In: Computer Science
Homework Discussion (250 Words): (Selling Cyber in Your Organisation)
Please outline what angles you might take to convince your senior leadership to invest in a program. Use your organization as an example. Use the lens of Financial, Regulatory, Reputational, and Privacy considerations (or feel free to choose your own considerations if they are applicable). Feel free to draw from the readings.
P.S: The organization name is: KISI
Company Type: IoT Security Company
Answer:
There is a large number of reasons for a company to invest in cybersecurity some of them are the following:
Financial: Due to lack of proper cybersecurity in the organisation it may have to suffer huge financial losses due to cyber-attacks which are focussed on stealing important information related to the transaction such as password and bank account details of the organisation. Other Threats can be loss of confidential data of the organisation itself or its clients/customers, cost of recovering data from hard drives which are affected by ransomware. It may also suffer from attack organised by its competitors which may lead the company into used financial loss.
Regulatory: Due to recent changes related to the user data protection organisations need to follow regulatory framework such as GDPR (General Data Protection Regulation) by the EU. If any Corporation fails to comply with this then they may have to pay a huge amount of fine (4% of revenue) or it may lead to sanction from the European Union. Hence we need to invest in cybersecurity to prevent customers personal information from being exploited by attackers.
Reputational: Any organisation needs to win the trust of their loyal customers if the customer does not trust the organisation due to its record or recent cyber attacks on them they will not be interested in business with them. As most of the customers are informed about data privacy and consequences they may suffer due to loss of data. So investing in the cybersecurity is very important to keep up the reputation of the company. Due to these reasons nowadays most of the company's advertisement includes how much they are concern about the user's data and what are their plans to deal with cyberattacks.
Privacy: Investment in cybersecurity is not only necessary for the privacy of customer/client data but it is also necessary for the privacy of the company. A lot of companies deal with third parties which pose the risk of Cyberattack due to mishandling of the data. I lot of cases it has been seen that the major data breaches caused due to data leaked by third parties. So an organisation need to identify what are the critical data which they are sharing with third parties and how they can protect their data either by binding them with terms of use or implementing different security measures.
Dealing with insider threats: The greatest risk of Cyberattack is within the organisation itself -it's employees. Employees can be the weak link of the organisation as they may leak information, share a password, share confidential data unintentionally, even their minor mistake may later prove to be hazardous for the company. Several attackers use different social engineering tactics to get information out of employees such as phishing attack, posing as their new friend and gain important information, clues to guess password etc.
Data leak protection: Being an IoT based company we are collecting a large amount of data from the customer devices which can be helpful to improve our products, design new products, target customers and other research-related activities. But the exposure of these data may benefit competitors, customers will also suffer because it may contain their private data, and ultimately they may lose trust in the company. Since IoT devices are physical devices so any malicious software attack can call cause physical damage such as an IoT door may allow entry to the attackers into the house without getting the permission from the owner and they may commit criminal activities.
It is best for the organization to invest in cybersecurity as it is cheaper than the cost to recover from a cyber attack.