There is a need for greater cyber security awareness to help employees spot online scams especially phishing, which is still the number one cause of data breaches, according to an expert.
“With the massive amounts of data and massive effect of social media and mobiles, cyber security becomes a threat by any means. But by taking appropriate measures with the right training and properly managed IT environment; even though there’s no such thing as 100 percent secure but at least you will be secure and able to respond to any cyber threat,” said Microsoft Qatar’s Country Manager Lana Khalaf while talking to SME and startup owners at a seminar in Doha recently.
According to the 2019 Data Breach Investigations Report (DBIR) conducted by Verizon, about 43 percent of the incidents in the study were breaches involving small business victims, followed by breaches of public sector entities at 16 percent, breaches involving healthcare organisations at 15 percent, and breaches of the financial industry at 10 percent.
Khalaf added: “If you look at the security breaches that happen, most incidents are from phishing wherein end users are clicking the bait on their devices. This means there should be a lot of awareness on cyber security.
So what we usually do and actually advice our customers and partners is to conduct a massive anti-phishing campaign. So we attack ourselves and check the click rates from the statistics. From there we conduct awareness and training sessions. And year over year, we have seen a tremendous decline in phishing susceptibility in the companies”.
Globally, cyber attacks cost the global economy $600bn annually at an average of $3.86m per breach, said Booz Allen Hamilton in its “The Resilient Equation” report.
GCC organisations spend approximately $3.5m per year on identifying and restraining data security breaches, far ahead of the global average of $2.1m. Booz Allen Hamilton noted that despite such enormous spends, GCC organisations take longer than their European counterparts to contain a breach, with the average reported time in the GCC standing at 260 days, compared to just 138 days in Europe.
Khalaf added: “The most important thing when a security attack occurs, is not that you were attacked, but the ability for you not to be affected by the attack. Making sure you have a disaster recovery in place, your data will not be stolen and your identity is properly managed and secured”.
As part of its cyber security plan, Qatar’s National Center for Information Security has introduced a risk management framework for Qatari enterprises. The Cyber Security Center at the Ministry of Interior (MOI) is targeting to link 100 government and semi-government entities by the end of 2019 to protect them against cyber attacks.
The report added that GCC governments need to take their threat mitigation and resilience response strategies a step further and make it part of the strategic corporate or national agenda.
