Managing Security Threats In An Organization

Date:   Wednesday , August 06, 2014

Mumbai based Mahindra Special Services Group (MSSG), a strategic business unit under Mahindra group, is a leading Corporate Security Risk Consulting firm that helps organizations reduce risk and enhance competitive advantage.

The ubiquitous spread of digital devices in the networked age has radically transformed the business and marketing landscape. The confluence of new age technologies such as mobile, social media, analytics and cloud computing are coming together to change the way in which companies connect and communicate with their stakeholders - be it employers, customers, business partners. But this paradigm shift is forcing decision makers to reevaluate the IT risk domain. While this domain is dynamic, various complexities associated with technology and low awareness of people have increased the security threats over the past few years.


Evolving business models due to rapid shift in technologies, business and IT outsourcing, online commerce and cloud computing have increased a company\'s exposure to risk and cyber crimes such as data leakage, data theft, phishing and online fraud.


Sensitive or proprietary corporate data stored on a cloud or hardware can be instantly disseminated over the internet, shared on social media, captured on personal smart devices. In short - with an emerging number of channels and platforms, classified corporate information can easily travel around the world with the simple click of the button. Hence, it is essential for the CIO to be aware of the rapidly evolving breadth and depth of risk, and the immediate need for counter effective measures.


A decade ago, the CIO was merely a support mechanism for the company, but today he is a strategic support who often serves as a catalyst for corporate growth. In the current age, the role of the CIO is integral to the organization\'s business objectives. By harnessing technology, CIO can streamline operations, save costs and even impact market performance. However, it is also imperative for CIOs to stay a step ahead to ensure the safety, integrity and security of growing volumes of sensitive data.


Though there are multiple security measures that a CIO can take, a key challenge is the creation of a risk conscious culture that cascades throughout the organization. With the complex security threats, organizations need to implement controls across the various every department/process like marketing, HR, finance, sales, R&D and others. This is a daunting challenge due to the behavior pattern of the organization\'s management. The senior management is of the perception that the security risks can be addressed by technology solutions itself, while forgetting that the technology is just an enabler. And the compliance regime adds to this belief.


The mantra of compliance, monitoring and reporting is a tool that can greatly reduce security risks. CIO must campaign for a risk management framework, with policies, guidelines and accountability and ownership well defined. This must cover people, process, technology and governance requirements. These processes and procedures must be sustainable and repeatable as well removing the personal dependencies.


Today, the evolving digital landscape clearly contends for an in-depth analysis of IT risks especially, around key trends of cloud computing, big data, analytics, cybercrime as well as various internal risks and corporate strategy threats. At all times, an organization should be prepared not only to cope with risks and undertake reactive damage control but also to prevent incident occurring in the first instance.


While it is good to have an in-house team to handle the risk mitigation, however due to the depth and breadth of the security issues spanning from areas like process, people and technology, it will be useful to partner with agencies that have relevant skills in attack and defense.