Do we live in a more risky world than in the past? The answer is yes, according to 72% of top business managers worldwide interviewed by BDO for the Global Risk Landscape 2017 edition, the annual report of the company’s audit firm and business advisory firm investigating business risk factors international.
What is surprising is that there is no security issue out of the top three risk factors, out of concern about compliance with regulations (35%), increasing competition in the market (30%) and the economic crisis ( 29%). If questioned about the company’s uptime about the changes in global business, only 21 percent of European business leaders point to cyber risk as a factor that will surprise their businesses over the next 10 years.
The context outlined by the BDO report seems totally inadequate to the current global scenario, where we are attending world-class cyberattacks such as WannaCry and Petya. If this is accompanied by Ponemon and IBM estimates, which account for $4 million in the average economic loss caused by a company by system violations in 2016, with an increase in ransomware attacks by 6,000% a year last, it is clear that the security issue is at least underestimated.
According to BDO, there are eight steps each company should take to be able to be resilient to cyber attacks. The first is to constantly update security information systems with the latest software versions available to avoid the so-called 0-day, publicly known security vulnerabilities.
The second step is to install monitoring systems that timely activate the alarm in case of violation. What’s important is to know what data are contained in their systems and how they are defended. The fourth step is to protect this data with appropriate access control systems. The fifth is the corporate culture: it is necessary to teach all employees how to recognize an ongoing hacker attack and how to take safe behaviors during daily work.
The next step is to look at the business supply chain and ensure that stakeholders and third parties are well prepared for cyber-risk by sharing good practice. Finally, we need to be able to discuss the cybernetic risk at the summit adequately, as we would address any other risk, economic or otherwise.
In the event of an attack, as always stated in the BDO report, the first thing to do is to realize that the attack is ongoing. Then, immediately shut off the parts of the attached system, to avoid contagion propagation. At the reputational and communicative level, it is also necessary for each company to prepare in advance an official standard statement that can promptly send the press and stakeholders.