Our increasing dependence on cyberspace has brought new risks; risks that threaten the data and systems on which we rely in ways that are becoming more and more difficult to detect or defend against.
The Information Security Forum’s Threat Horizon Report 2017 highlights nine areas that are the focus of growing cyber security threats, including connectivity speed, legacy technologies and complacency of users. The report also discusses the growing sophistication and collaboration of cyber criminal gangs, the dependence on critical infrastructure, the ability of malicious agents to exploit vulnerabilities, and the threat of social unrest by “tech rejectionists”.
Steve Durbin, managing director of the Information Security Forum, says, “Technology in my opinion has become something of a threat enabler. All of them potentially have opportunities for crime gangs to exploit”.
Mr. Durbin said he is “startled” by the number of organisations he talks to about data security obligations, and how many of them do not realise they are liable even if the data are stored in the Cloud, or if a third party with which they share information is breached, according to a news item in the Wall Street Journal.
“They still are responsible for this,” he said. “Regulators have levied fines on the original user, the holder of the data, and trying to understand that is hugely important.”
He also indicates that companies are overly reliant on cyber insurance as a way of mitigating their risks. He said that companies need to go into this “with their eyes open as to what’s being covered… Insurers are not really falling over themselves to pay out. Policies are written in the best interests of the insurer.”
He proposes that companies perform regular risk assessments to identify the weaknesses in their systems and processes, instead of blindly hoping that insurance will help them out.
He advises companies to look at risks from a cyber perspective “that will help an organisation identify where it is weak and provide the insurance company with much stronger client and reduce the amount of risk,” he said. “We are not seeing enough of that.”
vsRisk™ has been proven to save huge amounts of time, effort and expense when tackling cyber security risk assessments, and could provide a solution for organisations not sure about where to start with a risk assessment.