Cybersecurity and data privacy has firmly established as a major challenge among executives in recent years. While in the past cybersecurity was related to business continuity as well as finance and reputation, now companies have to comply with certain data protection rules (GDPR). The potentially devastating fines that can be imposed according to the GDPR have already caused a change in the methods of personal data collection and storage. Companies began to use information notifications on their web sites and in the newsletters.
According to Risk in focus 2020, business today faces three main risks: cybersecurity (78%), changes in legislation (59%) and digitalization (58%). Cybersecurity and digitalization have already appeared as the top three risks in the last two years.
Internal audit as a lifesaver
Why is it so important for companies to conduct internal audits regularly:
1) the methods by which actors attempt to breach their targets are constantly evolving and increasing in sophistication
2) organizations are not fixed or static entities — their so-called perimeter is fluid and continuously growing, as IT infrastructure migrates to the cloud, businesses move into new geographic markets and integrate merger and acquisition (M&A) targets and align their internal control systems, employers agree to “bring your own device” policies, and Internet of Things (IoT) and other digital capabilities are developed and expanded.
Talking about threat sophistication, one of the new methods is the compromise of customer service chatbots. Bots indeed increase economic efficiency, but they bring in new cyber threats. So during an audit, it’s worth testing how they’re protected against such violations. Likewise, cloud services and supply chain security must remain a priority.
However, while cybercriminals are constantly developing new methods, most successful attacks use well-known vulnerabilities. 93% of breaches can be avoided by taking simple steps such as regularly updating software, blocking bogus emails and using email authentication, and training people to recognize phishing attacks.
It’s not as bad as it looks. Cybersecurity can be seen as a profit opportunity. Those companies that provide the best security and can respond quickly and effectively to cybersecurity violations can build trust with customers and other stakeholders. This creates value for shareholders. Sometimes it is so important to look at the problem from a different perspective.