A few years ago the BBC News website had a separate tab for ‘eBusiness’. This complimented its existing business news, but was seen by the journalists, readers and I assume the industry itself as a separate entity. They would report on developing businesses using the internet to sell items and services across the world. They would discuss new electronic payment systems, auction sites and this brave new way of doing business.
Then without warning, without any form of notice, this little tab in the BBC news website disappeared. It was a subtle but obvious change stating to the world that eBusiness was now actually just business ‘as normal’. By that time most companies were developing electronic sales and marketing channels and these plans would no longer stand separate to their existing strategies and were just new elements added in to compliment and support what had worked in the past.
Fast forward a few more years and the same can be said about social media. It was new, it was separate, it was not fully understood, but thanks to the passing of time and it’s increasing benefit to businesses now almost any marketing campaign will have a social media element to it – not separate – but as part of a multi faceted business approach.
Cyber is no different. It’s just new.
Because Cyber, as opposed to eBusiness or Social Media is actually a business risk, as opposed to a business benefit, it may not currently get the traction and attention within an organisation it deserves. It’s still quite ‘unknown’, but other business risks are very well known, in fact business risk, critical incident policies, business continuity planning has all been around for a long time – Cyber risks should be discussed, identified and then amalgamated into those existing plans.
In order to do this business leaders need to apply the same thinking and methodology they did to their eBusiness or Social Media strategies accordingly, which is ‘make the imaginary, real!’.
We all know that there existing physical risks within businesses, such as a risk to an employee’s life. Over the years methodologies and processes have been legislated for, adopted and enforced to mitigate these physical risks down to an acceptable level. Say for example you have a car production line, potentially a highly dangerous working environment, however over the years more and more safety equipment has been implemented to make it as safe as possible. If like me you have visited a production line you will always spot the great big red button that kills the power and stops everything in one foul swoop. No doubt this very sensible procedure came about after a suitable risk assessment was done. So all is well? Well not when you now add in a cyber element.
Theoretically if any physical system such as a production line is connected to a computer system that in turn is connected to the internet then it has the potential to be compromised and taken over by a fearless hacker. If this hacker could then override the safety measures that have been put in place then this in could lead to physical risk.
That means that all existing risk procedures, no matter how small, should be reviewed taking into consideration the increasing cyber threat.
The example of a production line being hacked may sound implausible at the moment, but then so did many other IT developments in the past. In my past I once worked within a large highly respected educational establishment and was shown a collection of meeting minutes from a decade before stating that they (at that time) could see no material benefit from ever adopting the internet into the school. Of course with the benefit of hindsight that historical decision can be laughed at, however I’m sure at that time the debate was as very serious, despite it’s incorrect conclusion. A similar debate needs to occur about cyber risk. It’s real, it’s happening, it’s not going away, in fact it will continue to grow as greater awareness develops and as more and more businesses suffer some form of loss.
One of the greatest risks is of course theft, in all its forms, intellectual property, customer lists, financial data and more. Most companies have strong polices in place for theft of physical company property and should be applying those polices equally to electronic data theft.
The human factor is also a much-neglected aspect of cyber security, in addition to the potential risk to individuals there is risk to the business. A huge percentage of cyber-attacks on businesses are made possible through what is termed human engineering; exploiting the individual to gain access to the castle. This is the modern equivalent to stealing the keys to filing cabinet!
As an organisation uses more and more social channels and electronic communications the risk of digital abuse and stalking grows both from within and from outside the organisation. Are your teams aware of the risks and trained to use these channels safely. Does HR know how to develop programmes to identify and mitigate this risk?
With existing risk policies in place, now is the time to add cyber into them and start having the open debate and discussion on what may happen, no matter how implausible it sounds at the time and how to prevent it.
There is an additional risk, that is on the increase due to cyber attacks that will more than likely not have been considered within an existing risk framework. That is reputational risk, the loss of your good name. If your business suffers a cyber attack and you lose customers credit card details, your reputation will be destroyed, who would want to buy from you if you cannot be trusted to safeguard such sensitive information? Sony Pictures has recently suffered a huge attack the effect of which has harshly dented their reputation. eBay has suffered, so has Apple. These businesses can use their size and their extensive resources to mitigate the reputational damage inflicted on them by a cyber attack – but can an SME? Can a school? Can a small business with a lucrative online business? That is something to very seriously consider.
