Financier Worldwide .com logo
Free trial subscription | Subscribe now | Register for free NEWSwire | Products & services | FW Direct (RSS/XML)
User ID:  password:  
remember me
Forgot your password?
= requires subscription
search: 
Advanced Search
Print Edition
April 2014

issue

menu1
Current issue
Subscriptions
Editorial submissions
About FW magazine
FW Digital
Advertising
Media Information
Contact us
menu1
Reprints & syndications
Contract publishing
Creative marketing solutions
button
button
button
Information Technology Risk Management « Back
Matt Atkins, June 2012
 
The way in which companies do business has changed immeasurably in the past decade, with the advent of mobile computing, social media and ‘the cloud’. Businesses now deal with customers, clients and employees on an entirely new level. At the same time, the prevalence of ‘hacking’, cyber crime, and state-sponsored industrial espionage has soared, as the same technology that streamlines business practices is exploited. Faced with increasing and ever-changing risk exposures, businesses must update their policies, programs and attitude to IT risk management.

The growing threat

Breaches of data security are now a common occurrence, with the media regularly carrying stories on high profile cases involving ‘hacktivists’, crime syndicates, state-sponsored hackers and even employees. Opportunities for large gains fuel the criminal element. Penetrating business networks offers a great way to draw attention to the causes of political activists. In the past year, attacks by the hacker groups Anonymous and LulzSec against government and corporate sites received worldwide attention.


But while attacks on larger organisations make the news, cyber threats to smaller firms across a broad range of industries occur daily and are equally damaging. All businesses are at risk and each organisation has at least one source of targeted data – be it bank account details, medical information or social security numbers.

But while the risks are widely reported, in some quarters of the corporate world, the message is not getting through. “The threat to corporate data in many respects is well-known to the public through the media’s reporting of data breaches involving personal information or denial of service attacks,” says Wayne Matus, a partner at Pillsbury Winthrop Shaw Pittman LLP. “Less known are the thefts of intellectual property by sovereign states and organised crime. Many companies are taking these threats seriously. Others are not.” Some organisations simply refuse to believe that they are targets for cyber attackers, but with the IT landscape shifting at a tremendous rate, they must alter this mindset and approach IT threats as the ‘new normal’.

To shy away from IT risk exposures is to invite the inevitable consequences of a security breach. And such disruption will likely originate from within the firm. Internal threats are a key concern. Data theft spiked in the years after the recession as rogue employees, anxious about their job security, relied on inside information to secure work with other firms. Sales of confidential data to organised groups also rose in this period. The ease with which staff members at some firms can obtain sensitive material leaves businesses open to such crimes. The majority of such data breaches were enacted via the employer’s email system, astonishingly, evading the awareness of IT security systems. “Outsiders want in and will target the weakest link in the security chain – the employee – with phishing attacks and other malware,” says Jamie Bouloux, an Underwriter and Network Security Product Leader at Chartis. “No matter how robust an IT system, once a cyber criminal gains a backdoor entry it becomes much harder to remove the threat as detection is a lot harder.”

When IT systems are compromised, the financial costs can be phenomenal, though they vary by the amount and type of data that is taken, and the industry of the affected company. On average the cost of a US data breach in 2011 was around $5.2m. However, the April 2011 hacking of Sony’s PlayStation Network cost the company more than $171m, with potential further costs to cover investigations, compensation, lost business and additional data security investments.

Financial losses are often not the only result of a security breach. If IT security is found wanting, a firm will inevitably suffer a blow to its reputation. While it is difficult to calculate the reputational damage a data breach could inflict, clients and consumers whose data is stolen will often shift their business to a rival firm. Breaches can lead to a dive in share prices as concerned investors seek to offload their stock. Shareholders may also be inclined to initiate class actions against the organisation.

In this respect, the growing use of social media and mobile devices within firms represents an additional reputational threat. While social media provides businesses a means of communication with interested communities, the risk of employees exposing confidential company or customer information cannot be ignored. The conduct of employees, broadcast on social networking sites, can also damage the public image of a firm. The threat to reputational risk cannot be emphasised enough. Companies that fail to salvage a damaged reputation risk going out of business or facing sale to a competitor.

Intellectual property

In addition to the financial and reputational risks involved, the loss of trade secrets is a major concern. Cases of theft involving intellectual property and commercial secrets are on the increase. While organisations have always dealt with such threats, the issue is becoming more critical in the digital age. The effect is loss of sales when competitors copy IP and compete on the same terms.

Commonly, such crimes are conducted when employees sell secrets for financial gain, or take data with them to a new employer. A recent high profile case involved Dow Agrosciences. In December 2011, Kexue Huang, a former researcher for the firm, was sentenced to an 87-month prison term for delivering trade secrets to individuals in China and Germany. This case also highlighted a further cause for concern – that of state-sponsored IP theft. Much of Dow’s data was found in the hands of universities with strong links to the Chinese government. Indeed, a 2011 intelligence report presented to US Congress named both Russia and China as engaged in stealing US corporate secrets. “We judge that the governments of China and Russia will remain aggressive and capable collectors of sensitive US economic information and technologies, particularly in cyberspace,” the report stated.
Prev | 1 | 2 | 3 | Next

Add Comment
No comments yet


Options
Subscribe Now
Products and Services
View basket (0) items
Article options
 Printable Version
 Research Assistant
 Add to Assistant
 Send to a Colleague
Also in this section
 • Managing corporate fraud and corruption
 • Chinese health and wellness market set to expand
 • EU launches banking reforms
 • Sony reorganisation gathers pace
 • US retail and consumer deals insight
About Us | Contact Us | Advertise | Careers | Privacy Policy | Terms & Conditions
© Copyright 2001-2014 Financier Worldwide Limited. All rights reserved.