Applying attack risks to business data! Financial juggling 101

Cyber security is no longer a case of someone else’s problem.   It is looming as the number one concern of small and medium business and not for profit organisations.   Well that is it should be, but it never seems to get into the public spotlight, it is always hidden by things like carbon tax,  mining tax and the latest football scores  There are so many more things that organisations seem to want to talk about.   Hey I understand that we are in business to make money and the more successful you are the more money you make.    At what cost?

When I go to a web site / e-commerce site to spend my hard earned loot I expect to be able to trust that site as well as expect that the site will have the integrity to protect MY personal information.

Now in a lot of cases the understanding of the business is that they will give me best effort.    Sorry but best effort is no longer the currency of business.   I have a very high expectation that when I put my credit card information and personal details into a web site that they will treat it the same way that I do.

So where do my expectations and the organisations capability fail? In most cases it comes down to understanding how to implement better business security, in others it comes down to actually spending some money, in some cases any money at the right level of the security pyramid.

Security implementation is one of those subjects that, when it gets to the board level, you can see the shuffling of feet and the surreptitious looks across the table.    It is not something that is embraced at the board level because in most cases the board members have little or no understanding of the implications or ramifications of a security leak.

In today’s world, one laps, one breach, one mistake can not only cost you your business, it can cost you your personal reputation, it can cost you that converted place on the board and in some cases can cost a substantial amount of money.

So that is a breach and your data has escaped!   what happens if you upset someone like “anonymous” and they do a DOS attack on you primary income stream.   Your e-commerce site is off line for 24 – 36 hours, how much do you lose in money, lost sales and reputation.    So there are 2 attack vectors that we have discussed so far there are many more.

Protecting your organisation and business in cyber space is definitely like juggling, keeping all those balls in the air takes effort, time, understanding and money and it takes very little to let one little ball drop.   Like dominos, sometimes that dropped ball will lead to a total breakdown in the system.

The problem is that cyber security is not about spending large amounts of money, it is more about getting the basics in place and then systematically working forward to the right outcome.    Yes, it can be expensive, but like most business change, that expense can be tapered with better and improved ways of doing business.

So there you have it cyber security 101.   Are my expectations to high, or should I accept best effort?   Either way it is about time that small and medium business and not for profit organisations looked at cyber security in a new light.   We have to make it hard for the cyber criminals so that they cannot penetrate anyone or they go away and try to attack someone else

Roger Smith, is an educator. Teaching students at ADFA (UNSW) and showing them how vulnerable they are to cybercrime.

He is also CEO at R & I ICT Consulting Services Pty Ltd, an Amazon #1 author on Cybercrime and founder of the SME Security Framework. He is a Consultant who specialises in inexpensive and highly effective security strategies for small and medium businesses and not for profit organisations.

He has developed and authored the SME Security Framework and the Security Policy Training Course which are considered to be the definitive guides to helping SME's protect their organisation using the principles of Technology, Management, Adaptability and Compliance.