During the eBusiness, or Social Media gold rush, there was an excitement that took hold with the prediction that sales and marketing channels could be extended exponentially almost overnight to globally hungry new audience. Cyber is the other side of that coin. It can exploit a risk and take down a business, be that physically, financially or reputationally equally as fast.
Now is the time to move cyber from it’s own little silo of technical discussion and bring it into the wider world of business risk – just like eBusiness, or is that now just ‘business’?
More articles in this series
- In Plane Sight
- Drinking From The Hydrant
- Critical Condition
- Human Resourcefulness
- The Week In Review : 28th July
- Support Staff
- The Week In Review : 21st July
- Paper Exercise
- The Week In Review : 7th July
- Where There’s Muck
- The Week In Review : 30th June
- Habit Forming
- The Week In Review : 23rd June
- Question Time
- Into The Breach
- Ransomware Attack on XP computers… another false economy!
- Don’t Cry
- How many Cyber Attacks does it take to change an attitude?
- Read All About It
- Self Assessment
- The Week In Review : 28th April
- Cards On The Table
- Housewives’ Choice
- Conversation Time
- The Week In Review : 7th April
- Nudge, Nudge
- The Week In Review : 31st March
- Comparatively Speaking
- The Week In Review : 24th March
- Course Correction
- The Week In Review : 17th March
- Weapon Of Choice
- The Week In Review : 10th March
- Back To Basics
- The Week In Review : 3rd March
- Perfect Timing
- The Week In Review : 24th February
- Back Doors
- The Week In Review : 17th February
- The Week In Review : 10th February
- Third Time (Un)Lucky
- The Week In Review : 3rd February
- Inside Job
- Building Blocks
- The Week In Review : 20th January
- For Your Own Protection
- The Week In Review : 13th January
- The Week In Review : 6th January
- The Cold War (Rebooted)
- Happy Xmas (War Isn’t Over)
- Change Ahead
- I Know You Are Busy, But…
- The Return Of The Thing
- The Most Wonderful Time Of The Year
- Reply To All
- Every Little Helps
- Oldest Trick In The Book
- Fighting Fatigue
- Expert Opinion
- The Mousetrap
- Lessons Learned
- The Week In Review : 23rd September
- Crisis Talks
- The Week In Review : 16th September
- The Blame Game
- The Week In Review : 9th September
- Real Time
- The Week In Review : 2nd September
- Critical Condition
- The Week In Review : 26th August
- Badge Of Honour
- The Week In Review : 19th August
- The Interview
- The Week In Review : 12th August
- At Your Service
- The Moral Compass
- The Week In Review 29th July
- Trust Issues
- The Week In Review 22nd July
- Uncommon Sense
- The Week In Review 15th July
- Shake Up The World
- The Week In Review 8th July
- A Brush With The Law
- The Week In Review 1st July
- Tools of the Trade
- The Week In Review 24th June
- This Time…It’s Personal
- The Week In Review 17th June
- Cloud Cover
- The Week In Review 10th June
- Identity Crisis
- The Week In Review 3rd June
- Testing Times
- The Week In Review 27th May
- The Final Countdown
- The Week In Review 20th May
- What’s My Motivation?
- The Week In Review 13th May
- Dirty Little Secrets
- The Week In Review 6th May
- Regrets, I’ve Had A Few
- The Week In Review 29th April
- Damage Limitaion
- The Week In Review 22nd April
- The Week In Review 15th April
- The Week In Review 8th April
- Paper Wait
- The Week In Review 1st April
- Do The Hustle
- The Week In Review 24th March
- The Road Ahead
- The Week In Review 18th March
- Watching The Watchers
- The Week In Review 11th March
- The Week In Review 4th March
- Loose Lips Sink Ships
- The Week In Review 26th February
- The Core Issue
- The Week In Review 19th February
- Who You Gonna Call?
- The Week In Review 12th February
- Should We Stay Or Should We Go?
- The Week In Review 5th February
- The Long Game
- The Week In Review 29th January 2016
- One Step, Two Step…
- Don’t lose your way in the Clouds
- The Week In Review 22nd January 2016