Organisations have experienced cyber attacks that include information disclosure, ransomware, financial fraud and compromised IT infrastructure, to name a few. Awareness about data security and data privacy is on the increase in the user and stakeholder community. The increased risk of cyber attacks and the growing expectations from stakeholders, including users and the government, have raised the bar for most organisations. Preventing cyber security incidents, data breaches and other malicious activity has become very important. Ensuring adequate cyber security measures are in place is, however, quite challenging, particularly given the complex environment and opportunities available to attackers. The dynamic and evolving nature of the technology environment makes it difficult for organisation to counter cyber attacks. It is in this context that a risk-based approach to cyber security enables a better understanding of the related risks and strengthens organisations to meet this challenge.

A risk-based approach

A risk-based approach to cyber security identifies and evaluates the possibility of undesirable events that may lead to undesirable or dangerous situations and impacts. The impact and magnitude of these events can be quite diverse. Examples of the differing nature of the attacks and impacts include ransomware attacks leading to cyber extortion, breaches resulting in intellectual property compromise, disclosure of personal information and destruction or manipulation of technology or industrial infrastructure, similar to the Stuxnet incident in Iran’s nuclear plant.

Jul-Sep 2019 Issue