Companies today have a multitude of risks to deal with, and each one requires its own measures of mitigation. However, certain risks remain top of the pile, according to a survey of operational risk practitioners across the globe.
The threat of data loss through cyber attack remains the top concern of those surveyed. Simon Campbell-Young, MD of Credence Security, says that data protection regulations such as GDPR and POPI are only adding to the pressure for risk and security teams to focus on this vital issue.
“Not only are regulations making data protection more important in the day-to-day operations of a business, they are providing hackers with a wider target base. Where banks and other financial institutions were the primary targets before, we are seeing an increase in attacks against other targets now that attackers know that these companies have to store all customer data in a specific way,” he says.
Campbell-Young says that while there are standard practices that most companies engage in, in order to protect their own and customer data, many forget that an active defence should also include penetration testing. Similarly, employing companies that specialise in threat detection goes a long way to ensuring a company stays safe.
“If an attacker gets into a company’s network, there’s the added risk that they can cause significant disruption, even if they don’t actually get to any data. Some hackers are merely malicious, not criminal. Their goal is to stop a business from being able to operate effectively; the prevalence of Distributed Denial of Service (DDoS) attacks shows that this risk is at least as big as the threat of data theft,” he adds.
In addition, an internal IT failure can cause just as much damage. “Whether a company’s systems go down because of an external attack, or just because of a technology failure, companies risk equal financial, reputational and regulatory consequences,” Campbell-Young says.
“This also applies to theft and fraud. Whether conducted by organised criminals or insiders, the consequences are the same. Last year, financial services companies alone lost $935 million to cyber-related data breaches and instances of fraud. In fact, over half those incidents involved fraud.”
He explains that all of these risks require specific ways to mitigate them, and that there are a number of tools that can assists security and risk teams in staying ahead of the threats. “A well thought-out policy is the first step to protecting assets, intellectual property, and information vulnerable to fraud. At its heart, the policy should manage the people that could access this information, as well as those that should.”
Insiders, he adds, are often the means through which hackers access a company’s data, and all too frequently this is because of ignorance rather than malicious activity. “Add to this the risk inherent in privileged accounts, and risky insiders can become the single biggest security concern for companies.”
This is why businesses are increasingly investing in Identity and Access management (IAM) and Privileged Account Management (PAM) solutions. “Companies must validate that all their staff really need access to critical assets and the conditions under which they require access. Logging and monitoring network activity is also something that network administrators should be doing to improve insider threat protection. There are a variety of tools available to baseline and monitor network activity, network data flow and user activity. Ultimately, keeping track of risks from inside as well as outside the organisation goes a long way to preventing the threat from becoming a reality,” Campbell-Young concludes.
- Why are consumers encouraged to save even in these tough times? | #Money |#Insight | #FSCAMyMoney | Lyndwill Clarke | #ebizradio | FSCA - July 23, 2021
- Beware of them COOKIES! | #LunchtimeMarketing | #LTM | Marketing | Kevin Britz | Craig Page-Lee | #Podcast | #ebizradio - July 22, 2021
- Jou reputasie maak saak! | #DieBesigheidsKombuis | Naomi Basson | Regine le Roux | Reputation Matters | #ebizradio | #Podcast - July 22, 2021
- Renewed focus on People | Human Resources | #Management | Candice Neumann | 21st Century | #ebizradio | #Trend - July 21, 2021
- Knowing your value and worth | #ChangeConversationsWithMpume | Busi Selesho | Mpume Ncube-Daka | #Insight | #ebizradio | #Podcast - July 21, 2021
- Managing your business reputation | #Insight | Regine le Roux | Reputation Matters | Ingrid von Stein | #Podcast | #ebizradio - July 21, 2021
- Soft Fascination whilst in a holding pattern | #Trends | Dion Chang | Flux Trends | #Podcast | #ebizradio - July 21, 2021
- Who can we trust with our planet? | #Opinion | Burt Rodrigues | BIODX | #Sustainability | #ebizradio - July 21, 2021
- The rise and rise of the all-in-one lifestyle app | #Technology | Arthur Goldstuck | Ingrid von Stein | Gadget.co.za | #Podcast - July 20, 2021
- It’s okay to not be okay | #OneEyedMan | Mike Stopforth | Bridget McNulty | Podcast | #Insight | #ebizradio - July 20, 2021