Current Cyber Risks
In today’s competitive business world, the important for the internet and online based services has grown significantly. Along with the popularity of these services, the risk associated with cyber security has increased substantially in the past few decades. Due to the risk of cyber-attacks, the enterprises are facing the risk of violation of their data which adversely affect their financial position and reputation in the market. In order to address these issues, the corporations focus on implementing the latest cyber security policies in their business structure. The importance of cyber resilience has increased substantially since corporations have to adapt their business structure to ensure that they are able to avoid the key risks associated with their cyber security (Herrington and Aldrich, 2013). In this report, the current cyber risks which affect the operations of an enterprise will be discussed in order to understand the key cyber security risks faced by corporations. This report will take the example of ‘Woolworths Group Limited’ which is listed on ASX 200 to evaluate how the company can integrate its cyber security structure along with resilience protocols to address the key issues associated with cyber securities. Examples of various corporations will be discussed in the report to understand how other corporations have integrated their cyber security infrastructure with resilience protocols. Lastly, various recommendations will be given in the report which can be used by enterprises to address the key issues related to cyber security.
There is a wide range of cyber security risks which corporations face while using an online based infrastructure in their business structure. These risks resulted in increasing the threats faced by corporations while using their data. Woolworths Group is a major Australia based organisation which operates in the retailing industry. The enterprise faces risks associated with loss of their data due to increased risk of cyber-attacks. Cyber criminals focus on finding new ways based on which they can attack the servers of the company and collect its confidential data. The cyber criminals use Distributed Denial of Service (DDoS) attract to order to gain access to the computer systems of large organisations which result in compromising their computer systems (Biener, Eling and Wirfs, 2015). Cyber criminals attack websites, servers or computer systems of organisations in order to stop them from accessing their data or using their services. Cyber criminals also use malware to hack into the servers of corporations to access their confidential data. In April 2018, Woolworths reported data crash due to which the computer systems of the corporations situated across the country suffered from data breach, and they stop responding. Woolworths is the third largest enterprise in Australia which has reported this system failure in a single month, other companies include ANZ Bank and Commonwealth Bank (The Weekly Times, 2018). The system outage of Woolworths shows that the cyber infrastructure of the enterprise is not suitable for protecting its servers and data from cyber-attacks.
Organisations focus on integration of their cyber security infrastructure and resilience protocols in order to promote cyber resilience in the enterprise. Cyber resilience is referred to a broad approach which focuses on encompassing cyber security along with business continuity management. The objective of this strategy is to defend the corporation from potential cyber-attacks while ensuring the survival of the company during such attacks. Following are various principles and key steps which can be taken in a corporation in order to establish cyber resilience (World Economic Forum, 2017).
- Firstly, the board of the company should take the ultimate responsibility to oversight the operations of cyber risk and resilience. The board can delegate its responsibility to an existing or new committee as well (Linkov et al., 2013).
- The board should have a continuous command on the cyber security issues, and they should receive continuous updates regarding the current threats and trends in the industry.
- The responsibility of a corporate officer should be established by the board to hold the party accountable for the managing cyber resilience infrastructure along with the progress in implementing its goals.
- The cyber resilience infrastructure and its objectives should be integrated with the business strategy which applies to the entire company.
- Defining quantifies business risk tolerance is another key step which the board should take in order to determine the current and future risk exposure faced by the company.
- The management of the company should be accountable for the reporting regarding the cyber resilience process, and they should focus on quantifying and understanding the threat and risks associated with cyber security (World Economic Forum, 2017).
- The plans for establishing and promoting cyber resilience should be established in the company. These plans should be created, implemented and tested by the management, and they should be held accountable for reporting regarding the on-going improvement of cyber resilience plans.
- The board should collaborate with other stakeholders in order to ensure systemic cyber resilience.
- The resilience plans should be reviewed annually by the board, and the review must be independent to maintain the integrity.
- Periodical review of the cyber resilience plans and their effectiveness is the key for continuous improvements in these programs.
Integration of cyber security and resilience protocols
Based on effective compliance with these provisions, the corporations can establish integration between cyber security and resilience protocols. By integrating these factors together, the company can implement cyber resilience which assists it in addressing the cyber security risks faced by the firm.
The importance of cyber resilience has increased rapidly among organisations with the growing threat of cyber-attacks. In order to protect the confidential data of corporations, the board of directors is getting serious about the cyber security infrastructure of the companies. The board is taking the responsibility to involve in the process in order to promote cyber resilience in the company. The board of various leading corporations is taking the responsibility to improve their cyber infrastructure in order to address their cyber security issues and protecting their data from cyber-attacks. PepsiCo is a good example; the company is a global brand which operates in beverages and food processing industry. The company has taken the decision to put cyber experts on its board to increase the involvement of the board of directors in promoting cyber resilience procedure. This decision is focused towards taking appropriate measures which the corporation is required to take in order to ensure that its data is protected from violation (Damouni, 2014). Recently, the enterprise was involved in a controversy regarding posting an advertisement offended people. Due to this advertisement, the corporation also suffered from cyber-attacks which are targeted to leak its confidential data in public.
