The No. 1 Reason Business Leaders Will Lose Sleep in 2016
Can Your Organization Survive a Cyber Attack in 2016?
After another year of high-profile hacks, the threat of attacks may be the No. 1 reason business leaders lose sleep in 2016. Though protecting company assets has always been a priority, there has never been as much talk about the threats to information assets as there’s been in the past year. Whether we work for a large enterprise or are a small business with just a few employees, we are all thinking about what could happen if we were victims of a cyber attack.
Major security events hitting Fortune 500 companies like Target and Home Depot will always grab media attention, but the greatest impact is felt by small and midsize businesses. These organizations are prime targets for hackers. In fact, 60 percent of small businesses fail within six months of a cyber attack, according to the U.S. House Small Business Subcommittee on Health and Technology. It’s more important than ever to think about creating a more robust security program for your organization—and to take action. Start thinking about information security as an integral part of your overall risk management strategy.
Introducing the Security Triad
Good information security practices can help you protect your information assets from cyber attacks and reduce the risks to your organization. The first step is understanding what assets are targets. Some small businesses and nonprofit organizations that I’ve spoken to have told me they don’t consider themselves targets of cyber criminals, because they have nothing or very little of value to lose.
But what would happen if a malicious party gained access to their data, such as their customers’ (or donors’) records? Or what would happen if they were unable to access that data, or if they were unable to operate at all for a period of time? Above all, these businesses and nonprofits may be missing the biggest truth, which applies to both the Fortune 500 and the “Fortune 5 Million”: The greatest impact on your bottom line may be your reputation and the loyalty of your customers.
That’s where the security triad comes in. A robust information security program is focused on protecting systems from loss of confidentiality, integrity and availability.
By loss of confidentiality, I’m referring to the disclosure of data to unauthorized individuals. Loss of integrity means data or an IT system has been modified or destroyed by an unauthorized entity. And in loss of availability, data and systems aren’t up and operational whenever they’re needed.
In the coming weeks, I’ll delve further into each of the parts of the security triad, as well as look at how increased concerns about regulation and compliance play a significant role in risk strategy.
What security issue is most pressing for your business? Tell us about it on Twitter: @TWCBusiness.