Opinion: Why cyber security cannot be ignored

[Audrey McNeil <audrey () riskbasedsecurity com>]

http://business-reporter.co.uk/2015/01/27/opinion-cyber-security-cannot-ignored/

To understand why cyber security is important, we must firstly understand
what cyber security is. It isn’t restricted to just making sure your
website is good enough to withstand cyber attacks. It encompasses all your
supply chain, including your user experience of buying your service or
product.

Every single area where data is generated (including websites, registration
forms, buying pages, etc.), stored (CRM systems) and managed (servers and
cloud systems) can be accessed and attacked by hackers. Every email an
employee sends needs to be secure and every part of the business that needs
to be recorded digitally needs to be protected.

But why now? There are a number of factors why securing your business
processes is more important than ever. The price of technology is
decreasing, making IT a more global pursuit. Social media is more prevalent
– making it easier for hackers to get into an organisation’s business. And,
as children are growing up with technology all around them, it is literally
child’s play to understand how a computer and IT works.

So cyber security is growing in importance and the number of hackers is
increasing so much that President Obama in the last week urged Congress to
introduce legislation that would “increase information sharing… introduce
new penalties for cyber criminals… and streamline data breach notification
laws”.

This is of course a reaction to the recent hullabaloo about the North
Korean hack on Sony which resulted in a film, The Interview, being firstly
withdrawn, then eventually shown on VoD, where it attracted record
viewings. Maybe the reaction from Sony and then the US government is
strong, but nonetheless significant. Cyber security is here to stay. But
what does this mean for risk management?

IT is the heartbeat of every business. No business can survive in the 21st
Century without a fast, reliable computer system and/or network. Part of
the risk management protocol is to recognise and mitigate every risk in the
business. Recognising IT as a risk is the first step to a strong risk
management programme.

Ensuring every part of the user experience is not and cannot be compromised
by bugs, viruses and hackers, will lead to a competitive advantage. Your
customer may not be aware of it, but any company that is not on top of
their cyber security will learn the hard way – and they will not only be
attacked but lose customers.

So, managing your cyber risks and improving your cyber security are both
part of a successful risk management paradigm. And not being vulnerable to
cyber attacks will mean not losing customers, when your more vulnerable
competitors are – turning risk into reward.

_______________________________________________
Dataloss Mailing List (dataloss () datalossdb org)
Archived at http://seclists.org/dataloss/
Unsubscribe at http://lists.osvdb.org/mailman/listinfo/dataloss
For inquiries regarding use or licensing of data, e-mail
        sales () riskbasedsecurity com 

Supporters:

Risk Based Security (http://www.riskbasedsecurity.com/)
YourCISO is an affordable SaaS solution that provides a comprehensive information security program that ensures focus 
on the right security.  If you need security help or want to provide real risk reduction for your clients contact us!