How do we manage the risk of digital in todays business world?

10 years ago, cyber was not thought of as a risk to the business.   It was just a way to do business that was faster and less expensive.

5 years ago we started to think, in very rudimentary terms, that cyber was a small risk but we knew nothing about it so we will pass it to the ICT department for them to manage.

We did this because the perception of digital risk was purely associated with the ICT of the organisation.

Since 2014 and the Target hack, C level execs, boardroom members, owners, and managers, realized that digital risk was bigger than they expected and the departments that they had relied on to secure their organisations were not, in fact, doing the job to the expected level.

Definitely not their fault, there were a couple of reasons for this, the first being that they relied on people who were more focused on keeping the lights on, making the technology work, than securing the environments.

The other was whenever they, the ICT department / managed service provider tried to secure the business environment, and they would have done regularly, they were fighting culture, fiscal and attitude issues that just made it too hard to make the business environment safe.

In this environment most ICT departments / managed service providers resorted to a number of basic strategies.   Let’s get a decent firewall, let’s get a decent AV and let’s make sure that updates are applied.   This is close to 10% of the requirements to secure an organisation.

Digital and cyber risks are now the number one or two risk factors on management minds in today’s business world.

They still do not know how to manage it.

The hardest part is visualization.   How do those risks manifest themselves within the organisation?

No matter the size, the number of people you employ or the amount of money/revenue you make, digital risk can bring your organisation down in some cases literally overnight.   In fact, at the speed of Cyber!

Business management still thinks that ICT departments and managed service companies are the answer.

They are not!

Business security is a whole of business issue with a mantra that cybersecurity is everyone’s problem.   You need a team that crosses all of the lines of communication, from management to coal face.

You need people who understand the bad guys and can attack your system with the same capabilities and vigorous intention, but without the damage.

They need to approach the problem with the same intensity as the bad guys so that vulnerabilities can be exposed and removed, exploit can be counteracted and restricting a breach by monitoring the attack surface.

This will, in the end, make your environment more secure and stable.

You need someone with the right methodology, an understanding that technology is only part of the solution, and the ability to approach the huge problem in a manageable way.

It is only manageable when you address the areas apart from technology.

Why your charity is a great target for cybercriminals

You are doing a great job.   You manage, support a small charity, not for profit organisation and love what you do.

Your primary focus is to get as much done for your charity.   It could be donations, volunteers or grants but all for your primary charity focus.

Your whole role is to make sure that as much money goes through to the people in need.

Now I want you to step back and answer a couple of questions.

  • What would happen to all those good intentions if you got hacked?
  • How many of your supporters would you lose if you got hacked?
  • What would happen to your reputation if you got hacked?

But, it would not happen to you, would it?

Let me tell you a not so secret secret!

You are a target!

Maybe not a target of a full-blown black hat attack but you are a target none the less.  The analogy that I use is “what is the chance that a black belt martial arts person is going to beat you up?” Probably very remote!

When it comes to a cyber event, the black hat attacker is not the problem.

The problem is the hugely available and easy to use automated systems that are available for any person with an inclination to use them.

These automated systems create malware, deliver it, track it, monitor it, manage the stages of an attack and manage and control the money being made.   All a “ hacker” has to do is be willing and ethically capable and pull that trigger.

The risk to your charity organisation is significant.

Our attitude to the digital world as it is just a tool and anyone can use it is having a huge negative impact on business because it is not.

I can guarantee that your charity has a board, it has used a legal company for the structure and has an accountant to look at the books, but the most essential component of the organisation is what you put into the digital world.

From desktop computers to smart devices and cloud-based systems and services, the digital world is all around us.

We treat it like the normal world, that is bad.   Theft in the real world is seen and actioned, in the digital world, it is not.   I could have access to all of your data and you may not even know it is happening.

You need to talk to a MBSSP to bring your organisation to a level where your business security will protect the organistion, the data, the users but most importantly your clients, volunteers and supporters.

Without them you cannot function as a charity, and all your good intentions will disappear.

The best way to find out how vulnerable to a cyber event your organisation is.   Use the CareMIT Digital Diagnostic Tool or come to one of our regular quarterly “Security Board Meetings