Microsoft and Huawei have joined forces with EastWest Institute to help IT organizations and professionals securely buy information and communications technology (ICT) products. The powerhouse tech companies say ICT buyers are at risk for cyber attacks when using commercial products and services. And with phishing and ransomware attacks on the rise, this isn't a trend that's likely to go away anytime soon.

Why are these companies pushing for greater security in the ICT trade environment? Well, malicious software is being deployed at an ever-increasing rate. According to some studies, there are more than a quarter-of-a-million new malware deployments every day. While there's no individual or business who's off limits to hackers, ICT companies are often targeted because of their inherit connection with digital products.

ICT, as stated above, refers to “informations and communications technology.” It's somewhat of a blanket term used to describe any product or service that involves communication devices, computer applications, radio, televisions, cellphones, network services, satellite, etc.

The European Commission states that ICTs provide greater access to information and communication in “underserved populations.” Less-developed countries, for instance, often invest heavily into ICT products and service.

The problem, however, is that ICT products and services are often targeted by hackers. Computer applications is just one scenario in which hackers use ICT products to deploy malware and perform other nefarious tasks. There's hope on the horizon for buyers and suppliers of ICT products and services, though, as Microsoft and Huawei have released a new guide to strengthen security and protect against potential threats.

Purchasing Secure ICT Products and Services: A Buyers Guide

Released by EastWest Institute in partnership with Microsoft and Huawei, the Purchasing Secure ICT Products and Services: A Buyers Guide is a comprehensive guide that's intended to help buyers and suppliers of ICT products and services identify and address security risks. ICT is a field that's particularly prone to cyber attacks and breaches due to the nature of such products and services. This has prompted Microsoft and Huawei to create a guide pertaining to ICT security.

“The Guide will help buyers and suppliers of technology better understand and manage cybersecurity risks,” said Angela McKay, Director, Cybersecurity Policy and Strategy, Microsoft. “It focuses on the important conversations business leaders need to have about how purchasing decisions, including the security and integrity of the technology they choose, affects their overall risk,” she added.

Consisting of 36 professionally researched and written pages, the Purchasing Secure ICT Products and Services: A Buyers Guide covers ICT security from all angles. More specifically, it focuses on three primary recommendations:

Create dialog about security risk management

Use questions listed in this guide to frame the dialogue

And rely on international standards to increase confidence in results

Reading a little deeper into the guide, you'll discover over recommendations for strengthening cybersecurity. ICT buyers, for instance, can reduce the risk of cyber attack and intrusion by using products and services with sufficient security for their respective environments. ICT buyers can also protect themselves against digital attacks by factoring security into procurement decisions, as well as encouraging ICT product and service suppliers to develop more secure ICT.

It's important to note that this guide is not a checklist. Authors recommend buyers and suppliers of ICT products and services keep the lines of communication open throughout the process. Smaller businesses can use this guide to develop a greater internal awareness for potential security threats and vulnerabilities.

Arguably, one of the most useful aspects of this guide is appendix B, which lists 100 requirements to consider when choosing end-to-end cybersecurity with technology vendors. Here, you'll find a list of 100 questions to ask yourself regarding cybersecurity of ICT vendors. Following this basic outline will give you a better idea of whether or not an ICT vendor is secure, and therefore, whether or not you should conduct business with them.

The Cost of Cyber Intrusion

Of course, being the victim of a cyber attack costs companies big bucks. First deployed back in 2004, the fast-spreading worm MyDoom is believed to be the most costly malware of all time. Reports indicate that it caused roughly $38.5 billion worth of financial losses. MyDoom was spread through email, with the malware disguising itself as spam. When a user opened the attachment file, he or she would inadvertantly infect their computer. But MyDoom didn't stop there. The malware then automatically sent itself to ever other email address tied to the victim.

While MyDoom has since been eradicated, there are still countless other forms of malware popping up in its place, many of which continue to drain companies' budgets. According to a recent IBM study, the total cost of data breaches grew from $3.8 billion in 2013 to $4 billion in 2104. Researchers from this study also found that companies lost roughly $158 per each stolen record.

Some people assume that only large companies are targeted by hackers, but this isn't the case. According to Symantec, a leading vendor of cybersecurity products and services, 43% of cyber attacks targeted small businesses in 2015. That number is up from just 34% in 2014 and 30% in 2013, revealing a disturbing new trend. Small businesses often lack the money and resources to effectively fend off cyber threats, making them ideal targets by hackers.

The good news is that companies like Microsoft and Huawei are working to turn these numbers around by offering advice on how to protect against cyber attacks. The companies' latest guide is just one tool that can help organizations achieve greater security in their respective environments.

Thanks for reading and feel free to let us know your thoughts in the comments below regarding cyber security.