In the aftermaths of the Wannacry-attack, a new wave of cyber-attacks based on the Petya Ransomware is sweeping the globe. Companies seems to have a tough time battling these attacks. The fact that they are repeatedly coming back is a clear sign that appropriate proactive measures are simply not in place.
It is high time to put cybersecurity higher on the agenda, in the private as well as the public sector. But how does the private sector view cybersecurity?
Board members apparently oblivious to cyber threats
The Harvard Business Review recently reported that board members within the private sector view cybersecurity as a critical political issue.
When reviewing how concerned they were about their own organisation’s level of cybersecurity, only 38% of the respondents felt a high level of concern about cybersecurity risks. 34% believed their organisation to be prepared for handling risks associated with cybersecurity.
Regulatory and reputational risks were according to the response of a higher significance, and 8% of the respondents view cybersecurity as a strategic risk to the company.
In conclusion, board members view cybersecurity as a political risk, but not a strategic risk to their company?
Could it possibly be this – some might say naïve – attitude at the very top of the business community that is creating a trickle-down effect and affecting their willingness to invest?
Palo Alto is reporting that the vector (the mean through which the malware gains access to computer or network) for the latest Petya Ransomware attack is still unknown. When looking at previous Petya and Wannacry attacks however, email has been the vector for the malware.
So, what’s the solution?
In order to come to terms with this, companies have to start using a combination of organisational, educational and technical measures:
- Train your staff and raise the awareness regarding cybersecurity and digital risks.
- Make cybersecurity a board and management issues.
- Carry out proactive measures in order to clog the security gaps where harmful malware can sip through, such as email and external web.