A key strategic challenge which is being faced by the leaders across the nations, irrespective of the sectors or industries in which they operate, and one which needs to be surmounted for taking advantage of the vast technological advancements in the networked technology relates to countering of the cyber risks. In the recent times, the understanding of how a secure and resilient digital network can be built has significantly been expanded. Though, the pace of the ones making misuse of the technology and the ones who pose a threat to the cyber security of an entity is rising at a faster pace. This has resulted in the technological risks being topping the charts and the innovations proving slow in dealing with them effectively (World Economic Forum, 2017).
The board of any company has the duty to identify and mitigate the risks which the company faces and the cyber risk is no exception to this. Hence, the boards of the companies have to take the required steps towards countering the cyber risks (Willson and Dalziel, 2015). And the very purpose of presenting this report is to educate the board on the issues surrounding cyber security and the manner in which the cyber security and resilience protocols can be integrated in the company for ensuring the survival of the company and improving upon the business performance. Some recommendations have been also drawn in this report regarding the manner in which the company can initiate the cyber resilience policy.
Cyber security, in the simplest of terms, refers to the computer systems being protected from any and all kinds of damage or theft of information, software or hardware, apart from the misdirection or disruption of the services which are provided through them. Cyber security includes protection against the harm to the computer systems which can be done through accessing network, and through data or code injections, and also by controlling physical access to the hardware. By using different methods, the security of the company is tricked and made to defer from its secure procedures (Singer and Friedman, 2014). As per Forbes, for 2015, the global cyber security marked reached the value of $75 billion and the projected value for the same for 2020 is $170 billion (Tech Target, 2017). This high value of funds being utilized for a particular purpose highlight the significance which this issue holds.
Cyber security is of utmost importance to all the entities, particularly the businesses as a cyber security breach could cost millions for the business. The data of the company can be misused or can be constantly monitored without the company even knowing it, which in the long run, could prove devastating for the company (Kostopoulos, 2012) The funds of the company could be misused, along with the own personnel of the company being locked out of the system, thus, stopping the entire business of the company. The vulnerabilities and attacks could take form of tampering, phishing, privilege escalation, click jacking, direct-access attacks, denial of service attacks, eavesdropping and spoofing. Thus, it is crucial that the company take the requisite steps towards cyber security (Graham, Olson and Howard, 2016).
It is important that the company integrates its cyber security and resilience protocols as they are of utmost importance for the survival of the company and for improving the performance of the business of the company. As a result the cyber attacks, serious financial damages have been caused in the past and the projections of the future show $2 Trillion for 2019 (Morgan, 2016). There is no standard model, by the use of which the costs of such incidents could be estimated. Thus, the data which has been made public by the companies can only be taken as an example of this. In 2003, the estimated losses through worm and virus attacks contributed to $13 billion and from all the cover attacks together, the value stood at $226 billion (Cashell et al, 2004). This figure is of 2003 when the technology was not as advanced as the present day. And this raises the concern for the companies and makes it obligatory for them to take steps for dealing with such issues at the earliest and on the basis of the best practices.
Such attacks not only impact the performance of the businesses, but also threaten their survival. The Office of Personnel Management, back in April 2015 discovered that it had been hacked a year earlier, which resulted in a theft of personnel records of around 21.5 million which were handled by the office (Eng, 2015). This was described as amongst the biggest breaches of the government data in the US history. This data include the information through which a person could be identified, and included their names, place and date of birth, address, fingerprints and even their social security numbers (Waddell and Volz, 2015).
In July 2015, “The Impact Team”, which was a hacker group, breached the website Ashley Madison which was an extramarital relationship website. The group not only stole the data of the company but also of its users. They even threatened to dump the entire customer data online unless their demand regarding the website being taken down permanently was met with (Lamont, 2016). The data of the customers was more important in this case due to the same containing their profiles where even their sexual fantasies were mentioned (Hern, 2016). As the demands of the group were not met, they dumped the data of the company, which led to the CEO of the company resigning. Even though the website remains to be functional, its existence was threatened. Also, the performance of the business has been hit due to leak of customer data and a threat of the same occurring again (Thielman, 2015).
Security can be stated as a moving target in the digital age and with each passing day, the cyber criminal are getting more advanced. For protecting the data of the company, as far as possible, it is important that the employees are educated and told to make the cyber security a top priority. There is a need for staying on top of the latest trends of the attacks and also adopting the newest prevention techniques, as the business of the company is dependent upon it (Segal, 2017). The gaining interest in the area of cyber security has led to a lot of publications and writings on what can be deemed as the best practise for the companies. Some of the best practices which ne adopted by the companies have been summarized below.
The firewalls in any computer system are its very first line of defence. It is always preferable for the companies to set up their firewalls, so that it could act as a barrier between the data of the company and the cyber criminals. Apart from the standard external firewalls, the companies need to install internal firewalls so that it acts as an additional protection measure. Another important step in this regard is for the employees who work from home, need to have firewalls installed on their home network as well. This would prevent the cybercriminals from using the employees working from home as a channel to attack the data of the company (Phillips and Sianjina, 2013).
It is crucial that the protocols regarding the cyber security are adequately documented. Where a plan for protection of data is not realized fully, the safety precautions can slips easily through the cracks. This makes it crucial for the companies to have a proper cyber security policy. Cyber security policies not just save the data, but also money and the valuable employee resources. The actions which are undertaken by the employees, both externally and internally, impact the sustainability of the business. And the actions of a single individual could result in the data of the company being compromised, which could include the financial data, as well as, its intellectual property. Often, the business associations come up with detailed toolkits which can help in determining, as well as, documenting the cyber security policies (Bayuk, Healey and Rohmeyer, 2012).
In the fast growing digital age, the devices have transformed and from simple computers and mobiles, they have taken forms of wearables, which include wrist watches and even digital glasses. “Bring Your Own Device” or BYOD is permissible by majority companies and with these devices the threat to the security of the company is increased. The smart watches or the fitness trackers have wireless capacity in them, which makes it important to include the BYOD in the cyber security policy of the company. Hence, the employees should be made to update the security of their device and also require the password policy to be applied on the mobile devices which access the network of the company (Moore, 2016).
It is crucial that the employees are properly trained regarding the manner in which they access the network and regarding the network security policies of the company (LeClair, 2013). The cyber security policies of the company are becoming savvier due to the growth of cybercriminals, it is important that not only the protocols are updated regularly, but also that the new protocols are explained to the employees. The employees could also be made liable by making to sign a document whereby they agree to be informed about the policies and to take the requisite actions in case they fail to follow the security measures (Segal, 2017).
Even though changing passwords is amongst the least preferred work for the employees, it is important that the same is done at regular intervals. The Data Breach Investigations report by Verizon for 2016 showed that 63% of the breaches in the data took place due to the passwords being weak, lost or stolen. In the world of BOYDs it is crucial that the devices which access the network of the company are password protected. So, the employees should be educated not only to change their passwords in the interval of 60-90 days but also to use passwords with numbers, symbols and upper and lower cases letters (Segal, 2017).
Even after deploying a lot of resources, there are still chances of an attack happening. Hence, it is always recommended to back up the documents, spreadsheets, financial files, databases, human resource files and the files related to accounts payables/ receivables. These backups have to be on the cloud and backed up at different locations to avoid data loss owing to force majeure clauses. This could not only help in recovering the lost data but also in pulling the plug during a cyber attack as the data would be secure at another place (Donovan, 2017).
It is a common knowledge that the phishing emails are not to be opened by the employees. Yet the Data Breach Investigations report by Verizon for 2016 showed that 30% of the employees open the phishing emails and this percentage was higher by 7% in comparison to 2015. Through phishing attacks, malwares are installed in the computer of the employee, upon being clicked, it is important for anti-malware softwares to be installed on all the networks and devices (Segal, 2017).
