Cyberspace offers enormous benefits and opportunities through increased innovation, collaboration, productivity, competitiveness and customer engagement. But barely a day goes by without news of a new cyber threat, or major data breach, arising from ‘malspace’ – an online environment inhabited by hacker groups, criminal organizations and espionage units.
The big question posed to governments, enterprises and citizens is how can this growing cyber threat be counteracted without losing the enormous benefits of Internet-based trade, commerce and communication?
With Opportunities Come Risks
Cyberspace is constantly evolving and presenting new opportunities, as the desire of businesses to quickly adopt new technologies, such as using the Internet to open new channels and adopting cloud services, provides vast opportunity. But, it also brings unanticipated risks and inadvertent consequences that can have a potentially negative impact.
With cyberspace so critical to everything, from supply chain management to customer engagement, holding back adoption or disconnecting from cyberspace completely is simply not feasible. But the commercial, reputational and financial risks that go with cyberspace presence are real and growing each and every day.
If an organization’s senior executives don’t understand cyberspace they will either take on more risk than they would knowingly accept, or miss opportunities to further their strategic business objectives, such as increasing customer engagement or market leadership. These organizations are more likely to suffer embarrassing incidents, and when they do, they will suffer greater and longer-lasting impact.
Understanding cyber risks and rewards is also fundamental to trust. If organizations can’t maintain a trusted environment in which to communicate and interact with their customers, their business could suffer or even collapse. This is true whether it’s a customer engagement program using audio or video, or systems that support essential customer transactions such as banking, shopping or reservations.
Weighing Risk vs. Reward
Business leaders recognize the enormous benefits of cyberspace, yet many are having difficulty determining the risk versus the reward.
The benefits of cyberspace come with significant risks, and the threat of cyber-attack is firmly at the top of the board agenda. While organizations are exploiting the business benefits of cyberspace, they may not realize that cyberspace confers the same benefits to those who attack our organizations. Hacker groups, criminal organizations and espionage units worldwide have access to powerful, evolving capabilities, which they use to identify, target, and attack.
Many of the security activities associated with dealing with cyber crime attacks are based on fundamental information security incident management, and are covered in topics such as information security, incident management and forensic investigations. However, cyber crime often involves sophisticated, targeted attacks against an organization, and as such, additional security measures may be required to respond to specific cyber crime-related attacks.
Cybercrime-related intelligence relating to the development of attacks should be reviewed on a regular basis to determine:
- The extent to which the organization is at risk of a cyber crime-related attack (example: review of discovered code on the Internet or discussions in underground groups)
- How targeted information could be used by criminals (example: creating false passports, false accounts, credit cards or online scams)
- The techniques used by criminals to perform cyber crime-related attacks (to help detect them)
Cyber Security is Not Enough
Establishing cyber security alone is not enough. Today, risk management largely focuses on achieving security through the management and control of known risks. The rapid evolution of opportunities and risks in cyberspace is outpacing this approach and it no longer provides the required protection. Organizations must extend risk management to include risk resilience, in order to manage, respond and mitigate any damaging impacts of cyberspace activity.