Risk-intelligence governance is key to tackling cybercrime
Since the turn of the century, businesses have been facing myriad of risks associated with uptake of technology and modernization that brought cyber crooks closer and has cost thousands of companies and countries billions of dollars and significantly damaged their reputations and brand. These new challenges have led many owners and management to take security of their companies seriously and most of them are tackling the vulnerability head with cyber-crime and cyber-espionage being the two main focus. Few companies have reached the certain level of complexities around cyber-security threat risks and most of them lack the technology for their staff, managers, boards and executives to explore the issue in deeper depth. The key issues for companies to consider are the exposure and effectiveness from level of exposure to cyber-threat risk and how effective they are at keeping that exposure to within acceptable limits. World over, experts have never agreed on various contentious issues ranging from risk definitions, risk tolerances and metrics specific to cyber-threat risk.
In emerging markets, a study recently revealed that companies doing business in those countries lack the technology tools to effectively collect and report cyber-threat related information. An expert working with a cyber-security company in Sydney recently told me that applying a risk-management maturity perspective to how challenges are addressed can bring valuable insights into an organization’s cyber-risk management strengths and weaknesses and best it might be able to improve. The management if the company must be informed at every level on how their companies are handling their cyber-threat risk-management capabilities. If an organization isn’t yet in a position to discuss exposure and effectiveness as such, I would recommend, tracking of digital information leaving the company and whose the recipient. Also, control and monitoring of software running company’s devices is equally important. Such measures have worked well for a company am familiar with in fighting cyber security threats although they do not represent core elements of an effective cyber-defense.