Many organisations wrongly believe that cyber security is costly. It’s worth remembering that the cost of putting in place appropriate security measures is far less than the price you’d pay to repair the damage caused by a cyber attack.
Customers are at the heart of every business. All our planning and decisions are designed to meet customer service objectives.
However, organisations are very different from businesses 30 years ago in terms of the activities they carry out, which also means the risks they are exposed to and how they mitigate those risks have changed too. Cyber-attacks harm businesses both directly and indirectly.
How do cyber-attacks affect the customer experience?
When customers interact with a website or a mobile app but are unable to carry out a task or transaction, it damages the service provider’s reputation. Frequent or repeated issues will mean your customers turn towards the competition.
To quote Benjamin Franklin: “It takes many good deeds to build a good reputation, and only one bad one to lose it.”
Why do attacks take place?
Attacks can now be custom-ordered for as little as $400. Websites of national interest, and those of financial institutions and governments are targeted to cause revenue loss, for personal gain or to damage the organisation’s reputation.
How do attacks take place?
Distributed denial-of-service (DDoS) attacks – in which bot requests are sent to a website or server in such huge numbers that they are unable to process the requests – are growing in popularity and are aimed at disrupting services.
GitHub, the popular code-sharing website, was knocked offline for a few minutes just a couple of months ago, in what was one of the world’s largest DDoS attack to date.
Such attacks can make an organisation’s systems inaccessible, disrupt communication lines and force its website offline. This in turn would affect customer service levels and productivity and damage the organisation’s reputation.
In such situations, keeping interested parties informed of what is happening is vital. You should clearly explain what caused the disruption, how it was discovered and action taken to avoid a similar incident.
How can such attacks be avoided?
Planning and investing in security while overhauling your IT infrastructure should be a top priority. Devices must be tested using penetration testing programmes and have inbuilt or programmed protection capabilities against known attacks.
Furthermore, you should consider implementing an ISO 27001-compliant information security management system (ISMS). An ISMS is “a systematic approach for establishing, implementing, operating, monitoring, reviewing, maintaining and improving an organisation’s information security to achieve business objectives” (ISO/IEC 27000:2016).
It encompasses people, processes and technology, recognising that information security is not just about antivirus software, implementing the latest firewall or locking down your laptops or web servers.
Technology alone is not enough to defend against the evolving nature of information security threats.
Your overall approach to information security should be strategic as well as operational, and different security initiatives should be prioritised, integrated and cross-referenced to ensure overall effectiveness.
An ISO 27001-aligned ISMS helps you coordinate all your security efforts (both electronic and physical) coherently, consistently and cost-effectively.
How can your organisation achieve certification?
IT Governance is the leading global provider of IT governance, risk management and compliance solutions. You can find out more about our services on our website.
- How ISO 27001 can improve information security;
- The benefits of achieving certification;
- How the Standard works;
- What to consider when tackling the Standard; and
- How to overcome the initial implementation barriers.