Information is an important tool for successful organization. Information protection is imperative irrespective of size of organization. It’s not just a business practice of having information security policy in business; however, protecting data and sensitive information is a key for business survival. Data protection has positive impact on business reputation and has increased customer trust, improved customer satisfaction, strengthened employee morale, thus resulting in positive impact on revenue. Some of the traditional and basic cyber security techniques which even a layman use nowadays are access control and password security, authentication of data, malware scanners, firewalls and anti-virus software. Any data loss may have an adverse impact on business. There are many compliance standards as well such as General Data Protection Regulation (“GDPR”), Payment Card Industry Data Security Standard (“PCI DSS”), Health Insurance Portability and Accountability Act (“HIPAA”) etc. that legally require company to maintain cyber security standards.
The global economy is severally affected due to COVID-19 pandemic. Social distancing and work from home facility has actually increased the usage of technology including the internet. The beauty of technology and cyber security is like an ogre. Increased usage of technology resulted in a spike in data breaches, malware infections, phishing and other cyberattacks despite of strong cyber security protocols. It’s not possible to keep track of latest threats 24*7, further, it’s not feasible to control external circumstances, however, it’s time to be more vigilant, hence key to success lies in increasing the frequency of testing the security controls and processes and updating it to combat against the latest and emerging threats.
In other words, businesses need to update standard processes and tooling for managing frauds, cyber and financial crime risk reflecting the changing environment. Cost is associated with everything one does. Managing the increased risk of cyber attacks may result in accretion in cost. However, businesses growth lies in minimising the cost impact and maximising the revenue, at the same time, data protection cannot be compromised, proper risk management is also vital. As an analyst, onus also lies in managing the increased cost. One may like to outsource some aspects of cyber security. One may like to assess whether to take cyber insurance or to spend excess cost to manage enhanced risk as there can never be 100% guarantee of risk mitigation ever in business. Benjamin Franklin in his book “The Way to Wealth” once said “An investment in knowledge pays the best interest”. One may also like to increase cyber security trainings internally within organization to spread awareness by sharing best working practices to protect business from cyber attacks as cost stemming from cyber attacks can be tremendous. Best approach is always the application of combination of best practices of risk management instead of following one single risk management practice.
It’s really high time to start looking at cyber risk differently. Business success lies in employing robust and agile cybersecurity capability that can adapt and evolve to keep pace with emerging cyber threats.
(This article is written for academic purpose & views expressed are personal. For any query/discussion, author can be reached via email [email protected] )