Lately, we are used to seeing in the non-specialized press information about cybersecurity attacks and incidents: financial fraud, e-commerce sites that are not operational, personal or confidential data that is stolen or leaked and many others.
This happens because these incidents are no longer considered issues of only technological impact or exclusive problems of the Systems Departments, the impact is much greater as it affects all business areas of the organization.
A cyber-attack affects the entire business
Customers, users, citizens, operations, production, organizational and brand reputation, intellectual property, customer satisfaction, these and many more are affected. It could be said that everything affects directly or indirectly the economic income and the value of the business.
The way in which this type of cybersecurity incident will impact a business will depend a lot on the activity and market sector in which the organization is located: a financial institution will be more exposed to targeted attacks aimed at financial theft or fraud. A retail company may be an attractive target for fraud or denial-of-service attacks that put its transactional sites out of operation. A healthcare institution may suffer reputational damage or be exposed to regulatory sanctions if confidential patient data is leaked.
Being prepared ensures quick recovery: "Cyber-resilience".
In Security Advisor we propose the development of consulting activities that allow to establish how exposed an organization is to suffer a cybersecurity incident and determine what capabilities it has to cope with the incident, recover and continue operating. In short, to establish how "cyber-resilient" the organization is.
One of the functions of a CISO or cybersecurity manager within the organization is to achieve an adequate level of awareness of human resources, so that they understand the risks they are exposed to, the impact it can have on the organization and the best practices that will reduce the likelihood of an incident and minimize the impact in case it occurs.
It is essential that senior management understands the concepts of cybersecurity risk and its impact on the business. This awareness of senior management is what will enable the generation of initiatives and their corresponding budgets. In addition to integrating the cybersecurity component in the other initiatives of the organization.
A specialized team
Security Advisor's Consulting area has an offer of services oriented to the awareness of Boards of Directors and Senior Management that allow these instances of the administration to know the fundamental concepts of cybersecurity, threats and current cases and the possible impact on the business.
Taking into account the impact that a cybersecurity incident can have on the business, it is also important to include suppliers in the organization's cybersecurity strategy. A supplier can become a source of vulnerabilities or an attack vector for the organization, but also a security incident in a supplier can impact the business continuity of the organization.
In summary, taking into account the impact that a cybersecurity incident can have on the organization's business, in addition to focusing on specific cybersecurity technology issues (encryption or tokenization of sensitive data, authentication of transactions by multifactor mechanisms, etc.), it is essential that organizations put the right focus on their processes (proper definition of roles and profiles, segregation of duties, etc.) and on raising awareness of their human resources (awareness-raising activities for Boards and Senior Management).
About Security Advisor
It is a company specialized in Information Security. It is dedicated to providing support to the technological and business areas of the organization, assessing their cybersecurity status, and defining and implementing the best strategy in order to minimize the impact that a cybersecurity incident can generate in the business. Direct links:ConsultingVulnerability AnalysisSecurity Advisor
Author: Carlos Jaureche
Commercial Manager Security Advisor Chile
Connect