Companies today have a multitude of risks to deal with, and each one requires its own measures of mitigation. However, certain risks remain top of the pile, according to a survey of operational risk practitioners across the globe.
The threat of data loss through cyber attack remains the top concern of those surveyed. Simon Campbell-Young, MD of Credence Security, says that data protection regulations such as GDPR and POPI are only adding to the pressure for risk and security teams to focus on this vital issue.
“Not only are regulations making data protection more important in the day-to-day operations of a business, they are providing hackers with a wider target base. Where banks and other financial institutions were the primary targets before, we are seeing an increase in attacks against other targets now that attackers know that these companies have to store all customer data in a specific way,” he says.
Campbell-Young says that while there are standard practices that most companies engage in, in order to protect their own and customer data, many forget that an active defence should also include penetration testing. Similarly, employing companies that specialise in threat detection goes a long way to ensuring a company stays safe.
“If an attacker gets into a company’s network, there’s the added risk that they can cause significant disruption, even if they don’t actually get to any data. Some hackers are merely malicious, not criminal. Their goal is to stop a business from being able to operate effectively; the prevalence of Distributed Denial of Service (DDoS) attacks shows that this risk is at least as big as the threat of data theft,” he adds.
In addition, an internal IT failure can cause just as much damage. “Whether a company’s systems go down because of an external attack, or just because of a technology failure, companies risk equal financial, reputational and regulatory consequences,” Campbell-Young says.
“This also applies to theft and fraud. Whether conducted by organised criminals or insiders, the consequences are the same. Last year, financial services companies alone lost $935 million to cyber-related data breaches and instances of fraud. In fact, over half those incidents involved fraud.”
He explains that all of these risks require specific ways to mitigate them, and that there are a number of tools that can assists security and risk teams in staying ahead of the threats. “A well thought-out policy is the first step to protecting assets, intellectual property, and information vulnerable to fraud. At its heart, the policy should manage the people that could access this information, as well as those that should.”
Insiders, he adds, are often the means through which hackers access a company’s data, and all too frequently this is because of ignorance rather than malicious activity. “Add to this the risk inherent in privileged accounts, and risky insiders can become the single biggest security concern for companies.”
This is why businesses are increasingly investing in Identity and Access management (IAM) and Privileged Account Management (PAM) solutions. “Companies must validate that all their staff really need access to critical assets and the conditions under which they require access. Logging and monitoring network activity is also something that network administrators should be doing to improve insider threat protection. There are a variety of tools available to baseline and monitor network activity, network data flow and user activity. Ultimately, keeping track of risks from inside as well as outside the organisation goes a long way to preventing the threat from becoming a reality,” Campbell-Young concludes.
- The Saturday Night Show – Tales from my stethoscope | Bruna Dessena |#AdvancedLifeSupportParamedic |#Podcst |#PayItForward - January 21, 2021
- Oops….you exposed yourself! What’s up with What’s App? |#LTM | Craig Page-Lee |#Marketing | Podcast |#ebizradio - January 21, 2021
- Why you need to be agile in 2021 |#LTC |#Coaching |Meenakshi Iyer | Northstar at Work |#Podcast |#ebizradio - January 20, 2021
- The art of virtual B2B selling in 2021 | #TalkDigitalZA |#AudreyNaidoo |#ShelleyWalters | The Sales Counsel |#Podcast | #ebizradio - January 20, 2021
- What is SELF EFFICACY? |#LTC |#kevinbritz |#Coaching | Liezl Mari Reid |#Podcast |#ebizradio - January 19, 2021
- The thinking behind the launch of print weekly DM168 |Mike Stopforth |#OneEyedManPodcast |Styli Charalambous | Daily Maverick |#ebizradio - January 18, 2021
- Love your problems |#LTL |#Leadership | Dawn Rowlands |#Dentsu |#KevinBritz |#ebizradio |#podcast - January 18, 2021
- WHY CORPORATES HAVE TO ADJUST NOW! |#LTC |#Kevinbritz | Mpume Ncube-Daka |#ebizradio |#Podcast - January 13, 2021
- WHAT OWNS YOU? |#LTC |#Coaching |#Kevinbritz | Angela Hardy |#Podcast |#ebizradio - January 12, 2021
- Rethinking organisational design and effectiveness through CEOship |#OneEyedMan |Rowan Belchers | Lockstep |#ebizradio |#Podcast |#Mikestopforth - January 11, 2021