SPECIAL FEATURE: RISK MANAGEMENT
Risk management 101
for 2020
In its report “Is Business Ready for an Extinction-level Event?”, Deloitte, one of the world’s leading professional services networks, polled a number of high-level executives and senior personnel to find out what they regarded as the greatest workplace risks today.
A
lmost 65 per cent of respondents put destructive cyberattacks at the top of their list of concerns, supporting Deloitte’s assertion that attack surfaces were growing exponentially in an era of technological transformation and cyber everywhere. With this in mind, “it’s time for senior leadership to modernise risk management programs and solutions to keep pace with the current threats and technologies to incorporate new educational tools, technical solutions and business strategies,” says Deloitte, adding: “A truly viable cyber-resilience program can benefit an organisation’s ability to recover, respond and be ready for a destructive cyberattack.” According to Risk.net, the ten main risk categories for 2020 include IT disruption, data compromise, theft and fraud, outsourcing and third-party risk, resilience risk, organisational change, conduct risk, regulatory risk, talent risk and geophysical risk Here they are that order with interpretations from a range of experts in the various fields. 12
SECURITY FOCUS AFRICA MAY 2020
IT disruption In his article titled “Business Disruption in the Digital World”, Steve Schlarman says IT disruption, with its potential to wreak havoc on reputations, finances and operations, is “top of mind for all organisations”. Adds Risk.net: “IT failure has been considered alongside IT disruption, where last year the categories were considered separately. Although the drivers and risk management of the issues are very different, the consequences – the loss of critical services leading to parts or all of an organisation being unable to function – end up looking much the same.”
Data compromise Data compromises or breaches can occur in a number of ways according to Kaspersky, from employees using coworkers’ computers and accessing files without authorisation, malicious insiders retrieving data with the intention of using it to harm an individual or company, via lost or stolen devices containing sensitive information or by malicious “outside actors” or hackers. The latter tend to focus
on stealing credentials – the vast majority of data breaches are caused by stolen or weak credentials – says Kaspersky. “If malicious actors have your username and password combination, they have an open door into your network. Because most people reuse passwords, cybercriminals can gain entrance to emails, websites, bank accounts and other sources of personally identifiable information (PII) or financial information.”
Theft and fraud Risk assessment is the foundation upon which effective anti-fraud and anticorruption processes are built, says Deloitte in its advisory piece “5 Essential Truths”. “Fraud and theft management is no longer about response,” it maintains. “It is now about detection and prevention. Fraud risk management will help align corporate values and performance as well as protect organisational assets, including reputation, (and) internal controls are one of the great fraud deterrents. Implementing a fraud prevention plan requires commitment and also requires the business to provide the right tools and support to its employees.”
securityfocusafrica.com
