Information as a weapon against cybercrime

As the world becomes increasingly digitised and interconnected, the threat of cyber-attacks grows.
Organisations need resilient and secure systems and processes to protect themselves, and one effective solution is cyber security.

A distinct approach shows that, in the context of the COVID-19 pandemic, the internet is one of the most successful beneficiaries. In the last year alone, traffic and transactions have reached unprecedented levels in the industry. At the same time, the number of attacks and malicious activities has seen an overwhelming increase.

According to INTERPOL Secretary General Jürgen Stock “cyber criminals are developing and intensifying their attacks at an alarming rate, exploiting the fear and uncertainty caused by the unstable social and economic situation created by the COVID-19 pandemic.”

Are we losing the battle? At Systema we believe that continuous improvement of existing procedures or rigorous implementation of new procedures + collaboration with qualified subject matter experts are the most valuable weapons of defence for organisations against cybercrime. Huge resources are invested in the cybersecurity sector that are capable of combating cyber threats in real time.

One example is the 27001:2013 standard which highlights a general need for information security policies and is designed to support organisations of all types and sizes in implementing and operating an Information Security Management System.

ISO 27001:2013 is complemented by ISO/IEC TS 27110 – Information technology, cybersecurity and privacy and ISO/IEC TS 27100 – Information technology and cybersecurity, which define cybersecurity, set the context for managing information security risks when information is in digital form and describe the relevant relationships, including how cybersecurity relates to information security.

To whom are these documents addressed?
The documents are intended for use by any person or entity involved in cybersecurity: users, vendors, certifiers, policy makers and regulators, consumers, suppliers and manufacturers.

What can organisations do to protect themselves?
One of the key actions organisations need to take is to fully understand the risks they face and apply a range of controls to mitigate them.

Industry best practices show that good awareness of cybercrime that can jeopardise an organisation’s structure can minimise risk.

„If you know the enemy and know yourself, you don’t have to fear the outcome of a hundred battles. If you know yourself but not the enemy, for every victory you win, you will suffer a defeat. If you know neither the enemy nor yourself, you will yield in every battle.”
Sun Tzu, The Art of War

Further details on other standards, here.