Security is Fundamental, But Are We Too Underestimating it?

//Security is Fundamental, But Are We Too Underestimating it?

Do we live in a more risky world than in the past? The answer is yes, according to 72% of top business managers worldwide interviewed by BDO for the Global Risk Landscape 2017 edition, the annual report of the company’s audit firm and business advisory firm investigating business risk factors international.

What is surprising is that there is no security issue out of the top three risk factors, out of concern about compliance with regulations (35%), increasing competition in the market (30%) and the economic crisis ( 29%). If questioned about the company’s uptime about the changes in global business, only 21 percent of European business leaders point to cyber risk as a factor that will surprise their businesses over the next 10 years.

The context outlined by the BDO report seems totally inadequate to the current global scenario, where we are attending world-class cyberattacks such as WannaCry and Petya. If this is accompanied by Ponemon and IBM estimates, which account for $4 million in the average economic loss caused by a company by system violations in 2016, with an increase in ransomware attacks by 6,000% a year last, it is clear that the security issue is at least underestimated.

According to BDO, there are eight steps each company should take to be able to be resilient to cyber attacks. The first is to constantly update security information systems with the latest software versions available to avoid the so-called 0-day, publicly known security vulnerabilities.

The second step is to install monitoring systems that timely activate the alarm in case of violation. What’s important is to know what data are contained in their systems and how they are defended. The fourth step is to protect this data with appropriate access control systems. The fifth is the corporate culture: it is necessary to teach all employees how to recognize an ongoing hacker attack and how to take safe behaviors during daily work.

The next step is to look at the business supply chain and ensure that stakeholders and third parties are well prepared for cyber-risk by sharing good practice. Finally, we need to be able to discuss the cybernetic risk at the summit adequately, as we would address any other risk, economic or otherwise.

In the event of an attack, as always stated in the BDO report, the first thing to do is to realize that the attack is ongoing. Then, immediately shut off the parts of the attached system, to avoid contagion propagation. At the reputational and communicative level, it is also necessary for each company to prepare in advance an official standard statement that can promptly send the press and stakeholders.

By |2017-10-10T00:56:13+00:00October 10th, 2017|Technology|3 Comments


  1. Ogeto Omwancha October 11, 2017 at 12:15 pm - Reply

    I can agree with you on this one, many organizations are underestimating their security setups and apparatus. Having said that, how the advancements in several third platform digital technologies, innovative startup accelerators and other digital technologies – and their convergence – drive next generation applications and why and where it matters. Some organizations are winning individual battles for enterprise security—but the bad guys are still winning the war, such as the latest attacks like Wanna-cry and Patya ransom-wares holding some organizations hostage. Although there is a rising tide of advanced security units that fully recognize the business impacts of a breach and employ highly sophisticated strategies to reduce risks, they remain the exception rather than the rule: 85% of the organizations assessed would be found not to be meeting the recommended maturity levels for their security operations. Improvement begins with mastering—or re-mastering, in some cases—the fundamentals of enterprise security. This may not sound exciting, and that’s part of the problem: We’re too obsessed with what’s new and shiny, especially when it comes to technology, and security operations aren’t usually new and shiny. But getting the fundamentals right is an absolute must. Immature security organizations are typically lacking in one or more areas. In some cases, organizations are even trying to implement more advanced strategies without the basics already in place, which is a setup for failure.

    • Joan Yancen December 22, 2017 at 3:00 am - Reply

      Besides, this problem have been studied from a microstructural level as in the interconnected world the users of the cloud computing take part of experience online enriched around electronic commerce, communication and entertainment. In this way, with this new interactivity emerge an important responsability (from governments, industry and consumer advocacy groups) to guarantee users can trust that their information is safe and stays private. In spite of the scope of the problem Microsoft assured that the solution has to be applied those individuals that through social networks are being disturbed by the already known cybercrimes.

  2. Joan Miguel Siso Yancen December 21, 2017 at 9:07 pm - Reply

    This is so right, due with the technological advance the companies have deposited too much information on networks, dangerous situation if they don’t take care of the growing coverage of cyber crimes as the risks of suffer an attack have been getting bigger, in fact, the data security is a matter we all (since the bigger company to the individual) have to take care about, there is a constant risk on social networks. However I’ve noticed that in spite of the existence of this problem a big part of mundial community have no interest on it. Informative post!

Leave A Comment