Companies are increasingly affected by cybercrime. This phenomenon has been particularly prominent since the war in Ukraine with attacks multiplying. It remains a broad concept that includes all crimes that can be committed on or through a computer system, usually connected to a network. This new form of criminality and delinquency differs from traditional forms in that it takes place in a virtual space, “cyberspace”.
For several years, the democratization of access to information technologies and the globalization of networks have been factors in the development of companies, but also in parallel with “cybercrime”, a factor that does not only affect large groups.
Examples of threats
There are many potential threats to a business. Among them, cross-site scripts that allow attacking Internet servers by injecting content) or even internal attacks (for example, a malicious program, introduced via a USB key, that will take advantage of a flaw in the operating system to leak sensitive data ) but these are not the only ones and we regularly hear about phishing, spear phishing, Denial of Service (DoS) attacks, Distributed Denial of Service (DDoS) attacks or even drive-by downloads… Therefore, the Companies must be vigilant against these attacks, which can lead to data theft or destruction, or even system crash.
Example in the field of health
Like any structure, hospitals are vulnerable to computer attacks. The PMDs (personal medical records) created with the aim of improving the coordination and continuity of care and guaranteeing the traceability of the information are today in danger due to these cyber-attacks.
Recent news has been about personal medical records being posted online and bugs in medical software causing complications for patients. These cases are part of the debate on the confidentiality and security of DMPs and raise many questions, including their use by banking and insurance institutions.
Despite the strict supervision of the healthcare data hosting service, the threat of cybercrime has forced medical equipment manufacturers and healthcare personnel to be vigilant. Apart from this measure, the reaction in the field of health to protect files can inspire SMEs since we see that the first measures were intended to limit what continues to be the great protection failure: the human one. Staff must remain vigilant against the spread of personal data and anticipate the consequences of future attacks.
To counter this potential threat
Risk analysis appears to be essential to reconcile business requirements with security requirements. Of course, manufacturers must also integrate security into devices (medical for health).
To go further, you can also build on the standards: ISO 27000 overview and vocabulary, ISO 27001 ISMS requirements, ISO 27002 professional code, ISO 27004 measurement and 27005 risk management. Above all, it will try to make your employees aware of this risk so that they do not leave their passwords lying around, for example, or do not visit sites that endanger your computer system.
In conclusion, keep in mind that risk management to maintain intangible capital generally corresponds to the value of the company by 80% according to the World Bank.