Newsletter | Volume 1

There are some global surveys on cyber threat and the defense of IT-Security with vital statistics to safeguard the company and ensure proper business continuity. In most more than half the respondents believe that a successful cyber-attack is likely in 2015 and phishing, malware, and zero-days are of primary concern.

Within the past three years, the cost of a business of each lost or stolen record, a data breach or business interruption has gone up dramatically. The average data breach in the USA is now $3.79 million, therefore all companies are now protecting themselves against cyber risks. The main difference is understanding what information is necessary to protect; is it IP, credit card transactions, or the automated systems and processes in the assembly line.

What is the real challenge IT risk managers face today
While the costs vary by industry, the intrusion or breach is not limited to any particular sector.
Most businesses, industries and trades are at risk from cyber attacks. However, the top three are financial institutions, retail, and healthcare. Assessing the potential severity and the adverse consequences are primarily on those companies that rely heavily on technology, logistics or computers.

Therefore besides financial institutions, retail, and healthcare, the next in line are manufacturing, energy, utilities and airlines. These were particularly vulnerable because they all depend on interconnected networks and suppliers talking to one another. Over 50 percent of supplier disruptions were caused by cyber issues last year.

Unite the cyber backup protection
Differing cyber risk exposures require the particular need to manage those IT-Security risks. Organizations should first perform a business impact analysis to determine what their business needs to protect, take steps to protect critical functions and data.

Most companies and IT departments think that they have a robust backup plan, however when the discontinuity and the cut off of data, or automated processes occur, they find that there were many gaps and holes ions the backup system, like rewritings on old files or only documenting changes.

Process can have a domino effect
Often the backup systems miss protecting the processes when focusing on the enormous quantities of data in need of protection. Sales, procurement, and payroll, are frequently automated. In these cases, it is not data that is important, it is the processes themselves that are even more vital. Therefore, the first significant step of the IT department is to focus on information security and to define and prioritize what they are protecting for the business processes.

Find indicators of compromise
It is vital to understand how cyber breaches and security fits into the larger picture of IT risk connectivity. Therefore, stakeholders can play out the various scenarios to increase the IT and data resiliency from a holistic standpoint. As businesses exposure to cyber, risks will continue to rise in the world gets more interconnected.

This aspect increases the IT and data complexity; companies need to address. To ensure that cyber risks are not dealt with in isolation, but as a part and parcel of the companies overall process and holistic risk management strategy, the involvement of different stakeholders to assess and monitor the exposures that the companies processes might have in a forthcoming breach.

One of the speeches at the 9th annual European GRC Summit on the 22-23td September at the World Trade Center in Stockholm is:

In the world of readily available cloud-based file sharing, the IT department's biggest challenge is to control the flow of information, documents and archives.

What are the typical GRC issues to address the cloud and big data challenges.
How can IT regain control of the information trail and deliver integration, confidentiality, integrity and availability of all documents at all times?

Owe Lie-Bjelland, CEO, Xait. Owe is a partner of Xait. He has technical background from the print, press and publishing industry. Owe helps companies optimize and revolutionize their reporting and document creation, co-authoring, automation, publishing and information management processes. Owe is an expert in enterprise content management, information governance, security, business process optimization, innovation, leadership, human resources and risk management.