Despite of the numerous protections and preparations undertaken by the companies, the employees are most likely to make a security mistake which has the possibility of the data of the company being compromised. Due to these factors, the company needs to adopt a multifactor identification setting on the majority of its key networks and on email products, which acts as an extra layer of protection (Segal, 2017).
Recommendation 1
Cyber security and resilience policies can take different forms, where at times it can be stated in a single sheet, and at other instances, 50 page document is required to cover every aspect and for keeping the threat of network security away. Ideally, the cyber security policy of the company needs to be properly documented, reviewed and also to be maintained on regular basis (Zamora, 2016).
Recommendation 2
It is important that before drawing up any policy in this regard, the cyber security regulations which have been presented by the commonwealth government or by the industry are taken into consideration as these often prove to be a helpful roadmap in the development of cyber security plans. It is important that the policy confirms with the law and is not against it in any form (Zamora, 2016).
Recommendation 3
A cyber security policy would be considered as well thought out only when it is in such system which could guard the important information of the company against the cyber attacks. The Information Technology infrastructure of the company has an important role to play in it. This infrastructure is the strength of the company upon which is affixed the responsibility for the protection of the data of the company (Zamora, 2016).
Recommendation 4
A cyber security policy can still be drawn with ease, but what is more important is for the company to explain this policy to its employees and also to educate them about the acceptable use conditions. This is important to ameliorate the damages and also to limit the potential for attacks. Instead of banning the social media on the company platforms, there is a need to detect the social engineering tacts and to regulate the social media use (Zamora, 2016).
Recommendation 5
It is recommended that the cyber security policy of the company contains all the features stated here, along with incorporating the best practices covered under the previous section, for being an effective cyber resilience policy.
Conclusion
On the basis of the discussion carried in the preceding parts, it becomes very clear that cyber security holds significance for the companies to continue their business and also to improve its performance. This is the digital era, where everything is interconnected and this connectivity has raised the treats of cyber attacks, which puts the company in a helpless situation. Cyber attacks have the capacity of running the company as they steal not only the information of the company, but of its customers also, along with impairing the company financially. It is important that the companies adopt a proper cyber resilience policy and in this regard, the recommendations drawn in the previous segment prove to be help. Through the case study of Ashley Madison and Office of Personnel Management, the magnitude of cyber attacks and the problems associated with it were highlighted. This further makes it important for the company to adopt the best practices and the recommendations drawn in this report to create a comprehensive cyber resilience policy.
References
Bayuk, J.L., Healey, J., and Rohmeyer, P. (2012) Cyber Security Policy Guidebook. Hoboken, New Jersey: John Wiley & Sons.
Cashell, B., Jackson, W.D., Jickling, M., and Webel, B. (2004) The Economic Impact of Cyber-Attacks. [Online] Federation of American Scientists. Available from: https://fas.org/sgp/crs/misc/RL32331.pdf [Accessed on: 01/09/17]
Donovan, K. (2017) 10 Best Practices for Cyber Security in 2017. [Online] Observe It. Available from: https://www.observeit.com/blog/10-best-practices-cyber-security-2017/ [Accessed on: 01/09/17]
Eng, J. (2015) OPM Hack: Government Finally Starts Notifying 21.5 Million Victims. [Online] NBC News. Available from: https://www.nbcnews.com/tech/security/opm-hack-government-finally-starts-notifying-21-5-million-victims-n437126 [Accessed on: 01/09/17]
Graham, J., Olson, R., and Howard, R. (2016) Cyber Security Essentials. London: CRC Press.
Hern, A. (2015) Infidelity site Ashley Madison hacked as attackers demand total shutdown. [Online] The Guardian. Available from: https://www.theguardian.com/technology/2015/jul/20/ashley-madison-hacked-cheating-site-total-shutdown [Accessed on: 01/09/17]
Kostopoulos, G. (2012) Cyberspace and Cybersecurity. London: CRC Press.
