Proper risk management is essential to safeguard business against a multitude of threats, explained Howard Schmidt, former White House cyber security advisor, at the Information Systems Audit and Control Association conference.
Threats can come in many forms including fraud, internal threats, hackers, viruses, natural disasters, accidents, organised crime, human error, competitors and foreign government, he said.
"An insider threat is no longer just disgruntled employees. We are seeing outsiders gaining insider entry by means such as impersonation."
Schmidt demonstrated a new emerging business model that provides challenges for organisations today. For example, he said IT has gone from being insulated in business to being key to communicating with the outside world, and business processes are becoming more integrated with IT.
Schmidt believes we are now connected to everything and everybody, and although increased collaboration brings greater business rewards, it also poses greater business risks.
The key to mitigating these risks is good security and governance, he said. "We know we can`t stop bad things from happening, but we can make sure it impacts us for the shortest time possible."
Sources for new multitudes of often uncontrollable threats include the Internet, complex operating systems, new wireless services, high-speed connections that are always on and limited security in many day-to-day devices.
Related stories:
IT risk management becomes operational priority
Intelligent risk management
Risk management critical to South African businesses
Share