Thursday, July 31, 2014

In Cyber Security — You Snooze, You Lose

  • Spring of 2007- Estonia is brought to a standstill as ping floods and DDoS (distributed denial of service) attacks crash the websites of the parliament, banks, ministries, and media. The level of sophistication of the digital onslaught is unprecedented.
  • Titan Rain- Code word for one of the biggest cyber-espionage cases in history, it refers to a series of coordinated attacks labelled an Advanced Persistent Threat. Hackers infiltrated computer networks for years and stole ‘classified’ data from Lockheed Martin, Sandia National Labs, NASA...
  • Heartbleed- A malicious bug that attacks vulnerabilities in OpenSSL encryption software to steal logins, passwords, and secure keys. It affected the servers of the world’s most popular sites — Google, Facebook, Pinterest, Instagram, Yahoo!, etc. Most worryingly, it impacted mobile (iOS + Android) devices & hardware. The full extent of its damage is unknown.

I wish the above were from a film script titled, Dark Dawn over Cyberia. But these are real, reported incidents. Even more alarming is that cyber-attacks are getting stronger, bigger, faster, sneakier, and stealthier.
Cyber-crime costs the world economy up to $575 billion per year, according to a McAfee-CSIS report. Across continents, it erodes the GDP of countries and undermines technology, innovation, employment, trade and reputation.

Everyone Online Is at Risk

For banking, insurance, military, and healthcare companies, cyber security is a lifeline. But in today’s hyper-connected world, it’s not just the regulated industries that are exposed to danger.
Most of us work in always-on, social business environments. Our day-to-day spans geo-locations, time zones, and technologies. We log in to several social networks on different devices, access data from various websites and servers, and collaborate with people worldwide in real time. Truth be told, we are constantly at risk. And here’s the really scary part:

Being Prepared Is Best Practice

According to The Economist’s Cyber Incident Response Report, 75% of businesses have suffered a security incident in the past two years. While that usually causes loss of productivity and business-critical data, it’s only the tip of the iceberg.
The damage is doubled if the story gets out and snowballs into a full-blown PR and media crisis. Makes sense why 57% companies prefer not to report breaches, unless legally required.
It’s the loss of control, customer confidence and, occasionally, brand equity that makes cyber security a top priority. More than IT, it is now business strategy. Given the unpredictability of cyber-attacks, however, 100% prevention is a pipe dream.

Failing to Plan Is Planning to Fail

Risk mitigation is our best defence. Awareness, education, and understanding are our best weapons against cyber-crime. Prepare to shield your business:

I.   Strategy

Make security a part of your digital strategy. Design an Attack Response, Remedy, and Recovery Action Plan. Include what-if scenarios, what to do, who to contact, etc. Share it with all in the organization. Should a breach occur, have a contingency policy ready with a detailed crisis management and damage containment process.

II.   Personnel

Despite installing protection software, most incidents are picked up by alert staff. It is imperative to have a dedicated team of cyber watchdogs to ensure security across the enterprise. Train employees to consider vigilance a virtue with regular risk assessments, virtual scans, and security drills woven into workflows.

III.   Infrastructure

Investing in reliable enterprise social software is an important step in averting an online security crisis. Using a cobbled set of standalone, consumer-grade tools can create problems of non-compliance and expose your company to many risks:
  • Multiple individuals with admin-level access to social media pages
  • Access management in multiple places (i.e. within each individual network) making account adds, moves, and changes inconvenient and prone to error
  • Inability to enforce review and approval of messages prior to posting
  • Poor or no auditing ability; lack of archiving capabilities; limited or no automated scheduling
  • Incompatibility between new-old versions; separate upgrades for every piece of the puzzle
On the other hand, a holistic, enterprise-grade social relationship platform from a security-certified vendor provides robust data architecture and a secure work environment through:
  • Ability to monitor, moderate, and enforce controls at scale
  • Configurable user-based roles linked to your organization’s active directory
  • Embedded ‘intelligent’ routing and workflow approvals
  • Automated reviewing and compliance processes
  • Smarter monitoring of risks via volumetric & influencer-based alerts, and a ‘kill switch’
  • Enterprise-level security protection (SOC 1 + SOC 2 Type II SSAE16 certifications)
When choosing an enterprise technology partner, use this checklist to ensure the highest standards of compliance and risk management:

For more information on managing / mitigating risks, download the enterprise guides to 

social compliance

social governance,

and crisis management.

Sprinklr CEO, Ragy Thomas on how brands can cope with risk and ensure compliance.

About the author:
amar trivedi social business strategyAmar Trivedi is a Management Strategy Consultant with international experience in Marketing and Communications across cultures, markets and brands. Passionate about helping companies achieve success via social business, he advises leadership teams to deploy social technology to build collaborative relationships, leverage content marketing, and create memorable customer experiences. A blogger, copywriter, storyteller, speaker, Amar champions fun, creativity and happiness in the workplace. He tweets as himself @Mr_Madness

This post was originally published on Sprinklr Experience Management Blog.