As organisations adapt to the evolving digital era, the number of entry points into their critical infrastructures rapidly increases.
If organisations fail to understand the risks they face, they leave themselves open to threats that could hamper their ability to operate.
IT Governance’s monthly list of data breaches and cyber attacks demonstrates just how many different types of risk there are to organisations’ data.
One example from the list is antivirus software company McAfee having its LinkedIn page hijacked. For any organisation, having your social media accounts taken over by a third party is embarrassing. But for an organisation whose existence is based on providing organisations and individuals with security software, it’s damaging.
Understand, mitigate and accept
Were the risks of having a LinkedIn page discussed at McAfee? It’s almost easy to say no, as LinkedIn does offer two-factor authentication – but perhaps the risk was discussed and just accepted as it was.
However, if McAfee had fully understood the risk and implemented the necessary mitigations, then it’s highly likely that this incident wouldn’t have happened.
An increasing scope
Organisations’ growing dependence on digital and online systems across all areas of operation certainly makes it difficult to understand all the risks that they face. But as organisations grow, their risk management processes should be able to grow with them.
The old-fashioned spreadsheet risk assessment can’t keep up with that type of growth and change. A risk manager needs a tool that can easily accommodate the many elements of a risk assessment: tracking assets, threats, vulnerabilities, controls, measuring the likelihood and impact of risks, and delivering reports and analysis.
The below infographic compares the capabilities of spreadsheets with our industry-leading risk management software, vsRisk™.