The Importance of Digital Risk Management
August 24, 2015 by University Alliance
http://www.villanovau.com
In early August, 2015, the Pentagon reported that an email system used by the Joint Chiefs of Staff had been hacked by an unknown aggressor. This hack joined the growing number of prominent organizations that experienced a security breach. The information lost posed a financial as well as a security risk. Verizon's 2015 Data Breach Investigations Report noted that the estimated financial losses directly resulting from these breaches have totaled approximately $400 million.
The risk of further breaches is expected to increase, particularly as organizations move more of their data to cloud-based storage. While some of the responsibility for data security rests with cloud storage providers, the Department of Homeland Security has begun to encourage awareness of cybersecurity threats for CEOs and small business owners. Knowledge of best practices is increasingly crucial for all individuals in an economy, not just for dedicated IT teams.
In Lloyd's recent 360 Risk Insight: Managing Digital Risk publication, the financial firm suggested that "digital risk needs to become a board-level concern." CEOs must acknowledge that an increasing reliance on technology, including future technologies that further increase interconnectedness, carries with it a growing risk that organized criminals may hack into servers and seek to exploit stolen data for financial gain.
Attacks are expected to grow in both frequency and sophistication. While organizations may employ talented security specialists and utilize software that takes data encryption seriously, organized hackers may still find access holes. The Internet's global reach allows hackers from distant regions to execute an attack. Security teams can develop complex defense mechanisms, but this complexity also increases the possibility that a weakness may be overlooked.
If organizations lack the capacity to properly research threats and implement effective security solutions, they are advised to seek the services of third-party cybersecurity products or management teams. The growing field of private cybersecurity response allows smaller organizations, or businesses without technical know-how, to outsource security management to dedicated specialists.
"There is a need for increased communication, co-operation and collaboration to tackle digital risk," according to Lloyd's report. From IT teams to executive-level managers, employees at all levels are encouraged to embrace open collaboration to facilitate up-to-date knowledge and minimize destructive impacts of even the most skilled hackers.
Many organizations have also begun to orchestrate a response at the structural level. According to Gartner's 2014 CEO and Senior Executive Survey, a third of large organizations are expected to utilize a senior digital risk officer (DRO) or equivalent position by 2017. DROs will interface with dedicated IT security teams to disseminate information on security procedures to organization employees and ensure that database protection is current and effective given known threats.
The Department of Homeland Security has noted that all organizations should expect to experience a cyber-attack. Even with strong security systems in place, open information sharing and dedicated technology officers should help organizations reduce attack frequency and minimize financial losses when attacks do occur. Organizations may not be able to prevent an attack entirely, but with a suitable response plan in place, they should be able to respond effectively.