However, due to effective cyber resilience infrastructure, the enterprise was able to address these risks which assist in protecting its data from cyber-attacks. Google is another leading company which operates in the internet, software, and computer hardware industry. It is a leading brand which offers its services across the globe which includes search engine, smartphone operating system, web browser, and others. The company takes its cyber security seriously, and it continuously focuses on taking appropriate measures to improve its cyber security infrastructure. A recent study has shown that almost 90 percent of Google users are vulnerable to cyber-attacks due to lack of security integrations (Outlook, 2018). Thus, in order to address this issue, Google is focusing on improving its cyber resilience policies which are focused on improving the safety of the company and its users. The board of the company gets involved in the procedure of forming strategies regarding improving the cyber security of the company. Recently, the corporation has introduced the new version of its popular mobile operating system called Android Pie which has brought new security features for its users to protect them from cyber-attacks.
Due to an integrated system, Google is able to use its services to increase the security of its users. For example, the company has improved its web browser called Chrome and introduced new security features for its users to protect them from malware (Guthrie, 2018). Cyber criminals are able to hack into users data while there is browsing the web, thus, the security measures taken by Google ensures that the users are protected from malware which could breach their data. Due to these security patches, Google is also able to ensure its cyber security as well which enable the enterprise in effectively offering its services to the public. Nike is another leading organisation which operates in apparel, accessories, and sports equipment industry and it offers its services across the globe. The company takes its cyber security very seriously, and it focuses on taking appropriate measures to ensure that its data is protected from breaching. As per cyber resilience principles, the board of Nike focuses on encouraging other stakeholders in the company to contribute to the success of cyber security infrastructure of the company. The board has asked its employees to ensure that they take appropriate measures to ensure the security of the computing infrastructure of the enterprise (Brettman, 2015). Based on the integration with its employees, the enterprise is able to promote its cyber security infrastructure which ensures its security.
Examples of best practice
Based on the above examples, it can be seen that corporations which implement effective cyber resilience policies are able to ensure that their data is protected from cyber breaches. Thus, integration of cyber security with resilience protocols has become a key requirement for corporations. Woolworths Group has faced various cyber security related issues in the past, and the organisation is required to promote cyber resilience in the company. Based on effective compliance with these principles, the corporation would be able to avoid system outage in the future while at the same time ensuring that its data is not breached by cyber criminals. Following are various recommendations which can be used by companies to ensure that they integrate their cyber security infrastructure with resilience protocols.
System hygiene
Firstly, Woolworths Group should establish a proactive and system procedure which is focused on promoting cyber resilience in the company. The objective of this project is to manage a standard of system hygiene which is focused on promoting cyber security in the company. The board of the company should get involved in this procedure, or they should delegate their responsibility to an existing or a new committee which has expertise in this field (World Economic Forum, 2017).
Developing a plan
Effective establishing a systematic procedure, the enterprise will be able to ensure that it becomes familiar with the key issues faced by the company. In the case of Woolworths Group, the key issues are associated with ensuring the cyber security of the company and its customers (Karsai et al., 2017). After identifying the key security threats and issues face by the company, it will be able to establish key future goals regarding ensuring the cyber security of the enterprise. Based on these future objectives, Woolworths Group will be able to develop a plan regarding integrating the cyber security policies along with the principles of resilience protocols. The plan should identify the key security threats of the enterprise, and it should be focused on taking appropriate measures to address such issues.
Mapping a risk profile
After developing the plan and establishing the key threats and challenges, the corporation is required to study cyber patterns and develop attack modes (Cybenko, 2017). Based on the evaluation of these factors, Woolworths Group will be able to develop a tailored approach in the organisation which is focused on achieving the cyber resilience goals of the enterprise. Based on mapping the risk profile, the corporation will be able to protect the assets of the corporation from cyber-attacks. Since Woolworths Group is a global brand, the company is required to establish an integrated structure which addresses the key security issues faced by the enterprise while managing its operations globally. The customer data which is collected by Woolworths Group from its supermarkets should be transmitted with safety, and this should be the priority of the company. Furthermore, the confidential data of the enterprise is at risk as well, thus, it should be protected as well.
Assessing and measuring the impact
The corporation is required to focus on rough figures which it has collected during this procedure to develop future business strategies. These figures did not have to be precise, but it gives a proper estimate to Woolworths Group regarding the key security issues which it faces relating to its cyber security issues.
