The fight against Covid-19 inspires companies to improve cyber hygiene
The Covid-19 pandemic has changed the hygiene habits of people in all four corners of the globe. Health safety measures such as frequent hand-washing, going into quarantine, getting vaccinated and wearing a face mask to keep viruses at bay are now deeply etched into our consciousness. While the pandemic is apparently subsiding, remote work and online shopping have given rise to a new form of crisis: cyber pandemic. Today, various kinds of cyber attacks are on the rise. Companies that fail to put in place measures against this new pandemic could see their operations easily disrupted by cyber attackers. At worst, an entire business could meet its own demise.
- Be aware of security risk in digital transformation given the highly infectious nature of computer viruses
- Types and impact of severe cyber attacks
- Take preventive steps by drawing reference from anti-Covid pandemic measures
- A good sense of cyber hygiene helps reduce risk of infection
- Managed security services for self-protection: the way to go amid shortage of talent and funds
Content
Be aware of security risk in digital transformation given the highly infectious nature of computer viruses
Viruses are worrying because they are infectious. According to the World Health Organisation, the average infection rate of the SARS virus, which Hong Kong people are familiar with, is 1:2-4 , and that of the Zika virus, a mosquito-borne flavivirus, is about 1:2 to 6.6 , compared to 1:2.5 for Covid-19. If an epidemic is not controlled properly, it will lead to widespread community outbreaks and serious loss of lives and properties. The same is true for computer viruses. According to a cyber security report, the infection rate of cyber attacks is at least 1:27, and that of the computer worm, slammer, is even more striking, doubling every 8.5 seconds on average. A computer attacked by such a virus may face dire consequences.
Meanwhile, because of the Covid-19 pandemic, many companies have sped up their pace of digital transformation. They are adopting more remote work tools and are becoming more dependent on cloud applications and online shopping platforms in order to maintain their operations. As a result, these companies now face a much higher risk of cyber attacks. The cyber security report also pointed out that cyber attacks against corporate networks in 2021 increased notably by 50% compared to 2020. All these indicate it is high time for companies to ramp up their cyber defence capabilities.
Types and impact of severe cyber attacks
Type of cyber attack | Introduction |
Ransomware | The attacker encrypts a company’s computers and computer files with advanced algorithm encryption, forcing the company to pay a ransom for decryption. The attacker also steals the victim company’s confidential data in what is a double extortion. |
Infostealer | The attacker mainly wants to steal a target company’s confidential information, such as information related to intellectual property technology, financial reports and customer data. Such information will then be sold in the black market or used to blackmail the victim company. |
Phishing | The attacker sends phishing emails to employees of a target company, luring them to open a malicious link or file. Using a malicious link, the attacker can extract login details of the employees to carry out further attacks. A malicious file, on the other hand, enables the attacker to install malware in the internal network of a company, such as Trojan horse and ransomware. |
Distributed Denial of Service | A botnet manipulated by the attacker bombards the victim company’s server with invalid requests trying to connect to the server. The purpose is to overload the server and exhaust its computing resources, thereby causing suspension of the company’s operations. |
Take preventive steps by drawing reference from anti-Covid pandemic measures
Covid-19 preventive measures | Measures to prevent cyber attacks |
Real-time virus tracking | Collect the latest threat intelligence, and get to know the methods used by different cyber criminal syndicates as well as the characteristics and attack methods of different malware and their variants, so as to boost the detection and interception capabilities of network security tools. |
Predict infections based on big data | Use artificial intelligence to analyse virus data and news, and predict the trends of cyber attacks and how they evolve. This can help strengthen a company’s cyber security and prevent cyber attacks. |
Strictly implement quarantine measures for travellers | Establish a “zero trust” security policy. For example, implement strict account authentication and adopt the practice of privilege management. Depending on their ranks, employees’ access to sensitive data can also be restricted. |
Build isolation facilities | Adopt a variety of isolation solutions, such as opening suspicious-looking email attachments or web links in a sandbox, and using the micro-segmentation technique to divide internal networks and infrastructure. Sandbox enables employees to work without disturbance while preventing a virus from spreading. The micro-segmentation technique enables a company to keep the scope of cyber attacks or virus infection under control, thus minimising losses. |
A good sense of cyber hygiene helps reduce risk of infection
In the fight against the Covid-19 pandemic, there are surely ways to keep the virus at bay, but not all anti-pandemic measures are watertight. Nonetheless, if people can maintain good hygiene habits and observe social distancing rules at the beginning of each wave of the pandemic, they will be able to avoid infection and help curb the spread of the virus. In terms of cyber security, more than 90% of cyber attacks on companies are man-made incidents. Therefore, company managers should raise employees’ awareness of the importance of cyber hygiene.
Raise awareness of cyber security | Provide regular training to employees to raise their cyber security awareness. Illustrate with data and real-life examples related to their profession.This will make it easier for them to understand the problem, lower the chances that they will open malware or phishing links, and enable them to understand the latest cyber attacks methods. |
Self-test | Conduct penetration tests on a regular basis to check for any loopholes in infrastructure. Through these tests, a company can also identify employees with a weaker sense of cyber security and then provide them further training. |
Safe vaccination |
|
Use safety equipment |
|
Managed security services for self-protection: the way to go amid shortage of talent and funds
To counter increasingly sophisticated cyber attacks, companies must keep improving their cyber hygiene. However, some enterprises with limited resources and talent well-versed in cyber security simply cannot afford advanced security tools or do not have the money to hire full-time talent. Besides, with the ever-changing attack strategies of cyber criminal syndicates, it seems companies can hardly avoid being attacked in the cyberspace.
To overcome the challenge, many companies around the globe now use managed security services or services provided by security operation centres. Small and medium-sized enterprises with limited resources in particular prefer tackling cyber security issues with the help of cyber security experts and advanced analytical tools. The solutions on offer cover different areas, including secure network connections, login permission, traffic distribution and control, and network segmentation. Managed security services also help companies detect potential loopholes and solve security issues.
News & Events
Keep up to date
-
04 Dec
Ricoh selected amongst the Financial Times “Best Employers Asia- Pacific 2025”
-
27 Nov
Ricoh received top five-star rating in the SDGs Management edition of Nikkei Sustainable Comprehensive Survey 2024
-
14 Nov
Ricoh IM C320F Wins a 2025 Pick Award from Keypoint Intelligence
-
31 Oct
Ricoh publishes Ricoh Group Integrated Report 2024 and Ricoh Group Environmental Report 2024