Information Security - Data Breaches and Prevention
Businesses, organisations and agencies suffer badly from security breaches, and as technology improves so the number of incidents increases. The type of incident can be divided into:
- system failure and data corruption;
- infection by viruses or malicious software;
- computer fraud; or
- attacks by unauthorised outsider.
Companies without robust information security management systems in place could suffer one or all of the above incidents, as a result of which they could face heavy financial losses. Attacks are indiscriminate and occur regardless of the size or type of organisation. A report from RAND Europe shows that one in six small businesses have been successfully attacked by hackers, and that banks and financial institutions have been targeted by unauthorised outsiders, leading to weeks of investigations to resolve the issue at a cost of thousands of Euros. Whether an organisation suffers no direct financial losses from the attack, it could end up paying tens of thousands of Euros in compensation following customer complaints behind a DDoS attack or just by resuming normal service, and could continue to suffer significant adverse media coverage for a long time afterwards.
Most of the time the worst security breaches lead to huge financial losses as a result of the loss of assets. Taken from a RAND Europe report conducted in 2013, the table below summarises the costs of all incidences encountered by European companies over the last two years, where costs are estimated up to €4.15 billion.
Cost
|
Minimum cost, €
|
Minimum cost as a % EU GDP
|
Total estimated cost of malicious attacks to SMEs
|
562m
|
0.004
|
Total estimated cost of all incidents (incl. hardware and software failure) to SMEs
|
2.3bn
|
0.017
|
Total estimated cost of malicious attacks on all enterprises except micro-enterprises
|
935m
|
0.007
|
Total estimated cost of all incidents (incl. hardware and software failure) on all enterprises except micro-enterprises
|
4.15bn
|
0.032
|
The absence of a secure ISMS can leave you open to attacks such as cyber threats and data breaches. If you suffer either of these, you could be liable to pay hefty fines and suffer significant brand damage, which would result in a loss of trust between you and your customers/clients.
Recommended reading:
CyberWar, CyberTerror, CyberCrime -Understand the risks of cyber crime and learn what measures you and your business should take.
Download our free green paper on information security and ISO 27001
This green paper contains an overview of Information Security and ISO 27001, the information security standard, and is an ideal read for beginners.
Download our free green paper on information security and ISO 27001 >>
Information Security and Risk Assessments
At the heart of Information Security Management is Risk Assessment.
An information security management system (ISMS) aligned to risk acceptance and rejection criteria is a powerful management tool when coupled with third party certification. Organisations can use risk assessments to detect the potential threats that their information systems face. By completing a risk assessment it is possible to address the risks that have been identified and apply the appropriate controls to reduce the level of risk.
Risk Assessment Software
Completing a Risk Assessment is a central element of the implementation of an ISO 27001-compliant ISMS. However, conducting such a risk assessment is a demanding task without the use of a specialist tool.
vsRisk is a custom-built software tool designed specifically to guide your organisation through the risk assessment process requirements of ISO27001.
vsRisk automates the risk assessment process, helping you to identify, analyse and control the risks you face.
Find out more about vsRisk and download a free trial version of vsRisk >>
You may also be interested in: