Companies are increasingly getting affected by cybercrime. This phenomenon has been particularly highlighted with manifold attacks since the war in Ukraine. It is a broad concept that generally includes all criminal offenses committed on or through a networked computer system. This new form of criminality and crime differs from traditional forms in that it takes place in a virtual space, “cyberspace”.
For many years, the democratization of access to information technology and the globalization of networks have been factors in the growth of companies, but also parallel to “cyber crime”, a factor that affects not only large groups.
examples of dangers
There are many potential threats to a business. Among them, cross-site scripting that makes it possible to attack Internet servers by injecting content) or even internal attacks (for example a malicious program introduced via a USB key, which is vulnerable would exploit a flaw in the operating system to get the data out) but these are not the only ones and we regularly use phishing, spear phishing, denial of service (DoS) attacks, distributed denial of service (DDoS) attacks or even That’s why we hear about stealth downloading (drive-by download)… so companies should be cautious. These attacks can lead to theft or destruction of data, or even block systems.
examples in health
Like any structure, hospitals are vulnerable to computer attacks. DMPs (Personal Medical Records) established with the aim of improving coordination and continuity of care while ensuring information traceability, are under threat today due to these cyber attacks.
Recent news is about personal medical records being posted online and bugs in medical software causing complications for patients. These matters are part of a debate over the privacy and security of DMPs and raise many questions, including their use by banking and insurance institutions.
Despite the strict monitoring of the healthcare data hosting service, the threat of cybercrime has forced medical device manufacturers and healthcare workers to remain vigilant. In addition to this measure, the response in the health sector to protect files may motivate SMEs as we see previously sought to limit measures that remain the major security failure: human. Employees should be alert to the dissemination of personal data and anticipate the consequences of future attacks.
To counter this potential threat
Risk analysis appears to be necessary to reconcile business requirements with security requirements. Of course, manufacturers must also integrate safety into (medical for health) devices.
To go further, you can also base yourself on standards: ISO 27000 Overview and Terminology, ISO 27001 ISMS Requirements, ISO 27002 Code of Practitioners, ISO 27004 Measurement, and 27005 Risk Management. Beyond standards, it would be above all a question of making your employees aware of this risk so they don’t leave their passwords around, for example, or visit sites that put your computer system at risk .
Finally, be aware that the risk management for maintaining intangible capital typically corresponds to 80% of a company’s value according to the World Bank.