With the use of digital platforms becoming part of daily life, hackers are employing ever new ways of finding their victims, who include school children attending online classes, small business owners and even street corner shops.

A most recent case involving stealing of video footage of events, particularly marriages, from photo studios shows the extent to which hackers have penetrated. The criminals, believed to be of East European or African origin, demanded big sums for the return of the files. For a photo studio, a wedding video has priceless value, as failure to deliver would mean irreparable loss of credibility and probably the future of the business itself.

People working from home, which may not have the benefit of better security at their offices, particularly vulnerable, with the potential of major data leakages.

According to a recent report, there has been a 15 percent increase in the number of attacks since the beginning of this year and 20 percent in March, the peak point in the lockdown period. Globally, hacking attacks have registered big increase since the outbreak of the pandemic, and data of coronavirus patients, a much sought after commodity in view of the attempts to develop a vaccine, has been a key target. Even the website of World Health Organisation (WHO) and other health organisations, including test centres and hospitals, have been subjected to major hacking and phishing attempts.

Cyber events and threats evolve dynamically: there is a constant battle of finding and patching system flaws, both from the perspectives of attackers and defenders. Indeed, it is a game with high stakes.

A latest Standards & Poor’s report examines the implications of the new working environment for organizations, necessitating a re-thinking of digitalization strategies and doubling-down on information technology (IT) spending, cloud capacity, and infrastructure to boost bandwidth, ensure business continuity, and retain customers.

According to the agency, these digitalization trends are here to stay and will inevitably lead to a higher likelihood of cyber incidents, as entities increase their digital footprint or enter the space for the first time.

The swift remediation of cyberattacks is increasingly vital, as the nature of threats will continue to evolve. Entities that do not have a well-tested playbook to help define and shape their activities following an attack will be disadvantaged and could become more exposed to future attacks. Once an attack becomes apparent, management teams have the potential to be more in control of the situation than ever before, says the report.

But a most worrying part is that it would be less common for an entity to possess a strong and sophisticated cyber risk-management framework. “Equally, an entity with strong governance protocols does not necessarily have robust levels of cybersecurity, but we would expect it to respond appropriately following an attack. Leadership is key in ensuring a systematic and timely response to minimize the impact, while maintaining communications with customers, suppliers, regulators, and other stakeholders. Appropriate communication channels to connect with relevant stakeholders, conveying clear and transparent messages,” S&P points out.

The agency believes that there will be a tipping point within the next decade, likely accelerated by the Covid -19 pandemic, when the frequency of successful attacks increases. If this is accompanied by a simultaneous increase in the severity of an attack, there may be a more significant effect on entities' credit profiles, especially if handled poorly. The severity of cyber attacks may be relatively low currently, but in the case of governance deficiencies and poor handling, the frequency and cost of attacks can add up (in terms of fines, brief business interruption cases, data recovery costs), potentially damaging profitability and cash and liquidity levels.

The importance of legal and regulatory compliance has never been more important or more complex, according to the report. Entities find it close to impossible to stay fully abreast of all potential threats: limited budgets and cost controls mean that cyber spend is a finite resource. It is also difficult to demonstrate the need for cyber spending when the entity has not suffered financially following an attack.

“Cyber risk-management teams seeking budgetary approvals from their C-suite will fare better if they can demonstrate most "bang for their buck" for cybersecurity investments. This may be a difficult sell, but the importance cannot be underestimated and often requires a creative approach to highlight return on investment”. (IPA Service)