client login    languages

Cyber Threats: Risks in the Ether

Request A Demo of Our Ethics And Compliance Solution

Cyber Threats: Risks in the Ether

We’ve all seen and heard about “cyber attacks,” companies getting their data systems hacked into or individuals knowingly or unwittingly compromising data security. It’s a real problem that companies must consider in their business plans and activities, from their social media policies to training on protecting a company’s assets to what needs to happen should a data breach occur.

Effectively managing risk in the age of cyber threats is not only a vital part of today’s corporate landscape – it’s also the name of a new white paper from Deloitte. “Risk Intelligent governance in the age of cyber threats” talks about how companies must look at data security from a risk management perspective, in terms of what Deloitte calls “risk intelligence maturity.”

Risks from social media are wide and varied. From an inside-out view, you want to make sure your employees don’t knowingly leak information or disparage your company via a social media outlet. From the outside-in, you also need to apply security measures to prevent loss due to social-engineered cyber attacks by building a strong culture and training on what to look for in social engineered threats.

As the white paper says, “It’s not who gets in but what gets out.” Having a strong cyber security posture that works to prevent unauthorized access isn’t enough anymore . Your must also acknowledge that through other methods, such as social engineering, the wrong people can come to have “authorized” access to your data. Your code of conduct, policies and training can help your employees to be on the lookout for signs of unauthorized access as well as attempts to gain “allowed” access to their personal information.

To get to Stage 3 (“Top-down”) on Deloitte’s of Cyber Threat Risk Management Maturity scale, tone from the top is essential to communicating the importance of protection via your people. It’s not just relying on technology and processes—your employees and partners have to take an active role as well. To get to this mid-point on the scale also requires a standardized level of metrics (such as reporting and analytics) and monitoring.

The Risk Ownership section (the functional level) for Stage 3 prescribes consistent and effective enterprise-wide training and communication to all employees. Here, integrated training with policy dissemination gives employees effective examples of social-engineered attacks while describing acceptable use of company and non-company owned technology and software.

Cyber security is more important now than ever before, and something that compliance officers and IT security folks alike must address.

About the Author

Jimmy Lin, VP, Product Management & Corporate Development. Jimmy leads corporate and product strategies for The Network’s Integrated GRC Solutions. He has over 14 years experience in and around software and technology, from implementing software to analyzing new markets and leading product strategies. Jimmy is a Certified GRC Professional (GRCP). Connect with Jimmy on LinkedIn


  1. October 28, 2014 at 2:43 am

    Excellent article that highlights the major problems in this internet-infused world we live in. Social media attacks have been steadily rising over the past 2 years, which is very alarming.

    Reply »

Leave a Comment

We would be glad to get your feedback. Take a moment to comment and tell us what you think.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>

Awards & Certifications 2013 GRC 20/20 Technology Innovation Award 2013 TAG Top 40 Innovative Company 2012 IABC Gold Quill Award 2012 MarCom Award We self-certify compliance Safe Harbor Safe Harbor Certification SOC 2 Certification