Risk Awareness as a response to the rising amount of cyber attacks

2018-01-22

In 2017 we witnessed how much cyber space influences our daily lives. Critical vulnerabilities along with large-scale ransomwares and their adversarial effects were visible in the news cycle. Unsurprisingly the rising risk of cyberattacks and data fraud to the business has been highlighted in the latest edition of the Global Risk Report.

Not only are attacks becoming commonplace but attackers are getting bolder, and the business is paying dearly for that. The World Economic Forum reports that the annual cost of responding to attacks has been estimated to £11.7 million per company, a year-on-year increase of 27.4%. In the next five years this cost is expected to be US$8 trillion! So what can one do about this?... greater Risk Awareness.

While the picture presented is grim and highly alarming, nothing is completely lost. As a response to cyber-attacks organisations are paying more and more attention to how to prevent the losses. More often than not, people will be the weakest link in the chain. As one article points out approximately 90% of the data breaches are caused by human error. In such cases, the best choice for each organisation is to ensure that its employees are properly trained and understand the risks. Hence, risk awareness has been continuously rising.

Business has been waking up to the realisation that apart from simply recognizing risks, it is increasingly important that a security-conscious working environment is established from the get-go. Essentially, it is no longer enough to simply tick off the risk analysis as completed. The organisation should strive to introduce a behavioural change, which as pointed out by Michele Wucker, can help employees “recognize the risk and take an effective action” about it (World Economic Forum, 2018). As a result, there has been an increase in security awareness programmes. Emphasis has been put on not only signing off on the introduced security policies, but understanding their need in the organisation. Training programmes where activities such as identifying clear roles and responsibilities, outlining the consequences of one click in a suspicious email, highlighting knowledge of security best practices as advertised by information security organisations like the SANS Institute for information security and cyber security training and Open Web Application Security Project have been continuously rolled out. However, it is very important to point out that such endeavours can only be successful if everyone in the company is committed to accomplishing a high level of security. Such a commitment, however, is achievable with the help of the upper management, once the board shows their dedication to cyber security, this will ultimately spread among the rest of the employees.

Gergana Ruskova
Tekniskt säljstöd Säkerhet


gergana.ruskova@atea.se

To focus on

Consequently, rather than falling into a panic mode regarding the distressing results from the Global Risk Report 2018, what each organisation should focus on are the simple steps – ensure that all employees are fully aware of the dangers that cyberspace poses and that even the smallest action can have serious implications for the business.

If a company manages to cover this threshold, it can undoubtedly increase the level of cyber security.