By Hemant Dusane, Information Security and Risk Management professional, RAGE Frameworks Inc.
Hemant Dusane, Information Security and Risk Management professional, RAGE Frameworks Inc.
No industry sectors are entirely immune from cyber-attack risks. The digital interconnectivity of business operations, suppliers and customers mean that any organization is vulnerable to potentially catastrophic electronic data theft or sabotage. This inter-reliance between organizations and growing prevalence of cloud computing, social media, corporate ‘bring your own device’ policies, big data and state-sponsored espionage have catapulted cyber risk into one of the top concerns of business leaders today.
Risk Management consulting as an industry and practice can be viewed through the lenses of institutional theories (institutional entrepreneurship), transaction cost economics (principal-agent problems, transaction costs of outsourcing advice and implementation)and organization theories that study professional service firms (PSF).
Risk has three dimensions:
All three dimensions of a risk are independent: a positive or a negative risk may be either highly probable or very unlikely, and the extent of its consequences may be very small or very large. For risks with which risk management typically deals, the direction is negative, the probability is slight, but the consequences may be disastrous.
Risk management is the process of planning, organizing, directing, and on trolling resources to achieve given objectives when surprisingly good or bad events are possible. Almost all organizations strive to manage risk for three fundamental reasons:
These three goals stem from the nature of risk itself, which we defined earlier as the possibility of a surprisingly bad, or a surprisingly good, event.
EMERGING trends in cyber risk:
Data breach, Social media and brand equity risk:
Data breaches can be Epic-Fails with far-reaching and destructive implications for brands. Once sensitive consumer information—payment-card data, home addresses, phone numbers—are stolen, the ramifications can include federal investigations, appearances by company execs before legal committees, class-action lawsuits, and months of scathing headlines, all of which can precipitate a major loss of consumer trust. Big companies spend millions, billions of dollars building their brands over 20, 50, 100 years. If something bad happens, like the breach at Ebay/Target, all that can be gone in one fell swoop.
All types of industries are facing the rise of security breaches that are costing millions of dollars to companies and for the first time in 2013 losing millions of identities too. Hackers have changed their methods of attack, where e-mails were the prime focus in 2012, now it is through downloads and the move to mobile devices that has provided another route for infestation.
In parallel to data breach, social media also cause brand equity risk in overt way. Most companies recognize the power of social media which can be a useful tool in promoting a company’s brands, but can also be a double edged sword when things go wrong. Social media sites are increasingly becoming the way we read and comment on the day’s events. It can also be an outlet for disgruntled employees, customers and special interest groups looking to cause harm or damage to a brand. The ability to quickly spot and respond to trends involving your products is crucial in today’s world. Increasingly, companies today are taking a proactive approach to social media to both mitigate risk and build trust with consumers.
Attack Techniques during June-2015:
Risk Mitigation Methodology
First and foremost, companies should take all possible steps to safeguard sensitive data. An ounce of prevention (millions of dollars in technology upgrades and IT hires) can outweigh a pound of cure (many more millions of dollars and months of PR, social and paid-content spinning as a brand’s image threatens to go down the tubes).
Waiting until the damage is done and trying to rectify it is too late. Having a plan for your corporate response to a breach, how you will minimise the damage, and what will be done to rectify the problem should be mandatory.