Customers are not the only ones at risk when cyberattacks happen — cyber attacks cost companies $400 billion every year.
Organizations globally are facing difficulty in protecting their critical infrastructure and in dealing with the complexity of unknown or anonymous perpetrators. Organizations must deal with two “demons” of our time — innovation and technology. I discussed this in my article Security in the World of Wiki-Leaks. The advancements are beneficial to the world, but they also create potential security gaps and vulnerabilities. Therefore, the onus is strictly on security-conscious organizations to prevent, detect, and correct vulnerabilities that might be exploited by threat agents.
Just recently, Bell Canada requested all their subscribers to reset their passwords because of a cyberattack targeting its customers. Nothing was said about the cost to all stakeholders. While we may not know the absolute costs of such cyberattacks, it’s safe to guess that the damage can be severe. The impact of Bell Canada’s security incident is not unique; LinkedIn, Visa, MasterCard, Proton, Google, Facebook, Yahoo, Trump Tower, government agencies, and many others have been served cyberattacks.
Traditionally, investment decisions were made by measuring an organization’s sustainability and investment viability relative to its profitability (bottom line), but nowadays, in addition to the organization’s prosperity, investors must also consider the state of a company’s cybersecurity and its exposure to threats and hacking. For due diligence and investment protection, here are the ten questions to consider to evaluate the extent of an organization’s vulnerabilities to cyberattacks.
- Does the organization have a comprehensive cybersecurity program?
- Are all IT-related applications and systems up to date?
- Does the organization have resources dedicated to IT/IS security?
- Has the organization aligned its cybersecurity policies with the overall corporate business objectives?
- Has the organization invested in security in proportion to its risk exposure and tolerance?
- Is there any record of recent cybersecurity attacks? What was the response by the management?
- Does the organization have a comprehensive cybersecurity policy?
- When was the last time an audit was carried out on the cybersecurity compliance, and what were the findings?
- Have the executives and senior management prioritize the cybersecurity program with the evidence of sufficient funding and organizational structure?
- Is there an executive position for the security leader?
Depending on the size of your investment, consider hiring the services of a cybersecurity expert to investigate past cybersecurity attacks, or to determine the possibility of imminent cyberattacks, threats, or vulnerabilities that might jeopardize your investment. Second, equip yourself with at least basic knowledge of cybersecurity. Third, understand the investment the company is making, or has made, in response to a comprehensive cybersecurity and deployment program. Fourth, create time to attend cybersecurity conferences where new threats, global best practices, and solutions are discussed. Finally, remember, your due diligence can never be over-ambitious when your money is at stake.