Looking forward to 2022, we can expect another period of dealing with the invisible and deadly COVID-19 virus. Three years in, it has changed how we live, work and interact with others nationally and globally. We have trained ourselves to keep to our one-metre distance in public places, wash our hands thoroughly, and use sanitisers.
We wear masks and use technology to track our activity in case of possible exposure and communicate sites of interest, more recently, as a vaccine pass. It’s true to say that these measures have worked, and it is also true that we will have these methods at the ready once we get past this season of the disease and see another pandemic coming our way. But, as much as it has disrupted our personal lives, it has also affected our businesses. It has upset inbound and outbound global supply chains, put burdens on hospitality, increased remote working from home (turning our homes and lives on end), and meant meeting online at all hours of the day and night, not to mention reading and responding to more emails than we would like to.
And that has also seen us come across an increase in other invisible, deadly killers to business- forms of malware, delivered primarily via email phishing to unsuspecting individuals or vulnerabilities to weak and underperforming technologies. So for every notable reported attack (the NZX in 2020 and the Waikato DHB in 2021, for example), there are an untold number of those that go unrecognized and unreported.
All of the cybersecurity predictions for 2022 and beyond are pretty much alike- expect more, expect worse, and expect harsher damages from attacks. We will see an increase in ransomware and attacks against mobile and IoT devices, a rise in frequency, and sophisticated methods of avoiding detection.
What can you do?
An Information Security Management System (ISMS) is not just an assortment of technology; it is the collective series of methods that a company employs to achieve their cybersecurity goals. Most companies have some form of implementation (or parts thereof) but different requirements and ways to achieve them, typically letting them down. Here are four common suggestions and steps for every business in 2022:
- Conduct a Cybersecurity Assessment
I hear a lot of, “We don’t know what we don’t know,” and that is precisely what hackers exploit. An audit performed by an independent cybersecurity professional outside of your organisation or service provider will ensure an evidence-based, impartial review, define gaps, and make appropriate recommendations and is well worth the cost. You wouldn’t let your accounting department do your financial audit, and you should look outside for your cybersecurity review.
- Understand and incorporate good governance
The NZ Privacy Commissioner revised the Privacy Act of 2020. It has new rules and penalties around digital information and for failure to recognise and protect the privacy of your stakeholders.
They have a free short 30-minute e-Learning course that will help you and your employees get to know the regulation. Combined with appropriate policies and procedures, they set the tone that management takes the security of the business seriously, thereby protecting the needs of all employees, suppliers, and customers.
- Apply 3 pillars for protection
There are three foundational pillars to cyber protection that every business and individual should take to defend themselves against harmful threats; training (securing people), email filtering (securing communications), and deploying next-generation Antivirus (securing technology). These three methods are similar to the preventive measures we apply to COVID-19. Individually, they won’t prevent an attack, but together, they help reduce the risk and damage from one.
- Stay aware.
CERTNZ, SecurityBrief NZ, and other security bulletin websites can provide knowledgeable, timely information about what is happening in New Zealand. Just ten minutes a day is all it takes to stay ahead of the game.
Unlike COVID, threats from cybersecurity attacks will never go away, and like COVID, everyone is a target. So vigilance and resilience are our number one defence, and the approach to taking it seriously now and every day is the only way to guarantee your cybersecurity looking forward.