Have you calculated the price tag of the next cyber breach?
There are some global surveys on cyber threat and the
defense of IT-Security with vital statistics to safeguard the company and
ensure proper business continuity. In most more than half the respondents
believe that a successful cyber-attack is likely in 2015 and phishing, malware,
and zero-days are of primary concern.
Within the past three years, the cost
of a business of each lost or stolen record, a data breach or business
interruption has gone up dramatically. The average data breach in the
USA is now $3.79 million, therefore all companies are now protecting themselves
against cyber risks. The main difference is understanding what information
is necessary to protect; is it IP, credit card transactions, or the automated
systems and processes in the assembly line.
What is the real challenge IT risk managers face today
While the costs vary by industry, the intrusion or breach is not limited
to any particular sector.
Most businesses, industries and trades are at risk from cyber attacks.
However, the top three are financial institutions, retail, and healthcare.
Assessing the potential severity and the adverse consequences are primarily
on those companies that rely heavily on technology, logistics or computers.
Therefore besides financial institutions, retail, and healthcare, the
next in line are manufacturing, energy, utilities and airlines. These
were particularly vulnerable because they all depend on interconnected
networks and suppliers talking to one another. Over 50 percent of supplier
disruptions were caused by cyber issues last year.
Unite the cyber backup protection
Differing cyber risk exposures require the particular need to manage those
IT-Security risks. Organizations should first perform a business impact
analysis to determine what their business needs to protect, take steps
to protect critical functions and data.
Most companies and IT departments think that they have a robust backup
plan, however when the discontinuity and the cut off of data, or automated
processes occur, they find that there were many gaps and holes ions the
backup system, like rewritings on old files or only documenting changes.
Process can have a domino effect
Often the backup systems miss protecting the processes when focusing on
the enormous quantities of data in need of protection. Sales, procurement,
and payroll, are frequently automated. In these cases, it is not data
that is important, it is the processes themselves that are even more vital.
Therefore, the first significant step of the IT department is to focus
on information security and to define and prioritize what they are protecting
for the business processes.
Find indicators of compromise
It is vital to understand how cyber breaches and security fits into the
larger picture of IT risk connectivity. Therefore, stakeholders can play
out the various scenarios to increase the IT and data resiliency from
a holistic standpoint. As businesses exposure to cyber, risks will continue
to rise in the world gets more interconnected.
This aspect increases the IT and data complexity; companies need to address.
To ensure that cyber risks are not dealt with in isolation, but as a part
and parcel of the companies overall process and holistic risk management
strategy, the involvement of different stakeholders to assess and monitor
the exposures that the companies processes might have in a forthcoming
breach.
One
of the speeches at the 9th annual European GRC Summit on the 22-23td September
at the World Trade Center in Stockholm is:
In the world of readily available cloud-based file sharing, the IT department's
biggest challenge is to control the flow of information, documents and
archives.
- What are the typical GRC issues to address the cloud and big data
challenges.
- How can IT regain control of the information trail and deliver integration,
confidentiality, integrity and availability of all documents at all
times?
Owe Lie-Bjelland, CEO, Xait. Owe is a partner of Xait. He has technical
background from the print, press and publishing industry. Owe helps companies
optimize and revolutionize their reporting and document creation, co-authoring,
automation, publishing and information management processes. Owe is an
expert in enterprise content management, information governance, security,
business process optimization, innovation, leadership, human resources
and risk management.