Risk Management Assignment

In 2020, modern day companies are having to adjust to rapidly changing technology, interconnectivity between customers and tech + the sophistication of today’s cyber-attacks in the private and public sector. As technology improves, so does the avenues of attack that cyber criminals and perhaps state sponsored hackers have to penetrate IT systems and cause financial + operational damage. Its scary to say but anyone with a laptop, a Wi-Fi connection, and the technical know how could launch such attacks from anywhere on the planet. The risk of cyber attacks has been present ever since the creation of the world wide web and when civilians began to store data on the internet; but they were not considered as high risk as they do now due to the availability and ease to which these attacks carried out. This new/increased risk has never been more important than it is now to focus on because of how interconnected today’s society is. Social media, company data systems, email, electronic/web-based control systems are examples of sensitive information areas that are commonplace now. Just about everything we do or save is being stored somewhere on the web or on a server connected to the internet. A hacker with malicious intent, the right target, and toolset could launch a cyber attack that could cost a company or perhaps an employee of a company personally irreparable damage. We never have had as much to lose to cyber attacks as we do now.

When it comes to cyber security risks, companies have a high standard to meet and unfortunate for us, it is a constantly ever evolving threat. While the risks are numerous and require vigilance from all sides of the company chain of command; I will list a few that I discovered during my research. Per an article from Forbes titled “10 Data Security Risks that could impact your Company in 2020” the following risks and preventive measures must be monitored and implemented: Accidental sharing – when a company’s employees accidently share, misplace, or mishandle sensitive data. This data could then make its way outside of company control and into the public eye or perhaps someone who could use it for financial gain. This accounts for high percentage of security incidents at companies. Training and control measures for sensitive information should take place to ensure all employees know their responsibility when it comes to this risk. Overworked Cybersecurity teams – per the article more than two-thirds of cybersecurity professionals have considered quitting their jobs/leaving the industry. I witnessed this firsthand at my previous employer, IT employees are often on call at all times even off shift, are constantly putting out fires (resolving issues) left and right and are expected to still look out for the long-term IT management of the company. IT departments need to be properly resourced and cared for. The IT Director/Manager is a critical asset to the company, losing such an employee can have grave consequences due to how long it takes to fully get a replacement up to speed on all of the nooks and crannies of a company’s IT systems. It should not take a serious cyber-attack/incident for a company to realize this is a department that should not be taken any less seriously then perhaps its sales force. The last risk I will list is ransomware – these types of attacks are usually initiated when someone opens a file/program from an email or some sort of download from an unauthorized source. This program then may take control of the user’s computer or IT system and demand that a financial payment (ransom) is paid for release of that control on the system. These types of attacks are launched often with impunity on small to midsize businesses because they do not have the budget for high end IT defense and staffing. These types of attacks can be very expensive and just because you paid them once does not mean it will not happen again. Vigilance and IT training across all levels of the company need to take place to fight back against ransomware. It only takes one employee opening an email attachment or download for this to take place.

I would say that the ever-evolving cyber threat is something that we all must live with in the modern-day workforce. Instead of allowing it to cause us to be uncomfortable, unwilling, or uninterested to work in certain industry sectors; we should all exercise our part in cyber defense. While the skill level of people using computers and IT will vary, we should all learn at least the basic measures in which to protect ourselves. Recognizing phishing/scam emails, proper file handling, having strong computer passwords and not sharing that information are just some of the easy steps we can take. But like all change, it must first start with a company culture of cyber security.

Resources

Council, Young Entrepreneur. “Council Post: 10 Data Security Risks That Could Impact Your Company In 2020.” Forbes, Forbes Magazine, 1 Oct. 2019, www.forbes.com/sites/theyec/2019/10/01/10-data-security-risks-that-could-impact-your-company-in-2020/?sh=21baa8eaa0c0.

Guardian Computer. “Top 10 Computer Security Threats to Business IT in 2020.” Guardian Computer, Guardian Computer Https://Www.gcit.net/Wp-Content/Uploads/2018/03/GC-Logotransparent-300×127.Png, 20 July 2020, www.gcit.net/blog/computer-security-threats-business-it.