As IT and security continue to align closer with business goals, organizations can no longer ignore the impact the risks on their infrastructure affect their business. According to Deloitte’s Global Risk Management Survey, 67 per cent of organizations named cybersecurity as a risk that would increase the most in importance for their business over the next two years. Due to the everchanging threat landscape, combatting security risks is an ongoing process and organizations need to address and understand their security risks. There are several factors that can impact security risk management. Here are three risks factors you might not think about.
1. Employee data
Data is one of the most valuable resources for an organization so protecting it is key. While many organizations focus on protecting customer data (and rightly so), securing employee data is just as important. Corporate credentials can easily be found on the dark web and purchased by threat actors.
Threat actors that purchase these stolen credentials can use them to navigate the corporate network undetected. Once a threat actor is in your network, they potentially have access to all your data. This includes customer information, corporate projects, the organization’s chain of command, etc. With this information they can engage in several malicious activities such as installing malware, sending phishing emails, using social engineering tactics to target business partners or vendors, etc.
It’s important for organizations to recognize that compromised employee credentials can be a big security risk. Organizations need to treat their employees’ data with as much care as they do with their customers. Implementing employee cyber training and security solutions can help organizations protect employee data.
2. Technology adoption
There’s always a risk when it comes to early adoption of technology because you are not only the first to receive its benefits but its problems as well. Any improvements that are made, such as better integration, usability and/or security, come from the experiences of early adopters.
When it comes to using new technology, there’s always a chance that the product will not perform as promised or work within the existing environment. There is also the risk that organizations may sacrifice security in a haste to be the first to release or include the newest technologies. According to one survey, 34% of organizations admitted to bypassing security checks in order to bring products to the market faster.
On the other hand, refusing to adopt to new technologies can hinder an organization’s growth and affect security. As new technologies emerge, many companies start retiring older versions. Those who refuse to adopt end up using outdated technology that is not updated to defend against the latest threats or vulnerabilities.
When it comes to implementing technology, it’s important for businesses to partner with organizations they can trust. This includes ensuring partners/vendors/suppliers are compliant with the latest regulations and that they have clearly defined processes that indicate organizational maturity. Organizations should always do an assessment before they make a major change in their environment to ensure that the new technology will work for their business. For information on how Jolera can help your organization, contact us today.
3. Organizational culture
The behaviours, beliefs and values of an organization build the foundation that shapes an organization. However, the importance of culture is often overlooked despite it being important to the security and performance of an organization.
For example, a culture that prefers to do things as it’s always been done will be more hesitant to upgrade their systems or add better security controls. This makes it harder for employees to speak up about implementing better security changes. As a result, nothing will change until something catastrophic happens.
Organizations need to ensure their culture reflects their values. If an organization is committed to building relationships with their customers but are not implementing the best controls to help protect their data, there is a misalignment between their procedures and policies. Organizations should assess their culture and create an action plan to ensure that there is visible change top down.