Wednesday, June 5, 2019

Security Threats in Businesses

security department Threats in BusinessesMusa Hajara MuhammadIntroductionThe business environment is becoming a fast paced globalized economy that depends on randomness and info carried via open channels. As a business disposal, it is critical to maintain and protect both physical and virtual property that is being owned against intruders, potential difference theft and another(prenominal) acts that could cause loss of any form. Dominos, for example, one of the biggest pizza delivery participation faced a massive data breach where customer selective information was made public, hence resulting in loss of sales and customers. In todays global, digital world, data rules. Safeguarding intellectual property, financial information, and a friendships reputation is a crucial part of business strategy. With the number of threats and the sophistication of oncomings increasing, safeguarding becomes a formidable task.Businesses, both small and big are under massive attacks by extern al agents in order to get credit card information and other confidential data which can be boast a negative impact on the growth of the business. However, this credentials threats are not limited to attacks from the outside, but as well as from within the firm (BusinessSecurity, 2013).A new-made survey shows that 80% of certificate breaches are caused by insiders- most often employees, more than 20% of attacks on the merged WEB sites come from the inside, almost 30% of companies, experience more than 5 attacks from the inside every year. However, it has also been argued that having too much security department may affect business processes. gibe to Cowan (2012), while thither are various security solutions to help protect businesses from potential reputational or financial damage, a heavy investment in business security solutions may have a counter-productive impact on the business. It can affect the corporate culture, flow of information and operational processes, leading t o inefficiencies and productivity loss (Cowan, 2012). On the other hand, being too permissive can have the same result, with employees able to access, share, lose or damage sensitive data too easily (Cowan, 2012).According to Cowan, business security needs to be tailored to each business depending on their respective risks and business objectives, that is, Security measures moldiness neither be so restrictive that they affect business processes, nor too relaxed and thereby causing harm (Cowan, 2012). The key is to weigh up all the risks and vulnerabilities, potential consequences and controls, and then decide which information summations to protect and which can be accessed and shared openly without major consequences. Following a risk-based approach testament lead to business growth and spending the right-hand(a) amount of season and money on the right train of protection in the right areas (Cowan, 2012).As a result of the negative issues of security threats to businesses, ma ny an(prenominal) companies today are adopting a corporate security strategy. Corporate securityidentifies and effectively mitigates or manages, at an early stage, any developments that may threaten the resilience and act survival of a corporation. It is a corporate function that oversees and manages the close coordination of all functions within the keep caller-out that are concerned with security, continuity and safety (Wikipedia, 2010). Core components of corporate security includes personal security, physical security, information security, corporate governance, compliance and ethics program, crime prevention and detection, fraud deterrence, investigations, risk management, business continuity, and crisis management (Wikipedia, 2010). While it takes effecting time planning to implement, Bordoloi (2012) argues that developing an effective governance approach to corporate security results in five basic outcomesReduced risks and potential business impacts to an acceptable train Strategic alignment of security with the enterprise strategy and the organizational objectivesBusiness value generated through the optimization of security investments with organizational objectivesPreserved and increased grocery store share due to the reputation for safeguarding informationEfficient utilization of security investments that support organizations objectives.Also Adhering to a good corporate security policy can assist senior management to help them make decisions and then pass the essential actions to those in management positions. Al-Awadi Renaud (2008) argue that implementing an effective security solution can be complex and time consuming, stating that while it can slow a firm growth due to the resources involved, it is the key strategy for the sustainability of a firm in the 21st century. Al-Awadi Renaud (2008) identified five key factors for the successful implementation of a business security strategy. They include awareness and fostering, budget, management support, entropy Security Policy Enforcement and Adaptation and organization mission.Critical success factors for security policy implementationDhillon (1999) argues that, organizations must have ongoing education and training programs to deliver the goods the required outcome from the implementation of an information security policy. The 2002 security awareness index report cited by McKay (2003) concluded that organizations around the world are failing to make their employees aware of the security issues and the consequences. Hone Eloff (2002) explain that the behaviour and attitudes of employees towards information security will be more in line with secure behaviour if top management demonstrates concern, therefore it is suggested that the tone of security is set by the attitudes of those at the top of the organization (Hinde, 1998). heed wont act to support the information security unless they can see that it supports the organizations core business function (Blake, 2000). Hence they must be convinced of the importance of information security before they will to provide sufficient budget, and act to enforce the information security policy (Von Solms, 1999). Also, Bjorck (2002) describes budget as the financial facility which low gearly rationally estimates the costs and second assesses the access required to the resources to achieve successful implementation of information security. Organizations require adequate funding (Doherty Fulford, 2005) to achieve effective information security. Budgets generally depend on the manner in which individuals investments translate to outcomes, but the impact of security investment often depends not only on the investors own decisions but also on the decisions of others (Anderson Moore, 2006, p.612 ). Lack of information security budgeting in organizations leads to under- investment in appropriate controls (Dinnie, 1999).Moreover, Fung et al. (2003) explains that a good security policy is the keystone to a sustai nable business growth. There is no doubt that the adoption of a security policy is the initial measure that must be in place to belittle the threat of unacceptable use of any of the organizations information resources. And lastly, Siponen (2001) explains that in terms of security, organizations usually do nothing as great as nothing goes wrong, but when things do go wrong, they suddenly pay attention and a lot of effort is required to recover from the situation, even though sometimes full recovery is impossible. Some of the experts said that the organizations clear goals and objectives are essential in implementing security policies and that having a culture of secure information in the organization will affect its success.Conclusion teaching is knowledge, and knowledge is power. Businesses are beginning to understand the need to demonstrate to customers that their information is being handled securely, especially in the fallible of numerous data breaches such as the NSA scandal. When customers are aware that the information a firm possesses about them is highly secured, they tend to build confidence in such a firm, and invest even more. What has been discovered from the analysis above is that firms that are concerned about security are more likely to carry through both internal and external threats posed to them. However, due to the complexity of implementing these security initiatives, certain schools of thought are of the opinion that it may take firms concerned with security time to grow. These thoughts have led to the emergence of security analysts, data managers, network and security engineers, and other security personnel who specialize in safe guarding company data and information from various mishaps.In recent years the amount of money pumped into security firms around the world simply goes a long way to reiterate the fact that firms are getting keener about security investment. $15 million pumped into Cylance, $23 million into EndGame, and a whop ping $50 million into FireEye are a few from the several investment deals reached with tech security companies. (Bryon Acohido, 2013).Investing in security can cost a company a large amount of its resources, but not adequately investing in securing its most valuable asset, which is information can cause a company to totally shut down in the case of any data exposure or loss. Alpex Consulting Africa Managing Director, Joseph Kibe, in Kenya said,Organizations have lost a lot of data and there must be a lot of losses incurred because of customers data being thrown away when information leaks to the wrong hands. The economy has to wake up and secure this informationif you walk into an insurance firm, a bank, or a hospital, is your information secure? That is what will determine who makes it For a successful security policy, organizations must institute security policies to prevent unauthorized access to their resources. Steps must be taken to ensure that employees get the required aware ness and security training to make them aware of the security issues and the consequences of insecure behavior. Moreover, the results suggest the ethos of security must come from the top of the organization to encourage a serious attitude from employees and an antepast that they will comply with the organizations security policy rules and regulations.A point worthy of note is that, for a firm to think about security in the first instance, it must already have a decent amount of presence over the internet. This alone, can make a company gain more good and recognition due to its global presence. Most security breaches occur in the most developed of countries, and this is because of the level of advancement in technology, and also sophistication in cybercrime. A country who is just at the developing stage seldom experiences high level of security mishap. This goes a long way to say that the level of development in a country can be directly proportional the amount of cybercrime that o ccurs in that country.Implementation of security wont be possible if a sufficient budget is not allocated. Clear organizational mission statements and goals result in positive employee behavior and positive attitudes towards securing the organizations information assets. Just like a car, building, or machine, information is an asset, and the most valuable in this era of information technology. Safeguarding such a valuable asset will in no way slow down the growth of a firm, but set it apart from its adversaries.ReferencesBordoloi, C. (2012) 5 Benefits of Proper IT Security disposal URL http//www.enterprisecioforum.com/en/blogs/cj-bordoloi/5-benefits-proper-it-security-governance Accessed (23/06/2013)Bjorck, F., 2002. Implementing Information Security Management Systems An Empirical Study of Critical Success Factors.Wikipedia (2010) Corporate Security URLhttp//en.wikipedia.org/wiki/Corporate_security Accessed (23/06/2013)Dhillon, G., 1999. Managing and Controlling Computer Misuse. Information Management Computer Security, Vol. 7, No. 4, pp. 171-175.Doherty, N. F. and Fulford, H., 2005. Do Information Security Policies Reduce the Incidence of Security Breaches An Exploratory Analysis. Information Resources Management Journal, Vol. 18, No. 2, pp. 21-39.DeviceLock (2012),Corporate security risks of the insiders attack URL http//www.devicelock.com/articles/detail.html?CODE=corporate_security Accessed (23/06/2013)Business Security (2013) Understanding Business Security URLhttp//www.businesssecurity.net/ Accessed (23/06/2013)Cole, E (2010) Importance of cyber security to protect your business URL http//www.securityhaven.com/specialiser/cyber-security-for-business.html Accessed (23/06/2013)Hone, K. Eloff, J.H.P. 2002. What makes an Effective Information Security Policy. Network Security, Vol. 20, No. 6,pp. 14-16.Fung, P., Kwok, L. Longley, D. 2003. Electronic Information Security Documentation. Australian Computer society,Vol. 21.Dinnie, G., 1999. The Second Annu al Global Information Security Survey. Information Management computersecurity, Vol. 7, No. 3, pp. 112-120.Hind, S. 2002. Security Surveys Spring Crop. Computers and Security, Vol. 21, No. 4, pp. 310-321.McKay, J. 2003. Pitching the Policy implementing IT Security Policy through Awareness. SANS Institute.Von Solms, R. 1999. Information Security Management Why Standards are Important. Information Management Computer Security, Vol. 7, No. 1, pp. 50-57.

No comments:

Post a Comment

Note: Only a member of this blog may post a comment.