Denial of service attacks, virus and trojans are a few examples of terminology increasingly reported by the press to describe cyber-attacks. Typically, the same articles report on subsequent damage to organisations, spanning from financial loss, to impact on operations and damage to an organisation's reputation.
Cyber risk is an escalating threat and one of the most challenging issues facing the world today. Attacks are becoming more frequent, intense and sophisticated. Motivations range from financial gain and data theft to threatening critical infrastructure and reputation damage. With today’s organisations and their increasing reliance on IT systems, particularly with the rising prevalence of web based connectivity from systems to system, inherent risk to exposure is increasing. At the same time, the technical knowledge required to conduct such attacks is decreasing as the resources, tools and knowledge forums now available to perpetrate such attacks expands.
With cyber risk, there is an active adversary, meaning defences need to be increasingly sophisticated to keep pace. In this regard, the source of cyber risks is often unexpected and can include any number of the following:
- the business environment you operate in;
- business activity;
- information about your organisation from the web; and
- your staff’s use of social media to inform targeted ‘social engineering’ attacks.
With the above in mind, it is imperative your organisation understands the level of cyber risk it is exposed to and uses this intelligence to better inform risk management strategies. Valuing your cyber risk based on a sound model is an invaluable exercise to inform your corporate governance framework and cyber control environment.
What do organisations need to do to ensure adequate cyber defences are in place?
Cyber-attacks are facilitated by a fractured approach to an organisations IT security framework. These complex operating environments, particularly within technology based organisations, heighten risk exposure principally due to more mobile working, cloud computing, virtualised systems and ‘bring your own device’ solutions.
Your organisation’s security framework should be holistic in nature, designed to ensure protection exists at all levels of your IT environment. It takes just one door left open to allow a skilled hacker into your operating environment. It is therefore important that an organisation focussed on its people, its processes and its technology in developing effective cyber risk strategies
There are a number of key considerations to keep front of mind when it comes to your organisation's security.
Click here to read more on cyber value risk and control assessment.
If you would like any more information on this issue please contact David Blacher.