The Malta Independent 20 April 2024, Saturday
View E-Paper

Cybersecurity incidents – the most common causes

Sunday, 29 May 2022, 21:02 Last update: about 3 years ago

Karen Massa is a Business and IT Risk Consulting manager at EY

With no borders to contain it, the tsunami of digital transformation has washed over the global economy, bringing with it risks to not just IT and banking, but increasingly energy, transportation and other critical infrastructure. In the near future, cybersecurity will continue being more of a priority as the business world becomes increasingly digital and cyber threats grow in number and sophistication.

Over the past two years, every organisation has had to transform at an accelerated speed that would have been thought impossible just a short time ago. However, many organisations did not involve cybersecurity in the decision-making process, either due to oversight or urgency of the need to adapt. As a result, these organisations need to address the risks and potential vulnerabilities that were introduced during their transformation efforts at the height of the pandemic while also ensuring cybersecurity resilience for the next major disruption in this fast-moving environment.

The EY Global Information Security Survey 2021 draws on insights from over 1,400 chief information security officers (CISOs) and senior security executives. It explores the challenges they face as they position their function as an enabler of growth and strategic partner. Since the 2020 GISS report, there has been a significant rise in the number of disruptive and sophisticated attacks, many of which could have been avoided had companies embedded security by design throughout the business. The survey revealed that more than three in four (77%) respondents warn that they have seen an increase in the number of disruptive attacks, such as ransomware, over the last 12 months. Additionally, 42% are more concerned than they have ever been about their company's ability to manage cyber threats -   61% of respondents say that timescales have been too tight for cybersecurity assessments and 57% don't always know whether their defenses are strong enough for hackers' new strategies. A lapse only needs to happen once for threat actors to exploit vulnerability.

The GISS survey, as well as Security by Design, are a few of the many topics that will be explored during EY Engage, Malta's Technology Leaders Forum, which will be taking place on 1 June, in collaboration with SG Solutions Ltd, a DELL Technologies Platinum Partner for this event.

Through their experience, SG Solutions Ltd, along with DELL Technologies, have determined that there are many pitfalls through which a company may experience a cyber-attack. The following are a few examples of the most prevalent vulnerabilities and how to remediate them:

Misconfiguration of applications and vulnerabilities are common causes of data breaches With the number of applications interlinked with one another, it is good practice to limit allowed traffic. This is achieved by either limiting user access based on designated roles and keeping them updated, allowing only the required ports, disabling external access or isolating VLANs when possible, are just a few precautions to keep in mind. Always keep a lookout for vulnerability patches that are regularly provided by vendors, which not only improve the performance of their application but also close any newly discovered back doors.

Phishing emails are becoming increasingly sophisticated and harder to detect Attackers are taking advantage provided by social media platforms. The act will seem highly genuine to an uneducated victim when combined with anxiety to represent a sense of corporate urgency. These socially engineered attacks can be avoided, not only by keeping spam filters and antivirus software updated, but by making the end users more aware and by reporting when they are not sure. Phishing attack simulations can pinpoint the users who need further awareness.

Another common cause of data breaches is passwords Consumers tend to use either default passwords or the same password for all their logins and a single leaked password often leads to the compromise of many digital solutions. Using complex and unique passwords backed up with multi-factor authentication is the best way to keep your accounts safe. Make use of password managers and if possible, reset them every few months. This way if a website has been compromised and your credentials are on various databases ready to be used for potential hacks those credentials are only valid for a short period of time. Keep in mind that some of these compromised accounts have credit card details on them.

Cyberattacks, malware and phishing attacks remain an ever present risk to both private and public sector organisations.  Data loss or data breach incidents may lead to considerable fines including potential reputational damage that such risks present. In view of this backdrop, as organisations strive to enhance their information security infrastructure to prevent such incidents and prevent the loss of personal data as well as confidential business data, the focus on cybersecurity has never been sharper.

EY Engage, Malta's Technology Leaders Forum will be held at the Westin Dragonara Resort on 1 June at 11.30am. The event explores how IT enables organisations to become resilient and competitive during times of disruption. Speakers include Pascal Bornet, a globally renowned keynote speaker and author of the bestselling book Intelligent Automation.

Networking opportunities, roundtable sessions covering current industry topics and a panel discussion will also provide a unique setting to collaborate on current industry challenges and trends.

For registration visit ey.com/en_mt/events/engage


  • don't miss