Lamont, T. (2016) Life after the Ashley Madison affair. [Online] The Guardian. Available from: https://www.theguardian.com/technology/2016/feb/28/what-happened-after-ashley-madison-was-hacked [Accessed on: 01/09/17]
LeClair, J. (2013) Protecting Our Future, Volume 1: Educating a Cybersecurity Workforce. New York: Hudson Whitman/ Excelsior College Press.
Moore, M. (2016) Cybersecurity Breaches and Issues Surrounding Online Threat Protection. Hershey, PA: IGI Global.
Morgan, S. (2016) Cyber Crime Costs Projected To Reach $2 Trillion by 2019. [Online] Forbes. Available from: https://www.forbes.com/sites/stevemorgan/2016/01/17/cyber-crime-costs-projected-to-reach-2-trillion-by-2019/#53b93d2b3a91 [Accessed on: 01/09/17]
Phillips, R., and Sianjina, R.R. (2013) Cyber Security for Educational Leaders: A Guide to Understanding and Implementing Technology Policies. Oxon: Routledge.
Segal, C. (2017) 8 Cyber Security Best Practices For Your Small To Medium-Size Business (SMB). [Online] Cox Blue. Available from: https://www.coxblue.com/8-cyber-security-best-practices-for-your-small-to-medium-size-business-smb/ [Accessed on: 01/09/17]
Singer, P.W., and Friedman, A. (2014) Cybersecurity: What Everyone Needs to Know. Oxford: Oxford University Press.
Tech Target. (2017) Cybersecurity. [Online] Tech Target. Available from: https://whatis.techtarget.com/definition/cybersecurity [Accessed on: 01/09/17]
Thielman, S. (2015) Ashley Madison CEO Noel Biderman resigns after third leak of emails. [Online] The Atlantic. Available from: https://www.theguardian.com/technology/2015/aug/28/ashley-madison-neil-biderman-stepping-down [Accessed on: 01/09/17]
Waddell, K., and Volz, D. (2015) OPM Announces More Than 21 Million Affected by Second Data Breach. [Online] The Atlantic. Available from: https://www.theatlantic.com/politics/archive/2015/07/opm-announces-more-than-21-million-affected-by-second-data-breach/458475/ [Accessed on: 01/09/17]
Willson, D., and Dalziel, H. (2015) Cyber Security Awareness for Corporate Directors and Board Members. Waltham, MA: Elsevier.
World Economic Forum. (2017) Advancing Cyber Resilience Principles and Tools for Boards. [Online] World Economic Forum. Available from: https://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles-Tools.pdf [Accessed on: 01/09/17]
Zamora, W. (2016) How to create a successful cybersecurity policy. [Online] Malwarebytes Labs. Available from: https://blog.malwarebytes.com/101/2016/03/how-to-create-a-successful-cybersecurity-policy/ [Accessed on: 01/09/17]
Essay Writing Service Features
Our Experience
No matter how complex your assignment is, we can find the right professional for your specific task. Contact Essay is an essay writing company that hires only the smartest minds to help you with your projects. Our expertise allows us to provide students with high-quality academic writing, editing & proofreading services.Free Features
Free revision policy
$10Free bibliography & reference
$8Free title page
$8Free formatting
$8How Our Essay Writing Service Works
First, you will need to complete an order form. It's not difficult but, in case there is anything you find not to be clear, you may always call us so that we can guide you through it. On the order form, you will need to include some basic information concerning your order: subject, topic, number of pages, etc. We also encourage our clients to upload any relevant information or sources that will help.
Complete the order formOnce we have all the information and instructions that we need, we select the most suitable writer for your assignment. While everything seems to be clear, the writer, who has complete knowledge of the subject, may need clarification from you. It is at that point that you would receive a call or email from us.
Writer’s assignmentAs soon as the writer has finished, it will be delivered both to the website and to your email address so that you will not miss it. If your deadline is close at hand, we will place a call to you to make sure that you receive the paper on time.
Completing the order and download