EXECUTIVE SUMMARY:

Making risk management mistakes can potentially result in irreparable harm to organizations; from intellectual property loss, to monetary losses, to reputational damage. Although your organization likely has a strong cyber security framework in-place, see if any of these risk management mistakes resonate. If so, limit any potential problems as soon as you can.

Variable visibility and monitoring. Organizations that rely on a large collection of best-of-breed solutions often have trouble getting comprehensive visibility into systems. Integrations between systems tends to be imperfect and IT staff or data analysts may spend a large quantity of time “translating” data from one solution’s metrics to another metrics type; as to have comparable data sets.

Organizations can maneuver around this minefield by opting for a consolidated cyber security solution. A consolidated solution provides a single-pane-of-glass through which administrators can gain granular, uniform insights into logs, enabling improved overall management of risk. In the event of a breach, it’s crucial to know exactly which systems have been affected and where to start the remediation process.

Zipping past zero-trust. While no employee wants to be the victim of credential theft, the occasional credential theft incident has been known to occur. And when it does, your organization needs to be ready. Zero-trust access policies provide employees with corporate access levels necessary for productive work, but no unnecessary permissions. As a result, lost credentials are less likely to mean severe compromise for your organization.

Bypassing email security. Ninety percent of cyber security attacks start with a malicious email. In 2020, the number of phishing attacks doubled worldwide, with nearly every Microsoft Office 365 user seeing at least one threat attempt. Ensure that your organization has email security that can catch sophisticated email-borne attacks; protecting employees from malicious files, URLs and phishing across email, collaboration apps, the web, the network and the endpoint.

Not noticing your endpoints. Back in the day, organizations focused on the perimeter and adopted a “secure the castle” approach. However, technological advances have upended the utility of this strategy. These days, adversaries commonly concentrate on systems’ endpoints. Ensure that your organization owns a cyber security solution that secures data at rest, in use, and in transit on endpoint devices and that allows for continuous endpoint monitoring.

Slacking off on security testing. Elite paratroopers test parachutes ahead of deployment and organizations with a strong cyber security risk management program also test systems, tools, policies and procedures ahead of relying on them in emergency situations. For example, organizations are generally advised to test incident response plans before an attack hits. As a table top exercise, it’s easy to iron out the wrinkles in communication and remediation procedures, potentially limiting downtime and data breach costs in the event of a real attack.

Skipping the incident response plan. The Ponemon Institute has shown that nearly 77% of IT professionals lack an incident response plan. However, “If you fail to plan, you are planning to fail,” said famed US politician, innovator and scientist Benjamin Franklin. An incident response plan provides clear-cut and step-by-step instructions to follow in the event of a cyber security incident.

Incident response plans should include a list of roles and responsibilities for the incident response team members, information about who to contact under uncertain circumstances, details about tools and processes that can help reduce attack damage, and explanations of how to ensure workforce continuity. Incident response plans are typically organization-wide.

In summary

Risk management mistakes can cost your business time, money, its reputation, jobs and more. It pays to pay attention to whether or not you might be making any risk management mistakes. Address potential risk management issues quickly in order to avoid threats and corresponding consequences.

For more information about risk management, see Cyber Talk’s past coverage. Also, discover more cyber security insights and analysis when you sign up for the Cyber Talk newsletter.