The challenge of risk management in a volatile security environment
April 2016 | EXPERT BRIEFING | RISK MANAGEMENT
From data to physical security, corporate risk management is changing daily. Market challenges require an agile, rapid business response to a wide range of security threats.
Whether your business is local, national or global, you must take action to identify risk and protect your brand reputation through a comprehensive business continuity plan.
In 2015, the number of electronic attacks on US enterprise and research institutions continued to rise. According to IBM, business continuity management (BCM) is critical to reducing exposure in ways that include, decreasing the likelihood of a data breach, shortening the identification of a breach event and respond more quickly and reducing the per capita costs of data loss.
Along with business brand exposure and liability, the cost of service loss continues to rise. A 2016 report from the Ponemon Institute estimates the average cost of a data centre outage due to cyber attack has risen to over $740,000, from approximately $500,000 in 2010.
Even the ability to conduct business comes into sharp question when the safety of national infrastructure is vulnerable. In late February, the White House alerted American energy, water and transportation interests that tactics used to take down the energy grid in the Ukraine earlier this year could be used against domestic US interests.
Preparation for cyber attack at the organisational, agency or business level is carried out through BCM and ongoing exercises to strengthen readiness.
Steps to undertake business continuity planning
Business continuity plans vary in complexity at the enterprise or small business level, but the drive toward preparedness looks similar.
Many businesses and agencies are unaware their network, or data, is exposed until notified by a third party. The longer the delay in identifying a systems compromise, the larger the potential business exposure in loss, liability and reputational damage companies face. Sophisticated nation state and other bad actors are often able to quietly intrude and exfiltrate data for months – or even a year – before exposed.
Some initial steps to protect your business interest should include: (i) committing to organisational preparedness at all levels; (ii) involving stakeholders throughout your organisation in the identification of risk; (iii) considering working with a qualified outside security vendor to help you evaluate and create a business continuity plan; (iv) taking needed steps to assess risk, identify threat and understand business impact; (v) investing budget in infrastructure safety, including hardware, software and training; and (vi) training, drilling and revising your readiness plan on an ongoing basis.
The National Institute of Standards and Technology (NIST) offers a more extensive, voluntary framework to help business and organisational interests better address risk management, deter attack and recover more quickly from breaches.
In early February, the White House announced the implementation of a Cybersecurity National Action Plan. The key features of the federal plan include: establishing the Commission on Enhancing National Cybersecurity – this bi-partisan committee is expected to make across-the-board recommendations to develop best practices and recommend technologies to strengthen economic and consumer cyber safety; (ii) funding and modernising legacy government IT and appointing a federal chief information security officer; (iii) creating partner opportunities between government and IT interests to enable better cyber protections and response; and (iv) major financial investment in federal cyber security.
While federal or large enterprise concerns make enticing targets for cyber attack, small businesses are frequently victimised due to weaker network security. Breaches of smaller, third party networks can compromise bigger players, resulting in a significant loss to the entire ecosystem.
The management of corporate and small business risk is complex. Put a continuity plan in place to give your company a framework of response in the event of cyber attack, or other incident. While you may not be able to prevent attack, proactive assessment can help you mitigate damage and possibly avert significant financial and legal liability.
Cheryl Tyler is the chief executive officer of CLT 3 Consulting. She can be contacted on +1 (240) 481 7756 or by email: firstname.lastname@example.org.
© Financier Worldwide
CLT 3 Consulting