Critical Analysis.
Introduction
Once a company adhere to conduct business in the Cyberspace, securing its assets is just as important as within the physical world. Thus the term Cybersecurity must be understood and implemented. The NICCS defines the term Cybersecurity as the ability to protect information contained in Cyberspace from being damaged, unauthorized accessed, used and or modified (Niccs, 2016). In other words, only authorized individual should be able to access, manipulate and use company’s information contained in Cyberspace. UMUC defines Cybersecurity as information technology security, which aims to protect computers, network, program and data from unintended or unauthorized access, change and or destruction (UMUC, 2016). Then again, by moving into Cyberspace, companies must plan and invest in Cybersecurity to make certain that its information system will only be accessible, manipulated and used by authorized personal. As a consequence unwanted access will be prevented. Cyberspace is becoming the ruler of a global digitalized realm. Dada needs to be protected, intellectual property needs to kept secret, banks financial information needs to be safeguarded, and above all, the reputation of the company is the paramount of business survival. So it is imperative that company’s leaders invest in Cybersecurity in order to have a tougher approach to Cybersecurity their Cyberspace.
Business Need for Investing in Cybersecurity
More often than not CIO’s feel like a lone wolf. It is a fact that it is hard to have people that can help them implement a Cybersecurity program on their side. These people are the executives, they usually act on the reactive mode. Such as, they work under the assumption that an attack won’t happen to their company, or they just wait till it happen to deal with it. Nevertheless, often the headlines we seeing in the news describing another Cyberattack, such as the Sony Picture Entertainment, Target, or even the Federal Government Office of Personal Management (OPM). Yet, the posed question is could it be avoided? What if that happen to my company? The oblivion of the executives about a Cyberattack to their company and what they see as a more important issues, allow them to keep pushing the Cybersecurity of their company under the rug, until an attack happen and then is panic mode all over, and all of the effort will be applied to control the damage. The damage may be, customer data may have being stolen, intellectual property and financial information may be disclosure, companies have an legal obligation to make it public and there it is, the company’s reputation is finished, and may not be the same ever again. So why executives are being oblivion for these facts? A survey conducted by PWC reveals the losses that has eventuate within company’s victims of a Cyberattacks in US (Loveland, G., & Lobel, M, 2012).
The Impact of Cyberattack in Business in US
|
Financial losses |
37.5% |
|
Intellectual property theft |
31.8% |
|
Brand reputation compromised |
31.2% |
|
Fraud |
15.8% |
|
Legal exposure lawsuit |
12.2% |
|
Loss of shareholder value |
11.3% |
|
Extortion |
7.1% |
Nevertheless, the survey has shown that executives lacks to understand or accept Cybersecurity as vital for the survival of their company, and they continue labeling Cybersecurity as a technical subject. When asked the confidence of effectives on the company ability on Cybersecurity 72% of executives answer was very or to some extend confident. However, when asked to detailed the approach of their companies to Cybersecurity, the implementation and proactively, the answer is somewhat disappointing. 43% of executive’s responders was confident of their effectiveness approach of information security. 27% of those that classify themselves as strategist (CIOs) relay on executive. 15% said they better of getting things done other than describing. At last, the gravity fighters, 22% acknowledge nonexistent strategy and to be reactive to a Cyberattack. To be fair, 13% of responder are walk the walk by having Cybersecurity strategy with leading practice (Loveland, G., & Lobel, M, 2012). Numbers don’t lie, facts are facts, and it is fair to conclude that the predominant barrier to Cybersecurity companies Cyberspace are senior executive. These are educated folks, and they must take a second look at the number and fact and predictions made by experts. In addition to listen to their CIO.
People, Processes and Technology
References
Conn, S. (2015, February 24). Gartner Says By 2018, 40 Percent of Large Enterprises Will Have Formal Plans to Address Aggressive Cybersecurity Business Disruption Attacks. Retrieved March 16, 2016, from http://www.gartner.com/newsroom/id/2990717
Loveland, G., & Lobel, M. (2012). Cybersecurity: The new business priority. Retrieved March 16, 2016, from http://www.pwc.com/us/en/view/issue-15/cybersecurity-business-priority.html
Niccs. (2016). Cybersecurity 101. Retrieved March 16, 2016, from https://niccs.us-cert.gov/awareness/cybersecurity-101
NCI. (2015, October 13). People, Process and Technology: National Cybersecurity Awareness Month’s 1st Podcast. Retrieved March 17, 2016, from http://www.nationalcybersecurityinstitute.org/editorials/people-process-and-technology-national-cybersecurity-awareness-months-1st-podcast/
UMUC. (2016). Cyber Security Primer. Retrieved March 16, 2016, from http://www.umuc.edu/cybersecurity/about/cybersecurity-basics.cfm