The risk of cyberattacks remains high and is likely to increase, according to IT specialists at numerous Czech companies. The experts also observe that the proliferation of AI is much to blame for the situation. Other challenges perceived within the cybersecurity community include the impending implementation of the NIS2 cybersecurity directive as well as cybersecurity across supply chains, a recent survey conducted by Mastercard among Czech and Slovak businesses and organisations shows.
Artificial intelligence (AI) is the watchword of the day. It is one of the hottest topics across industries, cybersecurity included. However, three in five corporate IT experts believe that it is the offenders rather than the defenders who benefit from the capabilities of AI.
“The results of our survey unfortunately indicate that a still rather low awareness of AI potential persists in terms of securing corporate IT systems, while this is precisely the area where plentiful opportunities arise for the safeguarding of company and customer data,” said Barbora Tyllová, Manager, Business Development Digital, at Mastercard Czech Republic and Slovakia. AI can, for example, help to identify fraudulent transactions or unusual behavioural patterns and thus assist in uncovering fraudulent accounts, added Barbora Tyllová.
Deploying innovative cybersecurity defences could easily prove highly beneficial for Czech and Slovak businesses and organisations since more than 90 percent of survey respondents in the survey found cyberattacks are becoming more and more sophisticated as time passes. The good news here is that growing numbers of businesses are aware of the cybersecurity risks. The number of companies declaring cybersecurity their number one priority jumped from 43 percent last year to 58 percent in the latest survey.
Still, no less than 20 percent of businesses stated that they had no formal plan or guideline to be implemented or followed in the event of a cybersecurity incident. A formal action plan describing the steps and actions to take in case of a cyberattack plays a crucial role in fending off cybersecurity incidents. Among businesses with an action plan in place, only 14 percent of them failed to defend their systems from a cyberattack. This percentage rises to 24 percent among companies with no plan implemented. On average, just under 20 percent of attempted cyberattacks found their mark. That is a rather high percentage, indicating that one in five businesses in the Czech Republic or Slovakia have fallen victim to a cyberattack.
Biggest threat? Human error
In the past year, phishing was the most frequently reported type of cyberattack. As many as eight in 10 companies and organisations encountered an attempted phishing attack. This prevalence may be the reason why preventing human factor failures and improving awareness take centre-stage in the area of cybersecurity. At the other end of the scale, the survey in Czech Republic and Slovakia showed that the number of ransomware attacks directed at businesses and organisations has roughly halved compared to the previous year. The incidence of malware attacks was also somewhat reduced on a year-on-year comparison.
According to no less than 72 percent of survey respondents, following questionable links and/or responding to suspect messages were the two most frequent causes of successful cyberattacks. This ties in very closely to the issue of identity theft. It is the protection of identity for a business’ senior figures that can go a long way towards protecting the business from data theft and misuse.
New digital world challenges
It is not only securing systems entrusted to them that keeps corporate IT admins busy. They also have to contend with increasing regulatory demands, mainly in connection with the implementation of the NIS2 directive. This European directive applies to a majority of entities covered by the survey in Czech Republic and Slovakia. Three in four stated that they had already implemented the new rules into their operations. However, that still leaves roughly a quarter of those questioned during the survey with no idea of whether the directive applies to them, or even unaware of its existence. Yet the directive is already in force and businesses must comply with it.
One area that seems to linger on the fringes of Czech and Slovak corporate IT departments’ attention span is security from cyberattacks across supply chains. This area remains neglected. Some 61 percent of surveyed businesses and organisations manifested little interest in the cybersecurity of their supply chains.
In the survey, only 19 respondents reviewed the level of IT security of all their suppliers, while 20 percent employed the approach to their key suppliers. The rest relied on their partners managing their cybersecurity well enough.
When reviewing supply chain cybersecurity, most (52 percent) businesses and organisations used questionnaires, followed by agreements (20 percent) or ISO certification (10 percent). Only 15 percent of the those surveyed used an automated system.
“The survey in Czech Republic and Slovakia clearly showed that the demands of cybersecurity keep increasing. It is only understandable that for some businesses this is quite a burden which would call for expanded IT teams as well as increased funding. The logical way out of the conundrum is via outsourcing,” said Barbora Tyllová.
About Mastercard (NYSE: MA)
Mastercard is a global technology company in the payments industry. Our mission is to connect and power an inclusive, digital economy that benefits everyone, everywhere by making transactions safe, simple, smart and accessible. Using secure data and networks, partnerships and passion, our innovations and solutions help individuals, financial institutions, governments and businesses realize their greatest potential. With connections across more than 210 countries and territories, we are building a sustainable world that unlocks priceless possibilities for all. www.mastercard.com
Annex 1: Why are Mastercard solutions the right choice?
As a technology company, Mastercard has an extensive track record of providing the most secure payment transactions. Staying abreast of the rapid technological development of the financial industry in recent years, Mastercard has expanded its focus to encompass comprehensive security for other areas of business undertakings. On the back of dozens of strategic acquisitions coupled with in-house development of cybersecurity instruments, Mastercard has become a global leader in security solutions tailored to the needs of both businesses and governments.
- Cybersecurity principles have secured Mastercard’s global payment network for over 50 years.
- The company securely stores more than 18 petabytes of sensitive data. One petabyte equals 1,024 terabytes.
- Mastercard ensures data and transaction security for some two billion payment cards annually.
- The company each year mitigates the impacts of some 3.2 million attempted phishing attacks aimed at its global network.
Annex 2: Mastercard cybersecurity instruments
ID Theft Protection puts end users back in control of their identity. The instrument’s protection from identity theft continuously monitors not only the generally accessible webspace but also the “deep web” and “dark web”, where the instrument is constantly on the lookout for sensitive personal data such as e-mail addresses, card numbers, banking information and more. In the event of a suspected identity theft, its owner is notified immediately.
RiskRecon enables detailed, continuous auditing of the cybersecurity provisions of any business. The tool detects any weaknesses in IT systems, assesses risks and recommends suitable protective measures in order to provide maximum customer protection. The mere presence of an organisation on the internet, i.e. its website, is all the instrument needs as a source for its comprehensive cybersecurity audit. RiskRecon is designed for any business or organisation with an online presence and an extensive supply chain. In the Czech Republic, it has been deployed for example by hospitals and insurance companies.
NuDetect makes use of passive biometrics to assist in the verification of transactions. The tool’s smart algorithm learns how a user interacts with their smartphone or computer. Using information on how a user swipes on the phone’s screen or types on a PC’s keyboard, the tool can determine whether an interaction is coming from the actual user. By detecting the slightest differences, NuDetect can prevent fraud with an accuracy of more than 99% in real time. It can replace or complement widely used biometric verification by fingerprint or face scan.
Ekata uses AI to verify digital identities. The tool assigns identity risk scores depending, for example, on the involvement of personal data in a past fraudulent activity. With the tool, online merchants and financial institutions become able to very quickly detect fraudulent accounts or unauthorised use of bonuses. Ekata is also used, for example, by accommodation agents and lottery companies.
Ethoca is commonly used by various financial institutions to monitor payment card transactions. The solution comes into its own especially in chargeback situations. Ethoca helps banks and merchants save money that would otherwise be spent on fraudulent chargebacks. The solution also reduces the burden on call centres as well as costs related to complaint resolution. It also makes card transactions more transparent for both customers and banks as it attaches detailed information to purchases, including the merchant’s name and logo, or the purchase location.