Building Cyber Defenses
The COVID-19 pandemic accelerated a digital transformation in many people’s lives, and while that provided many opportunities for brands, the online world is now a more welcoming place for criminals too. Sarah Morgan reports.
Rapid digital transformation has opened doors for cyber criminals to launch attacks against companies. So, brands need to be on alert. With so much at stake, how can companies protect themselves, including against threats they do not even know exist yet? Cybersecurity: The Tenets of Proper Protection, a virtual panel moderated by Swati Sharma, partner at Anand and Anand (India), that took place yesterday, outlined the current environment and various strategies to respond to critical cybersecurity risks.
Jonathon Matkowsky, vice president digital risk at Microsoft Corporation (US), said: “We always knew this digital transformation was going to take place and was taking place already, but the speed at which the pandemic propelled us forward was historic. “At the same time, it was a perfect storm waiting to happen. Cyber-criminal gangs … took advantage of the pandemic and specifically sought to target and take advantage of critical infrastructure.”
Mr. Matkowsky added that harmful cyber activity and operations have become commoditized, with tools, such as Ransomware as a Service (subscription-based access to ransomware) being marketed, and sophisticated attacks frequently taking place.
Agreeing, Gabriela Kennedy, partner at Mayer Brown (Hong Kong SAR, China), noted that statistics show that the number of cyberattacks against organizations has increased enormously during the COVID-19 pandemic.
“Maybe awareness of the potential for phishing attacks is not as heightened as when you’re in an office environment,” she suggested.
“Maybe awareness of the potential for phishing attacks is not as heightened as when you’re in an office environment.”
Gabriela Kennedy, Mayer Brown (Hong Kong SAR, China)
Alban Kwan, regional director of CSC Global (Hong Kong SAR, China), added: “A lot of organizations had to rapidly deploy VPNs [virtual private networks] for people working from home. When you have everyone working outside your firewall, you don’t have a firewall anymore. A lot of organizations don’t fully understand how this impacts cybersecurity at the moment.”
According to Mr. Kwan, the rapid digital transformation meant that many smaller-scale organizations had to rapidly transform their business online.
“This process comes so fast that they don’t actually go back into the foundation [of their business]. They rapidly deploy some new function and website, and establish their identity on different platforms, but have they accounted for everything? This is opening up a lot of opportunity for cyber criminals to abuse [the company’s] identity and launch an attack in the future,” he warned.
Protecting the Crown Jewels
As cyber criminals become increasingly sophisticated and a company’s points of vulnerability within devices, applications, etc. multiply, a sound cybersecurity policy is crucial.
“Within the board room, cybersecurity is a top concern. It can make or break a company,” said Mr. Matkowsky. “The crown jewels are very much likely to be at stake because of the dependencies on technology operations these days.”
In addition to auditing their third-party contracts, Ms. Kennedy said, companies must have a strategy to assess their risk appetite and understand all the data it holds. Although “that’s a big ask for any company,” she acknowledged.
“When you have everyone working outside your firewall, you don’t have a firewall anymore. A lot of organizations don’t fully understand how this impacts cybersecurity at the moment..”
Alban Kwan, CSC Global (Hong Kong SAR, China)
Going back to basics, Mr. Kwan set out a three-step approach for best practice. First, intellectual property practitioners must ensure all of a company’s digital assets, including domain names and social media handles, are accounted for. Proactive monitoring and enforcement are the second and third steps, respectively.
Finally, panelists highlighted cyber insurance, which Mr. Matkowsky, speaking on his own behalf and not on behalf on Microsoft, called a “critical aspect of cyber security today.”
“I see an environment where we are going to have to continuously monitor our entire supply chain as part of our digital footprint to understand the vulnerabilities … I think that insurance companies will expect us to have an inventory and understand the interdependencies with our vendors and not only rely on just having strong contracts but actually monitoring those environments,” he said.
Ms. Kennedy said that every incident in which a company calls upon insurance is going to reveal many vulnerabilities and gaps in policies and procedures.
She concluded: “There’s a lot of work that many companies have to do in just figuring out not just the risk appetite but the policies and procedures in respect of cybersecurity.”
Video courtesy of Envato Elements / secondfalseiteration
Photo of the Day
In the spirit of collaboration, INTA and the Inter-American Association of Intellectual Property (ASIPI) (Mexico) signed a cooperation agreement today during the 2022 Annual Meeting Live+. INTA President Zeeger Vink (l.) and ASIPI President Enrique Diaz penned the agreement.
Wednesday, May 4, 2022
Published by: