Expert warns of cyber security risks in organisations

The National Uncategorized
Cyber Security Expert Ravin Prasad

CYBER security is a strategic risk to all organisations as there is an increase in security breaches and global attacks, an expert says.
Cybernetic Global Intelligence (CGI) chief executive officer Ravin Prasad said during the PNG Investment Conference in Brisbane earlier this month that organisations should take up measures to protect their organisations.
CGI has been a strategic partner with Datec PNG Ltd since 2017 and has worked with various clients in numerous industries in PNG.
With almost all businesses keeping their data on servers connected to the internet, hackers are always wanting to break into this data.
“As per Trend Micro research, 70 per cent of Australian organisations expect a breach in 2022,” he told the conference.
He said cybercrime was being industrialised.
“Vulnerabilities are identified by one set of groups who then share the information with criminal groups.
“Those criminal groups can lease the ransom ware in exchange for a percentage of the profits and employ it against victims,” he said.
Prasad said there was now an increase in Advance Persistent Threats (APTs).
“Organisations are subject to attackers who are part of the ultra sophisticated teams that deploy increasingly targeted malware against systems and individuals in multistage, stealthy attacks.
“This has enabled a massive increase in both the volume of attacks and their sophistication.
“Ransomware can not only affect the availability of your system but also result in the release of sensitive data,” he said.
He said the reasons for exponential increase in cybercrimes were due to:

  • IGNORANCE and oversight from board members and executive teams towards cyber security;
  • MANAGEMENT is not fully aware of assets, critical data assets and risks associated with them;
  • DUE to high rise in digitalisation data is scattered: multiple connected repositories and multiple vendors;
  • NO current documented information security policies and procedures;
  • LAPSES in key processes like access control, malware protection, change management and incident management;
  • LACK of log monitoring;
  • LACK of cyber security awareness and training; and
  • RELEASING confidential information during the initial level of cyber security services related tenders.