This post is also available in: עברית (Hebrew)
If you are a manager of a company, you should know that it is already under attack. Though not your fault, this is certainly an issue you should know how to cope with and answer to. Although cyber security has many technical aspects, it is a business matter like anything else. This doesn’t mean you need to become a cyber expert today, but you will have to have employees that could guide you and direct you through this critical matter.
Many cyber attacks against organizations are possible due to careless maintenance of the information security system. Such behaviour usually occurs since there are “more pressing things to do”, but not necessarily more important ones. Ignoring the relevancy of cyber security to your organization is failing in organizational risk management.
From an inspection made in over 200 companies, it appears that asides from banks and a few more organizations, not many companies keep employees as Chief Inorfmation Security Officer (COSI). The significance of this find is that these companies have transferred handling this field to the information technology team or or relying on a third party.
There will always be urgent expenses and budget cuts that supposedly need to be dealt with beforehand, but not protecting valuable information from computer attacks, which are foreseeable, cannot be considered a practical mangement strategy in 2015. This is just the sort of trap the Office of Personnel Management has fallen into when it became the victim of a cyber attack due to improper maintenance of information system security. That attack exposed over 20 million cocfidential files belonging to former and current U.S. government employees.
Just as every organization knows the saying “Safety comes first”, there must be a way to increase the awareness of organizations to the risks following everyday use of the internet. It’s the same as driving the road, which makes you follow the rules and maintain your vehicle. Much the same, if you want to run an online business, you must be familiar with the risks and follow basic security rules of the field.