Organizational risks that you should definitely be acting on
- Published: Friday, 16 June 2017 07:47
It is easy for organizations to feel overwhelmed by the number and scale of the risks that are faced; but often the perception of the potential harm engendered by various risks is exaggerated. In this article Chris Butler lists the real risks that every organization needs to consider.
Did you know the world’s most dangerous animal is not a shark, or a bear, but is in fact a mosquito? What’s certain is that human perception of risk is notoriously flawed; often, the events that concern and outrage us the most are the least likely to happen.
From political and economic tremors to cyber threats, 2017 represents another minefield of risks for businesses. For organizations, forging a deepened understanding of both threats and risk factors is crucial for remaining robust, resilient, and most of all, ahead of the competition. Part of this involves separating the myths from reality. So, what then are the real risks to business today?
This need not necessarily be caused by a fatal accident and ecological disaster like the Deepwater Horizon oil spill after which BP’s reputation and ability to bid for new contracts plummeted following its mishandling of crisis communications. As KitchenAid found to its cost, an employee inadvertently sharing a tasteless joke on the company Twitter account instead of his/her personal handle also has the potential to do damage. (To its credit, the company responded with a swift, credible apology and explanation within eight minutes of the tweet appearing – an excellent example of good crisis communications).
Our own invocation statistics confirm that communications failures share equal first with hardware and power failures as the leading reason for customers invoking their recovery arrangements with us. This was the cause of just over a fifth (21 percent) of all invocations in 2016.(1)
Weak links in the supply chain
It may be an oldie, but our digital age makes it no less true than before; an organization is only as strong as its weakest link and it is vulnerable to any shortcomings in its third party ecosystem – that is vendors, partners, contractors and suppliers – which can have serious consequences (2).
Compliance with new legislation
Looking specifically at the General Data Protection Regulation (GDPR), an organization’s readiness to adapt to the new challenges of data privacy and reduced tolerance for data breaches represents both an opportunity and a threat. We expect data breaches to increase as hactivists or blackmailers expose data privacy failings, leading to GDPR non-compliance issues.
And, of course with cyber security there is the ongoing and growing threat posed by:
Home Depot took six months to discover malware had been installed that allowed hackers to steal the data of 56m customers before the breach was identified. Making a bad situation worse, it transpired that the management’s attitude towards staff raising concerns over poor information security was “We sell hammers”.
Hackers were able to gain entry to French media organization TV5Monde and take down its social media, websites and emails. The reconnaissance took place over an estimated five months before the attack was launched and it was over two hours before the station regained some control. Overall, 12 TV channels were taken off-air for 18 hours.
Tesco suffered the largest cyberattack ever on a UK bank with some £2.5m stolen (3). Quite apart from the reputational damage, Tesco faces a potential fine under the EU’s General Data Protection Regulations that could be as high as £2bn. The financial sector is four times more likely to suffer a cyberattack than other sectors and in 2016 there was a 40 percent increase in cybercriminal activity (4) targeting the financial services industry.
This continues to increase with the FBI estimating it will become a $1bn industry this year (5). However, its ‘success’ is largely due to the human factor. Social engineering and phishing are two of the criminal methods that hinge on poor personal behaviours or lack of awareness in the individual. While many think the elderly are more vulnerable, they are by no means the only target. Younger people may be tech-savvy but they are also more inclined to be more trusting and unaware of the proliferation of threats and means of attack. With one in 20 Twitter accounts estimated to be a fake bot account, we should all be aware of the dangers posed by social media and sceptical of potentially fake sites offering too-good-to-be-true deals on the latest Raybans or tempting links on Facebook.
Despite increasing awareness of the cyberthreats, hazards and risks that abound, human frailties and impulses will continue to provide challenges to business leaders through the remainder of 2017 and beyond.
Chris Butler is Principal Consultant, Sungard Availability Services.
- Sungard Availability Services Availability Trends Report 2016
- https://www.theguardian.com/business/2016/nov/08/tesco-bank-cyber-thieves-25m 8.11.16