When companies make their lists of priorities, where do they put risk management for IT teams?
It usually depends on how much they know about IT risks and how catastrophic they can be. Here, we’ll look at three of the most serious incident types that have brought companies into the news, and not for the right reasons.
1. Improper Use of Data
Data collection is an inexorable part of both B2B and B2C tech. Functionalities that clients take for granted, from chat apps to GPS, require the app developer to collect information about a user’s location, social network, and more. If a developer isn’t scrupulous and exceedingly careful, some of that information can easily fall into the wrong hands.
Within the organization, BYOD policies and other such programs can be perks for employees, but often these initiatives are put in place without understanding the threat they pose to network security. Poor processes and the lack of visibility into why certain security measures are important can damage a company’s ability to secure its networks and prevent breaches. Clear communication between the IT department and the organization’s employees improves adherence to policies and better execution of security processes.
When consumers learn that a company has shared their information without their permission, bad press can hit quickly and do a lot of damage. If it turns out that the company promised not to share but shared anyway, the bad publicity can be devastating. Any protocol that can prevent illegal sharing is a wise investment. Additionally, unclear policies about using personal devices on an organization’s secure network can potentially result in security breaches and private data being leaked.
2. IoT Vulnerability
The Internet of Things, or IoT, is exploding in popularity. Commonly used consumer and medical devices are Internet-enabled, giving the average person an unprecedented level of connectivity. We can adjust our home heating before leaving work and send data from wearable heart monitors directly to our doctors. The side effect of this trend? The details of our everyday lives and most intimate habits are now vulnerable to capture.
IoT Attacks in the News
In Singapore, hackers accessed and copied personal and health data from 1.5 million SingHealth patients. For 160,000 of these individuals, outpatient medication was among the data taken.
A South Carolina mother had discovered her baby monitor had been hacked. She believed an unknown third party had been using it to watch her breastfeed her child. Research revealed that the P2P cloud, which backs up data from multiple devices, is easily infiltrated with a shared password.
In the UK, a university study showed that IoT technology could be abused by end users themselves to manipulate and control members of their families or households.
It’s much easier to prevent a fire than to clean up after one. IT teams at IoT companies must start introducing as many protections as possible, including:
- Built-in security as a part of the design process
- Multiple layers of protection against a single risk
- Better access control for users
- Regular monitoring and patching of security
- Clear communication to consumers regarding data streams and information use.
It may be impossible to keep IoT customers completely safe, but a comprehensive security plan can offer the maximum degree of protection.
3. System Failures
Not all business risks are malicious attacks. A business’s image can still go down the tubes if a critical piece of technology fails and interrupts crucial operations.
According to digital publisher TechRadar, outages cost businesses an average of $10.8 million per incident. And it happens more than you might think — so far, nearly half of all organizations have experienced a loss of market share due to technological failure. Four out of every five organizations experience at least one such failure in an average year.
Every IT security team needs to have sufficient plans in place so that if an outage does occur, you can get the system back online in a time frame that stakeholders will deem acceptable if not excellent.
The only way to do this is with comprehensive testing of all processes. End-user testing is a crucial part of any testing protocol since it’s the only way to evaluate integrated third-party services. The average website uses nine to 13 third-party services and if one of these goes down, the whole system can follow.
A testing protocol should be able to identify performance issues at the lowest level of data and any part of any transaction. By nipping small errors in the bud, you can keep them from becoming a caution to other teams.
Both IT failures and breaches can ruin a company’s reputation and cost millions of dollars, to say nothing of the legal ramifications. Controlling cyber risks is not optional or an extra – it’s the only way for a company to stay safe in today’s connected world.
Resolver helps the world’s leading IT departments mitigate cyber risks and prevent cyberattacks.