Cybersecurity and Privacy – What You Need to Know (Post 2 of a Series)
March 05, 2014
By John Fodera, CPA
Understanding Cybersecurity Risks
You already know some of the potential consequences of not having a cybersecurity risk management plan in place: tarnished reputation, deceptive business practice claims, fines and penalties as well as legal fees. All of these threaten the success of a business and can be alleviated through the development of an effective cybersecurity risk management strategy.
Let’s begin by examining some of the risks and the profile of potential perpetrators.
You will need to identify the risks specific to your business so you can create a cybersecurity risk management strategy specifically tailored to your business.
The risk comes from the necessary technology that businesses rely on every day to help them efficiently run their businesses: hosting providers, social media, big data, mobile devices, bring your own device (BYOD), cloud computing and more.
According to the Vocabulary for Event Recording and Incident Sharing (VERIS), the perpetrators are trying to get at the information in the following technology warehouses:
- External Actors – government entities, organized crime, lone hackers, former employees
- Internal Actors – employees, independent contractors, interns
- Partner Actors – third-party service providers, vendors, suppliers, hosting providers, outsourced IT support, etc.
In addition, VERIS has reported that attacks occur for many different reasons and each carries its own level of severity:
- Malware – malicious software, scripts, viruses, worms, spyware, key loggers, backdoors, etc.
- Hacking – brute force, SQL injection, cryptanalysis, denial of service attacks, etc.
- Social – phishing, pretexting, blackmail, threats, scams, etc.
- Misuse – administrative abuse, use policy violations, use of non-approved assets, etc.
- Physical – theft, tampering, snooping, sabotage, local device access, assault, etc.
- Error – omissions, misconfigurations, programming errors, trips and spills, malfunctions, etc.
- Environmental – natural disaster, environmental hazards, power failures, electrical interference, gas leaks, chemical spills, etc.
This is a brief overview of some of the cybersecurity and privacy risks your business might encounter and who might be motivated or even unknowingly perpetrate a security breach. Our next blog will look at effective risk management practices and tools that can be used to mitigate these risks.
Need assistance in determining the cyber security risks specific to your business? Contact EisnerAmper’s Consulting Services group.