Businesses must be aware that the potential for hacking and other cybercrimes has increased significantly in the wake of the COVID-19 pandemic, as more business operations have migrated online and reliance on technology has grown. This was the consensus from a panel of experts during a recent ICAEW (the Institute of Chartered Accountants in England and Wales) webinar on cybersecurity.
The experts stated that organisations were seeing a steady rise in security breaches, as the effects of working from home and uncertainties caused by the unstable economic situation offered new opportunities and vulnerabilities for cyber criminals to take advantage of through phishing emails, ransomware, data harvesting malware, and distributed denial of service attacks.
The panel of business leaders provided insight and shared best practice of how businesses can defend against money laundering, forgery, credit scams and ransomware. Discussions also centred on cyber security failures and how techniques used by cyber criminals are evolving. Panellists included:
- Kevin Foo FCA, Partner, KPMG Malaysia
- Julia Seppa ACA, Manager, Risk Advisory, Cyber Practice, Deloitte Finland
- Kevin Wong, Managing Director, FTI Consulting Middle East
- Patrick Wong, Director, Cyber Security and Privacy, PwC Hong Kong
In December 2020, the Centre for Strategic and International Studies and computer security company MacAfee projected that there had been almost a trillion US dollars in losses from global cybercrimes – almost double the monetary loss reported in 2018. Threats can come from many sources due to new technological vulnerabilities regularly being identified.
The panellists agreed that the nature of cyber threats make it difficult to manage risks, and cannot be managed solely through traditional internal controls. They highlighted the importance of involving all departments in cyber risk management and that cyber security is not solely an IT problem, but a risk that all parts of a business need to manage by building effective solutions incorporating people, processes and technology.
Panellists suggested businesses should incorporate solutions to mitigate cybersecurity risks, such as a cybersecurity education program for employees, strong password policy with multi-factor authentication, cloud migration, or end point detection systems which can help defend against malware and other threats.
Michael Armstrong, ICAEW Regional Director for the Middle East, Africa and South Asia (MEASA), said: “In an increasingly connected world, planning how to respond to cybersecurity incidents is just as important as trying to prevent them. As hackers seek to take advantage of new systems of digital and remote working, it is imperative for companies and organisations to safeguard their data and reduce risks by instilling a culture of trust and integrity amongst their employees. It is also important for organisations to implement the right procedures, internal controls and compliance checks that fit their organisational structure. These steps will put businesses in a better position to increase productivity, stay safe and ensure success.”
Julia Seppa ACA, Manager, Risk Advisory, Cyber Practice, Deloitte, Finland, said: “Cybercrime is evolving, and so must businesses and security teams. It is important for businesses to not only prevent threats and breaches, but to be prepared to detect and respond to cyber threats, so they can recover quickly from cyber-attacks with minimum disruption to business activities.”