Cyber security is, without a doubt, a hot issue. The recent allegations from both USA and Russia on vote manipulation is only the latest spike on the matter. At the same time, there is a lot of confusion on what cyber security really is, how does it work and how to mitigate its effects.
To illustrate the importance of this threat, the following site presents a visual perspective of cyber attacks around the world in real time. Click on the picture to access the real time website. Amaze yourself.
Visual Capitalist has published an infographic that sheds light on these issues. It is a very useful document for CEOs and CDOs in order to focus their attention on the aspects that really matter. The conclusions can be paramount for the operational future of responsible corporations.
First of all, the most harmful source of cyber attacks are not vicious rogue corporations launching Denial of Service attacks from the other side of the globe, but insiders. This concept doesn’t limit itself to employees, but also consultants and in-house contractors and business partners. The motives are clearly identified: Personal advantage (including financial gain) and professional revenge. The latter is a threat that can be specially difficult to control, because it may have a seemingly irrational root and may be hard to identify.
This is important because insider attacks are the number one source of financial loss (145.000 USD a year), losses that are almost as big as web-based attacks and phishing combined.
At the same time, the number of insider attacks is the lowest among all types both internal and external. Only 35% of all attacks are insider issues.
A corporation investing ever growing sums in trying to stop virus and malware can therefore probably misallocating its IT resources.
As a consequence, to minimize the impact and frequency of cyber attacks, the most important actions are preventive, and focused on six human-centric areas:
- Identify: What are the most sensitive data you possess. Which of them would give a competitor a competitive advantage if they had been stolen or compromised?
- Restrict: How can you avoid that those most sensitive data could be transferred, specially with unsophisticated devices like memory sticks?
- Monitor: How can we monitor irregular activities in the network to stop attacks before they propagate?
- Train: Most corporation have guidelines on Health and Safety. Some of them are imposed by regulation. CEOs should implement clear training guidelines across the organization on security and safe data handling
- Encrypt: Ensure that data identified as sensitive are encrypted before they leave the organization. Again, this is a matter of training and policy
- Extend: Communicate and implement Corporate policies together with business partners and other third parties
It is precisely this last bullet that should catch the attention of any CEO and CDO immediately. Non Disclosure Agreements (NDAs) legally protect the rights and responsibilities of both parties when disclosing sensitive data. Corporate Social Responsibility (CSR) policies are designed to avoid the violation of national laws on citizen rights. Corporations are used to secure that both NDSa and CSRs are followed along the entire value chain, from employees to suppliers and third party business partners. They do this because they know the legal and financial consequences of breaching those policies.
Cyber security agreements will probably become the next step in corporate responsibility, because the legal and financial consequences may be far bigger than we are used to believe. As an example, the acquisition by Verizon is being delayed and may be entirely withdrawn because of a poorly communicated large-scale security breach last December. This is causing significant losses to shareholders on both sides of the transaction.
As a consequence, corporations are posed to gradually experience the legal and financial imperative of including business partners in their cyber security objectives as a way to avoid legal and financial liabilities.
The good news are that this trend doesn’t necessarily have to lead to the burden of increased cost and complexity only. The need for internal standardization of these policies may lead to better cooperation between partners along value chains. Potential distrust and secrecy may open the door to faster identification of security issues and lower severity of their potential effects avoiding their propagation further down the value chain.
You can access the Visual Capitalist infographic here.
Interesting? Share it with your peers!