How Egyptian companies can up their cybersecurity game: Cyber attacks are higher than ever worldwide, and Egypt is no exception. We’ve seen the likes of shipping giant Maersk — which put the cost of its cyberattack at up to USD 300m, according to the Financial Times — along with regional ride-hailing app Careem, and mass transport app Swvl suffer from cybersecurity attacks. And 2021 has seen over 46 mn cyber threats in Egypt alone, according to Trend Micro’s annual report.

But 2021 was also a tough year on the global level, dubbed the worst year ever for cyberattacks on companies. Corporate networks reported 50% more attacks per week when compared to the previous year, according to data from Check Point Research

The cost of cybercrime globally is predicted to hit USD 10.5 tn by 2025, according to the latest version of the Cisco/Cybersecurity Ventures report. If it were measured as a country, cybercrime would be the world’s third-largest economy after the US and China, points out the chief editor of Cyber Crime magazine.

And it is more likely to keep CEOs up at night than covid. In fact, cyber risks are currently the biggest concern for companies globally in 2022, according to the Allianz Risk Barometer, driven by a surge in ransomware attacks. A majority of CEOs, risk managers and experts in 89 countries stated that the threat of cyber attacks and data breaches worries them more than supply chain disruption, natural disasters or covid.

But cybersecurity is yesterday’s news — what matters most today is cyber resilience. Enterprises should move beyond cybersecurity and focus on their cyber resilience, managing director of IBM spin-off Kyndryl Mahmoud Badawi says. “We need to focus on how to build our immune system to be able to be resilient towards threats which will always be around,” he adds, pointing out that the hacking landscape is constantly evolving, and new security threats arise every day. While staying on top of threats is important, recovering from them is just as vital.

Your company’s cyber resilience strategy should include “anticipating, protecting against, withstanding and recovering,” Badawi notes. It’s important to have the right infrastructure in place, build your company’s defenses, methods and policies, and it’s equally essential to be prepared for what happens after an attack. “It’s not just defending and protecting. It’s living through it and recovering,” Badawi says. There is no end-all solution that could guarantee your company will never be the victim of a cyberattack, he explains; however, there are a few steps that can be taken to help lessen the risks.

So how can you do that? You need to focus on product, process and people, global success manager at cybersecurity and digital risk management company RSA Mohamed El Garf says. You should invest in a strong tech product that fits current market needs, have the right process in place to deal with threats in real-time and manage the product adequately, and make sure you have the right people to build and manage the product and the process.

Let’s break that down: #1- Product: To secure your tech product, make sure that you have an identity security solution, Garf explains. It’s a tool that makes sure users are who they say they are and doing what they are allowed to do. This includes making sure that only authorized users can access sensitive information and that malicious actors can't get access to the data. Think of the two-step verification process in Gmail where you add your phone number to get a code that allows you to log in, or the fingerprint you need to scan in order to make an OTP request in banking apps.

And then ensure the following: Have a security information and event management system to monitor and control the logs of all cyber incidents occurring on your company systems. Get a network detection and response system that constantly monitors your company’s network to find cyber threats or strange behavior and responds to these threats. This system can use its own tools to deal with the issue or be integrated with available cybersecurity products in the market.

If your product deals with online payments, go the extra mile. For businesses with online transactions, a solid ecommerce security system is essential along with adaptive authentication tools, Garf explains. Adaptive authentication creates a profile for each user on your platform that includes that person’s geographical location, used devices and other identification metrics. Each time the user tries to authenticate their identity, the request is assigned a risk score.

#2- Process: There needs to be a cybersecurity strategy document that comprises all possible cyber threat scenarios and how to handle them, based on their level of difficulty and traits. For instance, is the threat internal or external? Is it severe or minor? The cybersecurity strategy and roadmap help the team handle threats as they come in. Cybersecurity companies create this document for their clients, which mostly incentivizes the latter to buy security products, El Garf says.

You also need endpoint security. Endpoints are basically all devices connected to a specific network, such as tablets, laptops and mobile phones. There are endpoint detection and response systems that work on detecting, analyzing, blocking and containing ongoing cyberattacks. This involves the continuous monitoring of devices that are connected to that network. Think of it as an antivirus program on steroids that can protect multiple devices from cyber threats at the same time.

#3- People: When tackling human resources from a cyber resilience perspective, you have to focus on two aspects — building a strong cyber resilience team and raising cyber threat awareness amongst all of your employees.