Mitigate risk
Based on the evaluation of the key risks faced by Woolworths Group, the company will be able to mitigate such risks by establishing a cyber-resilience program. The corporation is required to increase its budget of cyber security to ensure that it is able to take appropriate measure while mitigating the key cyber security risks which are faced by the company. Currently, the risk of DDoS and malware attack are two of the most common cyber-attacks which are faced by the enterprise.
Cyber insurance
The corporation should obtain a cyber-insurance to provide contingent capital regarding ensuring that it is able to protect its data in case it is lost. In case the company faces a cyber-attack, and it loses its data, then the cyber insurance will protect the company from being financially incapable of managing its operations. The cyber insurance also assists the company in providing specialised assistance which is crucial in case an event relating to cyber-attack occurs.
Beginning the procedure
After fulfilling the above mention requirements, the corporation is required to form a rough plan and start taking steps towards promoting cyber resilience. Based on compliance with these steps, Woolworths Group will be able to improve its cyber security while at the same time protecting its data from breaching.
Conclusion
From the above observations, it can be concluded that the importance of cyber resilience has increased substantially since corporations focus on taking appropriate measures to protect their cyber security. Currently, companies face cyber issues such as DDoS attacks, Malware and data breaches which affect their operations. In order to address these issues, the corporation is required to integrate its cyber security infrastructure with resilience protocols by complying with various principles. Examples of PepsiCo, Google and Nike are discussed in the report to understand how they use cyber resilience policies to protect their data and customers information from cyber-attacks. Various recommendations are given in the report for Woolworths Group such as system hygiene, developing a plan, mapping out risks, assessing, mitigating the risks and cyber insurance which can be used by the corporation to promote cyber resilience in the organisation. By effectively complying with these policies, Woolworths Group will be able to initiate a cyber-resilience policy in the organisation which assists it in addressing the cyber security challenges faced by the company.
References
Biener, C., Eling, M. and Wirfs, J.H. (2015) Insurability of cyber risk: An empirical analysis. The Geneva Papers on Risk and Insurance-Issues and Practice, 40(1), pp.131-158.
Brettman, A. (2015) Nike pushes security, wants employees to ‘Keep It Tight’. [Online] Available at: https://www.oregonlive.com/playbooks-profits/index.ssf/2015/10/nikes_pushes_security_wants_em.html [Accessed on 5th August 2018].
Cybenko, G. (2017) Metrics of cyber resilience. Cyber resilience, pp.26-38.
Damouni, N. (2014) Exclusive: U.S. companies seek cyber experts for top jobs, board seats. [Online] Available at: https://www.reuters.com/article/us-usa-companies-cybersecurity-exclusive-idUSKBN0EA0BX20140530 [Accessed on 5th August 2018].
Guthrie, G. (2018) Google amps up its fight against cyber attacks in the new version of Chrome. [Online] Available at: https://www.consumeraffairs.com/news/google-amps-up-its-fight-against-cyber-attacks-in-the-new-version-of-chrome-071618.html [Accessed on 5th August 2018].
Herrington, L. and Aldrich, R. (2013) The future of cyber-resilience in an age of global complexity. Politics, 33(4), pp.299-310.
Karsai, G., Koutsoukos, X., Neema, H., Volgyesi, P. and Sztipanovits, J. (2017) Simulation-based analysis of cyber resilience in cyber-physical systems. Cyber resilience, p.131.
Linkov, I., Eisenberg, D.A., Plourde, K., Seager, T.P., Allen, J. and Kott, A. (2013) Resilience metrics for cyber systems. Environment Systems and Decisions, 33(4), pp.471-476.
Outlook. (2018) Almost 90% Of Google Users Are Vulnerable To Cyber Attacks: Report. [Online] Available at: https://www.outlookindia.com/website/story/almost-90-of-google-users-are-severely-vulnerable-to-cyber-attacks-report/307230 [Accessed on 5th August 2018].
The Weekly Times. (2018) Woolworths data crash follows ANZ and CommBank system failures. [Online] Available at: https://www.weeklytimesnow.com.au/news/national/woolworths-data-crash-follows-anz-and-commbank-system-failures/news-story/52a4d115308ac0c795db6a385dda91bb [Accessed on 5th August 2018].
World Economic Forum. (2017) Advancing Cyber Resilience: Principles and Tools for Boards. [PDF] Available at: https://www3.weforum.org/docs/IP/2017/Adv_Cyber_Resilience_Principles-Tools.pdf [Accessed on 5th August 2018].
Order an Essay Now & Get These Features For Free:
Turnitin Report
Formatting
Title Page
Citation
Outline
