Information Security Management
Cyber security: Why you can’t afford to ignore it
Cyber criminals are increasingly targeting private companies in hopes of easy access. The cost to a business can be high, ranging from financial loss to reputational damage. With heightened awareness, private companies can fight back.
Some of the benefits of a instituting a cyber security program is to safeguard the organisation against the following:
- Financial losses: Think of the monetary loss that an attack can bring your organisation due to downtime, loss of critical financial data or even customer apathy.
- Exposure to litigation: most of this happens when hackers use your platform (website) to launch an attack or even put in data that is incriminating leading to legal consequences.
- Intellectual property theft: when hackers target a system, what they mostly are targeting is proprietary information. Your organisation stands to lose if information regarding its innovations mostly from R &D gets into the wrong hands. Hackers can easily trick the system into sharing such data including updates. This can lead to the organisation losing valuable opportunities to showcase its innovations, not to mention the financial implications of “still-born” research.
- Brand/reputation compromised: with increasing competition, rival organizations are turning to mudslinging their competitors by attacking their information infrastructure. This can lead to misrepresentation of information pertaining to its products/services to their potential clients.
- Loss of shareholder value: this happens when it becomes apparent that a company under attack loses face due to leaking of shareholder information and other critical data. Most hackers would like to make public their exploits thus sending a negative message to the shareholders. This can damage any existing goodwill for the company
- Fraud: More are the times when a system that has been compromised has been used to commit fraud by misleading targets of the fraud. Cases of companies having their databases hacked and customer data compromised are on the increase. This is much more where credit card information is involved.
- Extortion: By compromising a system, a hacker can easily run an extortion racket without the knowledge of the target company.
As companies increasingly look to technology to gain a competitive advantage, they also need to be mindful of exposing the business to new information security risks. Enterprise mobility, social media, and cloud computing are among the top areas where private companies plan to invest their IT dollars over the next one to two years.*
As they pursue those investments, here are some security issues they should keep in mind:
When businesses talk about cloud security, they first need to define what type of cloud deployment they are dealing with — public, private, or hybrid. Many of the security risks you hear about pertain to the public cloud, in which a service (and its underlying hardware and software) are shared by multiple organizations or customers.
As the person concerned with security, you need skills to establish the following:
- Can the provider enforce the required security policies at its site?
- Is access control to the site adequately secured by the provider?
- Will your data be adequately segregated from that of other customers?
- Will the application and your company’s data be available whenever you need them?
Knowledge on how to go about the above issues will be largely gained from the training.
Given the free-flowing nature of social media, data leakage is a major security issue. Employees may post potentially sensitive information without realizing it. Phishing scams, whereby attackers try to elicit information from individuals, pose a significant threat as well. Company networks are also at risk because hackers can easily and quickly spread malware via social networks. Just one click on a post that appears to come from a friend and an employee might inadvertently launch a worm that infiltrates the network and puts sensitive information at risk. The best defenses? Employee education and awareness, combined with vigilant network monitoring. This training will equip and prepare you to tackle such issues effectively.
As companies begin allowing employees to use smartphones and tablets — whether purchased by the company or via the “Bring Your Own Device” (BYOD) model — they face the challenge of managing access, usage, and security policies across different devices. A new type of software tool that manages mobile devices can ease the burden and also help protect corporate data stored on those devices. If a phone or tablet is lost or stolen, the corporate data can be erased remotely and the device locked.
The training you will undertake in this case will address such emerging issues and thus insulate your organization against imminent loss of data or even work attack of your entire system.