Published on February 10th, 2015 | by admin
Risk Management: Worry Less, Innovate More
As enterprises fight for a competitive advantage, they are constantly under different threats: from competitors, the market changes, or even the sometimes violent economic environment. They want to differentiate themselves from the competition or to increase productivity, while keeping innovation going to not only provide the most satisfaction to the needs of their customers, but also to generate value for their stakeholders. They are constantly seeking to expand the reach and quality of their capabilities, which, in turn, constantly re-transforms the processes or the resources at their disposal.
Today, organizations need a more holistic approach to risk management. They understand that communication flows are critical for survival and if those channels are compromised, the very life of the organization is endangered. Everybody in the enterprise must be part of its risk management portfolio and do their part in developing policies and best practices that are part of the overall program focused on developing their competitive advantages.
The least of a CEO’s worries should be that operations cease because of a security breach. However, cybersecurity risks remain, and will only increase in 2015, both in number and in capabilities to cause damage to intangible assets, which include intellectual property, trust, financial position, or competitive position.
In particular, we will see a dramatic increase in advanced persistent threats (APTs). These are advanced malware that might take the form of bots, botnets, and other tools that most of the time provide their senders with command-and-control capabilities over an enterprise’s digital assets. Their code is usually mutated to thwart traditional signature detection, while they exfiltrate data to remote servers. These threats are persistent, focused in long term intrusions, and intelligent: they can change their code to learn more about a network’s organization, find targets to exploit, and install additional backdoors in case the malware is discovered.
It’s also important to take into account that current approaches to cybersecurity include the latest generation in antivirus, firewalls, intrusion detection systems and intrusion prevention systems, as well as proxies and several other elements focused with the task of building a wall thick and tall for making it difficult for external threats to penetrate inside an enterprise.
However, the weakest link in the chain is human: an employee that uses his phone in a public/unsecured WiFi spot—or clicks on the wrong ad on a social network—opens the door to intrusions that, with the use of social engineering tactics, ensures he’s only one click away from unintentionally downloading a script that could potentially be hazardous to the entire company.
How can an enterprise find out it’s under attack? How does a CEO or CISO respond to his board of directors, or to her customers, when a breach has occurred despite implementing traditional and advanced cybersecurity solutions? How does he answer questions like, what did they steal? How did they do it? And, is it over?
There must be a better way to understand what’s happening. When communications are key for the life of an enterprise, there must be a way to watch the network to distinguish between legitimate communication flows, signs of a few packets that are constantly leaking to the outside, packets outlining blueprints of a new product set to launch, a new marketing campaign, or even a new patent in development. How much does Intellectual Property cost to the company? How much does its reputation with their customers cost?
The moment to act is now.
To learn more about adding communications insight to your network, visit: http://www.ss8.com/platform
Business Development Manager – CALA Sales
Barney, J. C., Delwyn (2007). Resource-Based Theory: Creating and Sustaining Competitive Advantage. United States of America, Oxford University Press.