How SMEs Can Manage Cyber Risks When Undergoing Digital Transformation
Many companies have undertaken large-scale digital transformation to adapt to current conditions. As business operations get increasingly digitalised, cyber risk increases. A failure of any company’s information technology systems can cause financial loss, disruption, or even reputation damage.
All companies, whether large corporations or small medium enterprises (SMEs) that go online experience cyber risk. Research center Ponemon reports that 63% of SMEs worldwide have been victims of a data breach. CNBC has also reported that in 2019, 43% of SMEs were victims of data breach through phishing, which is when information leaks through suspicious email links.
Consequences Of Cyberattacks
The consequences of cyber hacking can be disastrous. As reported by US-based Cybercrime Magazine, 60% of SMEs that experienced a data breach have to discontinue operations when it happens.
Accelion Cyberattack (2021)
It is the same for large corporations. The recent cyberattack on Accelion, a file-sharing software provider illustrates these far-reaching effects. Accellion serves many clients such as US Morgan Stanley, Reserve Bank of New Zealand, and Singaporean Singtel, all of which had their clients’ data stolen when Accelion was hacked. Hackers obtained client databases by exploiting security loopholes of its outdated software. Thousands of clients’ data from various institutes and companies were stolen. While cyber security firms are working with Accelion to minimise further cyber risk, it might be too late as hackers are already threatening to make the information public.
Cyberattacks In The Relocation Industry
Data breaches are not foreign to the relocation industry as well. In Sept 2021, CMA CGM SA, the world’s fourth-largest container shipping company, confirmed that it had experienced a breach in its data security.
They reported finding ‘a limited leak of contact information related to some of our customers’ on one of their mobile apps, as part of routine checks, and the data included ‘first and last names, employer, job title, business email address and telephone number’.
Furthermore, market leader in the Logistics industry, Maersk also suffered a serious cyber attack in 2017 that also disrupted its port terminal operations.
The dangers of not acknowledging cyber risk are clear. However, most security teams feedback that corporate leaders are oblivious to these threats. Many companies do not have a cyber risk management program despite the push towards digital transformation. It is therefore important to make corporate leaders aware that such threats can affect business continuity and client trust.
Common Cyber Risk When Companies Embrace Digital Transformation
There are 3 potential cyber risks to look out for when companies embrace digital transformation.
Risk Due To 3rd Party Vendor IT Solutions
Organisations are turning to third-party vendors to support digital transformation. One common initiative is the migration of company data from internal data storage on computers or local data centers to cloud providers. Cheaper, easier solutions offered by Google, Microsoft, and others allow companies to store data off-site and run applications remotely.
Adopting cloud servers simplifies file access across different users but increases cyber risk without a strong risk management program. Hackers can easily breach servers to get data since cloud servers protect their platforms, but not the stored information. Cyber security firms have compared cloud servers to a “coffee shop”, with people going in and out as they like. This analogy is timely when thinking about how digital transformation of file access can lead to increased cyber risk.
Supply Chain Logistic Risks
Supply chains have experienced an exciting digital transformation with the use of Internet of Things (IoTs). IoTs are embedded artificially intelligent (AI) objects which support manufacturing or workflow processes.
Suppliers can now track factors that affect shipments – such as location, weather, environmental status – by leveraging on connected “things” with sensors. These IoTs can communicate analytics from finished goods, shipping containers, or warehouse stations, reducing manual errors from human reporting.
However, all this information is password protected and shared within a common network for easy access. This means a weak password or a data breach in one place increases cyber risk for the entire chain. Additionally, since IoTs operate as remote data providers, firmware updates to protect against hackers are also infrequent. This is a security loophole that increases cyber risk. Malignant programming by hackers can result in real-world consequences such as fire.
Risk Due To Misaligned Expectations
As corporations become increasingly digitised, the conflict between IT security personnel and other business units also widens. Security leaders are caught between presenting themselves as drivers of growth and change to embrace digital transformation, while remaining cautious about cyber risk.
Increasingly, security leaders cannot monitor cyber risks in other departments since users can access online platforms (e.g cloud-based servers) that bypass internal IT approval. Therefore, there is a need for security leaders to communicate clearly their expectations to other business units.
How To Minimise These Risks
It is imperative for organisations to have a cyber risk management plan. Here are ways that organisations can implement measures to minimise cyber risk.
Work With A Reliable Partner
The best strategy to start with is to collaborate with reliable partners to reduce cyber risk whilst undergoing digital transformation. This is especially true for SMEs. Hackers tend to target SMEs due to their lack of resources and training about security practices. There is less budget to implement security protocols, but plenty of client data available to be stolen.
To overcome that, working with knowledgeable, reliable partners to evaluate and determine what they need to invest in will maximise their budget, while at the same time reduce cyber risk.
Strengthen Company’s Internal Security System
One way to fine-tune the security system is to check security guidelines for all systems and software used. It can be as simple as turning off unnecessary services or using different privilege settings for different users. Ensure that your security system and all software are updated through regular scans.
Protect Outbound Data
Apart from a firewall to protect the company from incoming malware and bots, management also needs to ensure certain data never leaves the system.
Outbound filtering can lower cyber risk as it filters access to specific websites, including social media applications (i.e., Facebook and Twitter). It also includes detection of spoofing, where malware viruses are commonly spread through email with suspicious links. Internal-only networks are helpful in preventing rogue employees from stealing data or careless ones who may accidentally leak information since it prevents information access via external servers. It is also important to encrypt sensitive data to prevent exposure.
Educate Employees On Cyber Security
As workplaces embrace digital transformation, employees have to learn to be savvy about security issues, such as recognising email phishing scams and malicious messaging apps that attempt to retrieve information.
Employees also need to be smart about passwords. The local administrator’s PC password cannot be the same as the server password. A hacker can infiltrate the entire system and create havoc. Staff should also be trained to ensure personnel and financial files, as well as digital devices, are locked away when not in use.
Taking all these measures to minimise cyber risk increases cyber security in the process of digital transformation.
How Moovaz Can Help
With digital transformation especially accelerated, cyber risk becomes an increasingly urgent topic. Additionally, organisations that need to relocate individuals are further challenged by physical data leaks.
Leading the digital transformation of the relocation industry, Moovaz (both GDPR and PDPA compliant) wants to inspire freedom for our partners and clients and to allow our partners to embrace digital transformation in a seamless and safe manner.
To find out more, partner with Moovaz today.