Companies today have a multitude of risks to deal with, and each one requires its own measures of mitigation. However, certain risks remain top of the pile, according to a survey of operational risk practitioners across the globe.
The threat of data loss through cyber attack remains the top concern of those surveyed. Simon Campbell-Young, MD of Credence Security, says that data protection regulations such as GDPR and POPI are only adding to the pressure for risk and security teams to focus on this vital issue.
“Not only are regulations making data protection more important in the day-to-day operations of a business, they are providing hackers with a wider target base. Where banks and other financial institutions were the primary targets before, we are seeing an increase in attacks against other targets now that attackers know that these companies have to store all customer data in a specific way,” he says.
Campbell-Young says that while there are standard practices that most companies engage in, in order to protect their own and customer data, many forget that an active defence should also include penetration testing. Similarly, employing companies that specialise in threat detection goes a long way to ensuring a company stays safe.
“If an attacker gets into a company’s network, there’s the added risk that they can cause significant disruption, even if they don’t actually get to any data. Some hackers are merely malicious, not criminal. Their goal is to stop a business from being able to operate effectively; the prevalence of Distributed Denial of Service (DDoS) attacks shows that this risk is at least as big as the threat of data theft,” he adds.
In addition, an internal IT failure can cause just as much damage. “Whether a company’s systems go down because of an external attack, or just because of a technology failure, companies risk equal financial, reputational and regulatory consequences,” Campbell-Young says.
“This also applies to theft and fraud. Whether conducted by organised criminals or insiders, the consequences are the same. Last year, financial services companies alone lost $935 million to cyber-related data breaches and instances of fraud. In fact, over half those incidents involved fraud.”
He explains that all of these risks require specific ways to mitigate them, and that there are a number of tools that can assists security and risk teams in staying ahead of the threats. “A well thought-out policy is the first step to protecting assets, intellectual property, and information vulnerable to fraud. At its heart, the policy should manage the people that could access this information, as well as those that should.”
Insiders, he adds, are often the means through which hackers access a company’s data, and all too frequently this is because of ignorance rather than malicious activity. “Add to this the risk inherent in privileged accounts, and risky insiders can become the single biggest security concern for companies.”
This is why businesses are increasingly investing in Identity and Access management (IAM) and Privileged Account Management (PAM) solutions. “Companies must validate that all their staff really need access to critical assets and the conditions under which they require access. Logging and monitoring network activity is also something that network administrators should be doing to improve insider threat protection. There are a variety of tools available to baseline and monitor network activity, network data flow and user activity. Ultimately, keeping track of risks from inside as well as outside the organisation goes a long way to preventing the threat from becoming a reality,” Campbell-Young concludes.
- Motoring News | Diesel and Dust | Tumelo Maketekete | #Motoring | #ebizradio | #Podcast - October 15, 2021
- How is AI going to affect both Business and the Advertising landscapes? | #Marketing | #LunchtimeSeries | Kevin Britz | Craig Page-Lee | #ebizradio | #Podcast - October 15, 2021
- How do youth actually consume content? | #Entrepreneur | #WordOfMouth | Lindi Tshabangu | Khathutshelo Bapela | #Podcast | #ebizradio - October 14, 2021
- Since SA has have moved to level 1 lock-down, what effect is this having on the markets? | #Insights | #Trading | Zihad Israel | CMTrading | #ebizradio - October 14, 2021
- Behind the scenes with a Theater Producer | #BusinessBrunch | #Insight | Björn Salsone | Bernard Jay | #Pantomime | #Podcast #ebizradio - October 12, 2021
- Now is the time to make money in this market | #Insight | #Money | Daniel Kibel | CMTrading | #ebizradio - October 11, 2021
- How Trade Specialisation might make you a rich Forex trader | #Insights | Finance | Tope Ijibadejo | CMTrading | #ebizradio - October 8, 2021
- Who are and why are these South Africa’s brands ranked the most valuable? | #Marketing | #Insight | Kevin Britz | Craig Page-Lee - October 7, 2021
- Ubuntu is the spirit of wealth | Investing in YOUR people | #Insight | Nelisiwe Massabgo | #ebizradio - October 7, 2021
- THE NEW REASON TO GET UP FOR WORK IN THE MORNING – Becoming a future-fit employer in a Pandemic | #Business | #Insight | Sibongile Bobo Mngxali | Roche Diagnostics | #ebizradio - October 6, 2021