Successfully managing cyber risk
Given the fast-growing needs and adoption of technology and digitisation, it is a given that cyber risk is the top risk any company faces today. This is also validated by Allianz Risk Barometer where they have identified cyber risk to be one of the top three risks affecting businesses. And it is no surprise that they anticipate cyber risk to be the top most risk businesses face in the future.
In addition to this, business interruption and market developments such as volatility, intensified competition, market stagnation, as well as natural catastrophes, political risks, change in legislation and regulation are some of the other top risks challenging businesses.
However, for me cyber risk remains the top threat without a doubt, says Paresh Makwana, VP Business Development at Arcon Techsolutions, an exhibitor at the ITWeb Security Summit 2016, to be held at Vodaworld from 16 to 20 May. "The impact of these risks could be a severe loss of reputation, brand value and financial losses that can be hundreds of billions of dollars."
Moreover, he says many of these are risks that happen on a daily basis, we are just not aware of them. "Even as we speak, there must be hundreds of thousands of hackers trying to hack into an organisation's systems."
This is where risk management comes in, explains Makwana. "Organisations still spend billions of dollars on external security such as firewall or intrusion detection systems, or antivirus, which are still necessary tools. However, employees with access to your organisation's critical assets (privileged users basically) are still left unchecked and powerful more than needed."
Security begins at home
He cites the old maxim charity begins at home. "Same goes for security - it begins at home. From a cyber-risk perspective, businesses are still focused on securing their perimeter when they should actually be protecting their systems from within. "Even an external hacker would try to get hold of an inside gateway in order to be able to hack, they look for the most authorised privileged user. If the internal security layer is not implemented effectively, then the entire organisation is at risk."
Secure your internal resources first, then focus on the perimeter. Another technical blind spot is that employees are still encouraged to manually change passwords on a regular basis. This is troublesome, ineffective and highly risky. An automatic password rotation program should be put in place instead."
Risk control solutions
Speaking of how risk control solutions work, Makwana says they start off by identifying potential risk factors and characterising threats. "The second step is to assess the vulnerability of critical infrastructure and assets to the potential threats. Following this, in the third step, they determine the likelihood and consequence of the attack on the assets."
Once these have been identified, the solutions find ways and devise strategies to reduce these risks by implementing appropriate solutions and finally they prioritise risk reduction measures, he concludes.