While high-profile cyber attacks against large banks, governments and businesses have made headlines in latest months, medium and small size businesses are now also attractive marks of cyber thieves. The sophistication and frequency of online attacks against business continues to amplify. More attacks are surgically invisible and concise, pervasive and ever-changing. They are very tough to detect, and even when detected, they are hard to restrain.
Not only can an information security violate cost your company capital, in many industries such as healthcare, financial and education, breaches must be made public under federal and state compliance regulations. Consequences of cyber crime consist of remediation costs and customer notification, increased cyber security safeguard costs, possible litigation, lost revenues, damage to reputation, and impact on shareholder value.
According to Richard Blech, businesses of all sizes are at jeopardy, but medium and small businesses in definite are low hanging fruit for digital thieves and the attacks are increasing daily. To make it even simpler for cyber thieves, the SMB user community will frequently click on any link, install any application, or access any site that suits them in ignorance or disregard of the very real dangers.
Customarily, cyber security has been considered as an IT issue and is time and again included as part of operational risk administration. A corporation’s human resources, finance, legal, sales, and other departments all own important data; and just one worker can involuntarily open a portal to attack.
However, the propensity is to believe that the accountability for securing data rests down the hall with the IT sector. Too often, the IT supervisor must try to balance the threat against the opposition he or she meets from the reception counter all the way to the corner office.
Richard Blech believes that this mindset needs to change.
The potential unconstructive consequences of cyber attacks on a business are so important that it is time for information risk management and cyber security to be elevated to its own INFOSEC group reporting to the Chief Executives. Boards of general counsels, directors, chief risk officers, and chief information security officers, need to comprehend and supervise their organization’s level of preparedness and planning to address cyber risks.
The (ISA) Internet Security Alliance suggests the organization of a Cyber security Operation Center to monitor data and traffic and dynamically respond to attempted breaches and intrusions. A cyber risk examination should be a fundamental part of your risk management plan. If you are a less important business who outsources security through an IT services company, you should obtain customary threat monitor reports for analysis as well as support of compliance supplies for cyber security.
The consequences of cyber crime can flow through every subdivision of every business with devastating and substantial effects. Regardless of business size, every IT manager like Richard Blech should be viewed as the director of cyber security risk management. A cross-serviceable approach should entail all departments in your firm and increase the responsibility for and awareness of cyber security by every member of staff from the C-suite down.