The narration that the digital revolution will bring a lot of extraordinary solution to our daily problem is a common story nowadays. The increasing interconnectedness is predicted to boost efficiency in every aspect of life. In Indonesia, there is a huge leap in the number of total connected devices nationwide. Each year, the number of users of gadgets and other digital-related-technology is increasing. A recent report from Cisco estimated that the number of connected devices in Indonesia would grow up to 594.0 million in 2021, a significant increase from 423.0 million in 2016.[i] While this increase may show a more connected nation, increasing the flow of communication and spread of information, this technological leap also comes with its shortcomings, that is the threat of cybersecurity. This article will be discussing cybersecurity and the threat against the users of technology, more significantly, corporations.
Corporations and institutions that use the internet of things as their operational backbone are susceptible to cyberattacks. Even though the attacks happened online, it will hugely affect our life like what happened in England in 2017 with the WannaCry attack. WannaCry is one of many cyberattacks that targets company and government as a target. The WannaCry flare-up – one of the phenomenal cyberattacks that ever happened-- had closed down PCs in excess of 80 National Health Service associations in England, bringing about 20,000 dropped arrangements, 600 GP medical procedures coming back to pen and paper, and five clinics basically occupying ambulances, unfit to deal with any more crisis cases.[ii] Based on this event, it is seen that cyberattacks happened because the current technology enables the ransomware like WannaCry to attack and spread its negative impact through the enormous number of connected devices.
The cost of a cyber breach is very high. According to NetDiligence, the average cost of a cyber breach was $349,000 in 2017, while for the big company, the average cost was a lot higher, numbered at $5.9 million.[iii] The number shows that cybersecurity is a fundamental issue for every user, but also more importantly, for corporations that might suffer a bigger loss than a regular user.
Why Cybersecurity Matters
According to a McKinsey report entitled Meeting the cybersecurity challenge, there are four common trends that will push corporations to start thinking more about cybersecurity. Firstly, value continues to migrate online, and digital data have become more pervasive. More online exchanges make greater motivators for cybercriminals. Secondly, while smartphones and tablets increase our connectivity, they additionally present new sorts of security dangers: when hackers breach a gadget, it makes an easy point of entry for malware to corporate systems.
Thirdly, supply chains are progressively becoming more interconnected. It implies that an organization's barrier against assaults lays to a limited extent on the security arrangements of partners and customers. Fourthly, malicious actors like professional cybercrime organizations, political “hacktivist,” and state-sponsored groups are becoming more sophisticated in doing their act.[iv]
In one global survey, it is found that around 75 percent of executives stated that they think about cybersecurity as the best need. However, just 16 percent said their organizations are prepared to withstand digital dangers.[v] Simply spending more on the IT division is probably not going to help much. About 45 companies that are listed in the Fortune 500 organizations found a poor relationship between the amount they spend on cybersecurity as an extent of their general spending on IT, and how refined their projects are.[vi] How can corporations integrate their spending with a more comprehensive policy on cybersecurity?
Digital Resilience for Corporations
Based on another McKinsey’s report, Digital resilience: Seven practices in cybersecurity, corporations could also develop a more thorough digital resilience program with several steps. First, corporations may incorporate cybersecurity in administrative processes. Second, organize more comprehensive data resources and data-related dangers. Third, reinforce cybersecurity insurance for critical resources in each department. Fourth, connect all employees because each of them has a part to play in protecting the corporations. Fifth, strengthen the foundation of cybersecurity within the IT division. Sixth, utilize "active defences," which will prepare corporations against possible attacks in the future. This can be done by the utilization of big data. And the last, plan and test reactions to cybersecurity incidents so when the real incidents happen, corporations already had a preparation to deal with it.[vii]
Faced with this kind of new challenges that never occurred before in the business world, corporations should reconsider about a more comprehensive plan in facing the threats of cybersecurity. Issues about cybersecurity are not only the concern of IT departments only but also the c-suites.
Editor: Treviliana Eka Putri
[i] Cisco Systems. (2016). Cisco VNI Complete Forecast Highlights. [online]. Cisco System. Available at: https://www.cisco.com/c/dam/m/en_us/solutions/service-provider/vni-forecast highlights/pdf/Indonesia_Device_Growth_Traffic_Profiles.pdf [Accessed 15 Oct. 2018]
[ii] Hern, A. (2018). WannaCry, Petya, NotPetya: how ransomware hit the big time in 2017. [online] The Guardian. Available at: https://www.theguardian.com/technology/2017/dec/30/wannacry-petya-notpetya-ransomware [Accessed 15 Oct. 2018].
[iv] Kaplan, J., Sharma, S. and Weinberg, A. (2018). Meeting the cybersecurity challenge. [online] McKinsey & Company. Available at: https://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/meeting-the-cybersecurity-challenge [Accessed 15 Oct. 2018].
[v] Dhingra, A., Gryseels, M., Kaplan, J. and Lung, H. (2018). Digital resilience: Seven practices in cybersecurity. [online] McKinsey & Company. Available at: https://www.mckinsey.com/business-functions/digital-mckinsey/our-insights/digital-blog/digital-resilience-seven-practices-in-cybersecurity [Accessed 15 Oct. 2018].