companies were irreparably harmed as a result of the breach too,
spending millions upon millions of dollars to repair the damage.
With ever increasing cyber security risks it is incumbent upon us to
understand the value of our data to ourselves as well as to bad guys
who might covet or wish to adulterate it, and then put the right
technologies, processes, and training plans in place to mitigate the
threats to the extent feasible. Since virtually everything is connected
to the internet these days it doesn’t matter what type of business we
are in. Everyone is at risk; even something as mundane as our
refrigerators can be the vector that lets the bad guys into our network
and from there into our mission critical data. It’s not just an IT
problem however, we need to safeguard against social engineering
scams that can trick folks into voluntarily giving up sensitive
information as well as disgruntled employees, customers, or
suppliers who might have access to our systems or resources and a
desire to do bad things too. As you can see, it’s a people, process,
and technology threat. And, we must continuously assess and
defend against new and ever evolving risks.
Hackers are ubiquitous, but they are by no means the only danger
that must be taken seriously. The term force majeure is French for
“superior force,” but in practical application it really means “acts of
God.” It’s a legal term that lets parties off the hook for their
contractual commitments in the event of catastrophic disruptions
such as wars, nuclear accidents, earthquakes, hurricanes, meteor
strikes, or other natural disasters. In legalese it’s a protection against
the unforeseen, but it also a risk that while oftentimes small in
likelihood can have catastrophic consequences on our businesses if
it comes to fruition. There’s no guarantee of perfect safety, it’s
economically unfeasible, but we can build redundancy into our
supply chain, operations, employee base, and IT infrastructure so
that if really bad things do happen we will not be shut down and
unable to produce the products or services that pay our bills and
keep the business afloat every month.

It is incumbent upon all prudent businessmen and women to identify
possible risks to our enterprises, evaluate their impact, determine
which may be accepted and which must be mitigated to the extent
possible, and then figure out how to monitor whether or not they
have happened. It’s a four-step process that must be repeated
continuously: (1) identify the risks, (2) quantify the risks, (3) mitigate
the risks, and (4) monitor the risks. In this fashion we evaluate things
like strategic, operational, transactional, financial, technology,
regulatory, and geopolitical risks, determine our tolerance for
uncertainty, and then put plans in place to protect ourselves.
Sometimes mitigations are as simple as having an alternate supplier
of commodity parts available in case we need them, but other times
they are highly complex such as hardening our systems against
cyber-attack via network segmentation, enclaves, encryption, and
the like which can take millions of dollars and multiple years to put
into place. The challenge is to know for certain where we stand and
chart a sensible and thoughtful course forward.
There are no guarantees in life or in business, but we can stack the
deck in our favor with prudent planning and thoughtful execution of a
risk management plan.

Download 1.13 Mb.

Do'stlaringiz bilan baham: