Cyber Risks Troubling Organisations

One of the most severe cyber risks that organisations continue to face are data breaches. A data breach is an incident where information is stolen or taken from a system without the knowledge or authorisation of the system’s owner.

What are some impacts of a data breach?

• Loss of sensitive, proprietary, or confidential information
• Damage to an organisation’s reputation
• Financial losses
• Customers loss of trust in the organisation

What are some common breach methods?

Insider Leaks

• A trusted individual or person of authority with access privileges stealing data from an organisation. E.g.  Some employees are willing to sell these data for personal profit

See story: http://www.businessinsider.sg/iphone-8-iphone-x-ios-11-leaks-inside-job-2017-9/?r=US&IR=T

Unintended Disclosure

• Sensitive data is exposed through mistakes or negligence, mostly by insiders. Eg. More than 50% of the security breaches are due to human error because of failure to follow the organisation’s policies

See story: https://www.insuretrust.com/employee-mistakes-a-big-source-of-data-breaches/

Payment Card Fraud

• Payment card information being stolen using physical skimming devices, phishing of personal information. Eg. Cyber thieves can use a stolen credit card to buy items online  

See story: https://pocketsense.com/causes-credit-card-fraud-5798165.html

Cyber Espionage

• Cyber espionage describes the stealing of confidential information stored in digital formats or on computers and IT networks. It is similar to a high tech form of spying

See story: https://medium.com/threat-intel/cyber-espionage-spying-409416c794ec

Why data breaches are a significant risk?

• Data breaches are no longer a binary proposition where an organisation either have or have not been breached
• They are wildly variable, from breaches compromising entire global networks of highly sensitive data to others having little to no impact
• According to the Ponemon Institute’s “2017 Cost of Data Breach Study: Global Overview,” the odds are as high as 1 in 4

Technology is meant to enhance and improve both business and consumer aspects of our era today. Unfortunately technology carry risks and open us up to vulnerabilities in the cyber world. To combat cyber attacks, a cyber security maturity framework is recommended. This is a set of standards and best practices from an industry, professional or international bodies which encompasses a logical structure for organisations to benchmark their current cyber capabilities.

A cyber security maturity framework is helpful for an organisation looking to strengthen their security, vigilance and resilience against cyber threats depending on their objectives and cyber-related risks.

There are a number of cyber security maturity frameworks available and while the approach may differ for each framework, organisations will be able to achieve its desired maturity level with any framework.