Virtual and Augmented Realities are Shaping Our World: A Value Proposition for Businesses
Previous PostSo how important is cybersecurity to businesses, really?
Extremely important, considering a significant need to protect not only the confidentiality, integrity, and availability of a business’s critical data assets and supporting information technology, but also to protect its customer’s data that is vital to the business’s very existence.
The answer is simple: cybersecurity should be a fundamental component within any business model to protect against the underpinnings of today’s constant cyberwarfare.
But what does true cybersecurity look like in practice? Too often, my clients ask me if cybersecurity is a new shiny tool such as a firewall or intrusion detection system (IDS) they could purchase and be done with. The answer is quite the contrary: cybersecurity is a series of policies, procedures, and safeguards that work together as part of the business’s core operations to protect against both internal and external threats.
At the most basic level, cybersecurity requires two essential elements: risk assessment and organizational culture.
Risk Assessment
Risk assessments enable management to prioritize their information security needs, identify risks to their data assets and technology, and mitigate these risks through establishing proper automated tools and procedures. By identifying and assessing vulnerabilities impacting the business, management has the opportunity to evaluate the likelihood of threat agents such as hackers to obtain unauthorized entry to the system and compromise the confidentiality and integrity of information. As an outcome, management determines effective means (either by implementing an automated tool, or process) to mitigate against the identified threats.
In order to effectively counter risks, a business must implement risk assessments on a recurring and consistent basis. A recurring and continuous process will allow management to identify new threats and vulnerabilities based on introduction of technologies or capabilities, and changes to the business model and operating environment overall.
Organizational Culture
Risk assessments are only as effective as the tone at the top. Organizational culture plays a pivotal role in fostering cybersecurity practices and awareness throughout the business.
Leadership must proactively establish a collaborative forum of representatives from both the functional and technical user communities to properly address cyber risks. For example, finance, procurement, and R&D functional areas (to name a few) must work together with system administrators and information security personnel to appropriately control the access rights of employees based on principles of least privilege. Employees with malicious intent can cause grave damage to the organization, as they possess inside knowledge and may understand existing vulnerabilities.
Businesses share an even greater responsibility to protect the confidentiality of their customers’ information. Customer-sensitive PII is the lifeline of the business, as any compromise can quickly spiral into legal battles and damage the overall brand and credibility of the business. It is not uncommon to see large organizations, such as Target and Neiman Marcus, be the victim of cyber attacks that compromises their customers’ credit and debit card information. More recently, there was a major data breach at Equifax, the very organization overseeing customer’s credit scores and credit history. This altogether highlights the importance for businesses to pay even greater emphasis on establishing a comprehensive cybersecurity program.
As a final message, cybersecurity is everyone’s responsibility, not limited to an isolated IT security department. This message must be made clear by the business’s executive leadership to create the appropriate sense of vigilance among the entire workforce. After all, cybersecurity is more than a firewall implementation.
Leave a Reply