Identify cyber security risk components that may exist within your real or fictional company.
Develop and describe a cyber security risk mitigation strategy for a real or fictional company.
Describe the challenges and benefits of implementing a cyber security risk mitigation strategy for a real or fictional
Cyber security remains a major threat to the operations of organizations worldwide. With the increased reliance on modern technologies by business organizations, there has been a tremendous rise in cyber security risks. Today’s organizational leaders are more concerned about cyber security risks than any other period in history. The dynamic nature of cyber security risks in terms of size and complexity makes it difficult for cybersecurity experts to develop a single solution for the cyber security risks. Organizations have established different methods or mechanisms of averting cyber security risks or ensuring they do not cause major harm. The financial industry is one of the most affected by the cyber security threat. This paper examines cyber security risk issues facing PAC Inc., a fictitious multinational company that offers financial services.
Cyber Security Risk Components
One of the cyber security risk components facing PAC Inc. and other organizations is the reliance on legacy systems (Cuomo & Lawsky, 2014). Although PAC Inc. updates its systems regularly, it may not entirely escape the application of legacy systems that come through acquisition. Legacy systems obtained through acquisitions pose significant risks due to the security vulnerabilities that come with them. The organization may take a long time before updating the legacy systems that have higher security vulnerabilities. Another cyber security risk is susceptibility to breach through the third-party vendor ecosystems. Most financial service companies including PAC Inc. rely on third-party vendors for delivery of certain services such as email services, cloud storage services, web-hosting services, and cloud storage services (Cuomo & Lawsky, 2014). The security vulnerabilities facing the third-party vendors increase cyber security risks at PAC Inc. It is difficult for organizations to replace their third-party vendors even if it is found their network security is weak due to the complexities involved in changing users.
Another cyber security risk component facing PAC Inc. is cyber threats. There are new forms of cyber-attacks that have hit the financial sector. Common cyber-attacks include Distributed Denial of Service (DDoS) attacks, ATM cash out, and Corporate Account Take Over (CATO) (“Conference of State Bank Supervisors (CSBS),” 2015). DDoS attacks are the most common. As the name suggests, these attacks involves directing excessive traffic to a company’s website in such a way that it interferes with normal service delivery. DDoS attacks may affect the reputation of the organization by denying customers access to essential services they need. CATO is a form of attack where cyber criminals impersonate the company and conduct transactions using customers’ accounts. Cyber-criminals gain access to corporate login credentials using malicious software, which they then use to transfer funds (“CSBS”, 2015). This form of crime targets online banking. ATM cash outs involve cyber criminals taking control of the web-based ATM control panels using malicious software. This may cause huge losses.
Cyber Security Risk Mitigation Strategy
Organizations are currently likely to experience cyber-security threats than any other period in history. A good mitigation strategy is developing an incidence response plan that outlines the critical steps that an organization can take in case of a cyberattack (Lebanidze, 2011). The incident response plan also identifies the critical steps that the organization should take in anticipation of a cyberattack. An incident response plan should include documentation of procedures, training, and rehearsal targeting the team involved in mitigating an incidence or breach of security. An incidence response plan comprises of various plans that the organization should draw. The first is the contingency plan that addresses issues concerning continuity of operations in case an unplanned outage affects the organization.
An incident response plan should include a disaster recovery plan. The disaster recovery plan outlines the steps to take in case of a major disruption to business. This plan may include system backups and off-site storage. System backup is vital for ensuring that there is no loss of data in case of a hacking incident. The incident response plan should also address the following.
- Ways of addressing potential losses
- Criteria for engaging digital forensic experts
- Budget for the plans
- The effectiveness of the incident response strategy
- Communication to stakeholders concerning the issue
The incident response plan includes detailed plans, clearly defined roles, training of IT staff, and proper management oversight to ensure that the plans are in place. An effective incident response plan can help PAC Inc. to identify and contain attacks early before they cause significant damage.
Benefits and challenges of implementing a cyber-security mitigation strategy
There are various benefits in implementing a cyber-security mitigation strategy such as the response plan described above. One of the benefits of a mitigation strategy is the early identification of potential threats (Lebanidze, 2011). This means that attacks can be easily contained before they spread beyond uncontrollable levels. The cyber-security mitigation strategy can help in managing various stakeholders in the event a security lapse occurs. The incident response plan identifies plans on communication to stakeholders including customers if an incident occurs. An incident response plan can ensure the continuity of operations in case an attack occurs. On the other hand, one challenge of implementing a cyber-security mitigation strategy is the high cost. Mitigation strategies are costly and hence organizations try to weight the costs Vis a Vis the benefits. Another challenge in cyber-security mitigation lies in the dynamic nature of cyberspace. Every day, new and sophisticated attacks are emerging, which may invalidate any mitigation strategy in place.
To conclude, cyber security continues to be a major challenge facing modern organizations and including PAC Inc. Cyber security leads to losses or damage to reputation of companies involved. There is no foolproof method of preventing cyber-attacks. As such, modern organizations should develop incident response plans that can help them deal with potential cyber-attacks.
Conference of State Bank Supervisors (CSBS). (2015). A resource guide for bank executives. Retrieved from https://www.csbs.org/CyberSecurity/Documents/CSBS%20Cybersecurity%20101%20Re source%20Guide%20FINAL.pdf
Cuomo, A. M., & Lawsky, B. M. (2014). Report on cyber security in the banking sector. New York State Department of Financial Services. Retrieved from http://www.dfs.ny.gov/reportpub/dfs_cyber_banking_report_052014.pdf
Lebanidze, E. (2011). Guide to developing a cyber security and risk mitigation plan. Retrieved from https://www.smartgrid.gov/files/CyberSecurityGuideforanElectricCooperativeV11- 21.pdf