Cyber Security Lessons from the Front Lines

In a world increasingly driven by digital technologies and information, cyber threat management is more than just a strategic imperative, it is a fundamental part of doing business. Yet for many organizations and executives, the concept of cyber security remains vague and complex. Although it might be on your strategic agenda, what does it really mean? And what can your organization do to shore up its defenses and protect itself from cyber threats?

Every Business is Vunerable
A common myth is that cyber attacks only happen to certain types of organizations, such as high-profile technology businesses. However, the cold, hard truth is that every organization has valuable data to lose. In fact, the attacks that happen most frequently are completely indiscriminate – using scripted, automated tools that identify and exploit whatever weaknesses they happen to find.

Cyber attacks can be extremely harmful. Tangible costs range from stolen funds and damaged systems to regulatory fines, legal damages, and financial compensation for injured parties. However, what might hurt even more are the intangible costs — such as loss of competitive advantage due to stolen intellectual property, loss of customer or business partner trust, loss of integrity due to compromised digital assets, and overall damage to an organization’s reputation and brand — all of which can send an organization’s share price plummeting, and in extreme cases can even drive a company out of business.

Retail, e-Commerce & on-line payments
As more and more businesses move or expand from bricks to clicks, criminals are following suit. Credit card data is the new currency for hackers and criminals, and retailers possess a lot of it. This makes the retail industry an almost irresistible target for cyber-attacks. Many e-commerce websites are also directly connected both to the internet and to a company’s back-end systems for data processing, making the website a prime attack point for gaining access to crucial information assets within the organization. Point-of-sale (POS) systems are an increasingly popular point of attack for acquiring transaction data, giving cyber-criminals immediate access to valuable information. Saving a customer’s credit card data in an internal database might seem like a good way to make the shopping process more convenient, but it creates an attractive target for cybercriminals.

Cyber Risk Recognition
Being resilient to cyber risks starts with awareness at the board, C-suite level, or upper management (depending on the size of the company); recognition that at some point your organization will be attacked. You need to understand the biggest threats and which assets are at greatest risk — the assets at the heart of your organization’s mission. Who could potentially target your organization, and for what reasons? Which assets are attackers likely to view as most valuable? What are the possible scenarios for attack, and what is the potential impact to your business? Questions such as these can help determine how advanced and persistent the cyber threats to your business are likely to be.

Key Characteristics of Cyber-Defense
To be effective and well balanced, a cyber defense must have three key characteristics: secure, vigilant, and resilient.

Secure: Being secure means focusing protection around the risk sensitive assets at the heart of your organization’s mission — the ones that both you and your adversaries are likely to agree are the most valuable.

Vigilant: Being vigilant means establishing threat awareness throughout the organization and developing the capacity to detect patterns of behavior that may indicate, or even predict, the compromise of critical assets.

Resilient: Being resilient means having the capacity to rapidly contain the damage and mobilize the diverse resources needed to minimize impact. This includes direct costs and business disruption, as well as reputation and brand damage.

Conclusion
Attacks can result in significant tangible costs ranging from stolen money and property to regulatory fines, legal damages and financial compensation. But those are just the tip of the iceberg. The really significant costs are the intangibles, particularly loss of competitive advantage, loss of customer trust, and damage to an organization’s reputation and brand. Intangibles such as these can have a major impact on an organization’s strategic market position and share price. The good news is that cyber threats are a manageable problem. As noted earlier, a well-balanced cyber defense needs to be secure, vigilant, and resilient. Although it is not possible for any organization to be 100 percent secure, by focusing on these three key attributes, it is entirely possible to manage and mitigate cyber threats in a way that reduces their impact and minimizes the potential for business disruption.

This article is an excerpt from Deloitte’s “Global Cyber Executive” briefing. For further information, the full article, or to subscribe to Deloitte Dutch Caribbean’s quarterly Risk Services newsletter, please contact Mario Flores – partner Enterprise Risk Services via marioflores deloitte. com or office: +5999-4333333 / mobile: +5999-6908600.