t cht lk
Are we guilty of victim blaming ?
The fact is that cybercrime is an actual crime and businesses that fall foul of it are victims . They have suffered a crime committed against them .
However , the level of sympathy towards organisations that get breached is very different to what we would give to an individual . If someone tells you they ’ ve been hacked , had personal information compromised , and money stolen , your natural reaction probably isn ’ t to say it ’ s their fault .
However , cyberbreaches are a source of lasting reputational damage to businesses . We tend to assume they did something wrong or acted carelessly . As somebody who has worked in the data protection industry for over 32 years , I would tend to agree with this .
The vast majority of cyber incidents are avoidable and the result of organisations failing to follow best practice , poor digital hygiene , and / or outdated or unpatched software .
If a criminal from another country travels to the USA , for example , and commits a crime against a business on American soil , there is an entire diplomatic process to ensure this person is brought to justice and the victim is compensated . This simply isn ’ t the case when it comes to ransomware .
International and intercontinental co-operation is the only way to create an environment where the risks are higher than the rewards for cyber attackers . The scourge of ransomware accelerated during the pandemic , increasing the appetite of government and business leaders to break the geopolitical impasse that has enabled cybercriminals to run riot . But it won ’ t be easy , and a workable holistic solution is still years away .
Learn self-defense
In the absence of a justice system that completely protects us from the bad guys , basic human survival instinct demands that we learn to defend ourselves . In the context of cybersecurity , that means focusing on a few fundamentals .
However , is there any other type of crime that focuses almost exclusively on blaming the victim and so little on bringing the criminals to justice ? Businesses are viewed as the guilty party rather than victims and it is accepted that the criminals are unpunishable due to the lack of an agreed global legal framework and justice system .
Firstly , every enterprise needs a dedicated IT security lead in place with access to business leadership and the authority to lead the security initiative . For smaller businesses , you absolutely need to have a resource with designated responsibility for cybersecurity and specialising in data protection .
68 INTELLIGENTCIO AFRICA www . intelligentcio . com