Threat Management for your Business

11 March 2016

How proactive are you at managing threats to your business?

Perhaps you do not have the time, knowledge or personnel to implement all factors that influence their risk profile.

Or, perhaps you don’t pay enough attention to what you have learned from these previous events?

BUT – reducing risk SHOULD matter to you.

Threat Management should help to reduce risk and ensure smooth running of your business

What are you trying to secure? A system? A storage facility? A batch of personal data?

What threats are there out there?

There could be overlap from one industry to another. The airline sector is, for all intents and purposes (and fortunately), quite switched-on when it comes to cyber security. The assumption is, for the most part, the same could be said for other transport sectors. Yet, surprisingly, in contrast to the airline industry, maritime is lagging behind and a source of many cyber breaches.

So does that mean you have to consider all threats regardless of source or target? Well, strictly speaking, no. But you have to at least consider the influence of that threat and its relevancy to your sector.

Being aware of the threat to your sector is a big step to reducing risk exposure.

But - is the source of the threat known? Often not. At least not immediately. Talk Talk’s breach in 2015 was carried out by disgruntled ex-employees and so considered to be an internal attack. But for the most part, the attacker remains anonymous. So, whereas with Talk Talk, those who were tasked with detecting threats were aided by knowing who was attacking and could determine motives and targets. So too, may they be able to look at tactics by the attackers and predict future behaviours more accurately, thereby increasing their security response and avoiding a breach altogether.

Even then, determining a suitable response based on relatively modest information is not going to prevent a breach for long.

Is the target known? IS there an attempt to harm a specific domain or asset? A denial of service (DDoS) or attack on a cloud which holds a case management software system will hit your business hard. But to what degree? Obviously this depends on the level of data compromised. Ashley Madison prided itself on its discretion when encouraging members to enter into extra-marital liaison with others. Thanks to a serious breach, it has become almost a buzz-word for open secrets and breakdowns of relationships.

But as well as the unethical side of cyber security breaches which have become a staple topic within the mainstream this past 12 months, there is a less malicious but still very serious threat to manage:

A compromise caused by, for example, a natural disaster such as a flood or a devastating lightning strike to a vital power unit that provides perimeter security surveillance could result in a threat.

How does the threat manifest itself?Does it use protocols or behaviours that are in use in your business environment?

Realistically, most businesses struggle to keep abreast of all applications and systems in their environment. Most do not lock down the environment to stop new applications or systems from being introduced.

There are always new systems and applications that could be introduced without a cyber security expert being consulted.

But understanding and identifying threat behaviours that are applicable to your environment when taken in tandem with your ordinary daily work task, is an extremely complex and analytical task. Even Nostradamus would struggle to predict a necessary outcome.

Three Graces Legal are accredited with Cyber Essentials

For more information about how we can help you with your threat management needs, please contact us