Secondary Cyber Exposure - What is it and should you care?

Virtually all cyber exposure programs today are directed at addressing the cyber exposures an organization faces from its own resources and activities and from outside sources. This is necessary but not sufficient.

Why? Because most organizations also face secondary cyber exposures that they are neither aware of nor prepared to address. For example, many organizations do not manage, or own their own properties but inhabit facility space managed by someone else. That someone, generally a building manager, is responsible for facilitating building services (HVAC, elevators, water, sewage, electricity, and the like). Most of these building managers are investing heavily in various devices and systems, under the common category of the Internet of Things commonly called IoT, to allow them to be more effective managers. All with an eye to improve their costs and provide improved performance to their clients. Unfortunately if the building managers do not pay attention to their building’s cyber exposures inherent in IoT, the buildings will become targets of cyber predators. The implication of this is that if such an attack occurs the occupants of their facilities will suffer a disruption that they were unaware was even possible and for which they are unprepared.

So what should you do? The following are some suggested steps

  1. Identify where you might have secondary cyber exposures by determining.
    1. Who manages your facilities
    2. What external services you are dependent upon
    3. If your business partners[i] have cyber exposure management programs. Try to determine if they are effective. You might consider asking them to take our cyber exposure toolkit available at the global risk academy https://globalriskacademy.com/p/cyber-toolkit. It would provide you with a quick assessment of a building’s cyber exposure program. 
    4. If their are dependencies that are not directly under your control.
    5. Determine the potential impact of your secondary cyber exposures
      1. Consider triage to categorize and prioritize your secondary cyber exposures:

                                          i.    critical secondary exposures – those which, if an event occurred, would materially affect your organization,

                                         ii.    moderate secondary exposures – those which would affect your organization but not materially,

                                        iii.    modest secondary exposures – those which would only affect minor aspects of you organizations operation,

                                       iv.    nominal secondary exposure – those which even if , even if a cyber event occurred, the impact on your organization would be minimal.

  1. Determine what is the effectiveness of your facilities cyber exposure management programs. Once again you might consider asking them to take our cyber exposure toolkit available at the global risk academy https://globalriskacademy.com/p/cyber-toolkit. It would provide you with a quick assessment of their cyber exposure program. 
  2. Take appropriate steps to address these secondary cyber exposures.
    1. Work with business partner to improve your protection against cyber exposure
    2. Get appropriate cyber insured
    3. Change organization to minimize secondary exposures. Consider alternatives.
    4. Ensure you have the necessary legal protections by way of contractual agreements including liability and indemnification provisions.

If you want to have a secure cyber eco-system you need to care about your secondary cyber exposures and have a program underway to address them, or suffer when the unexpected occurs.  

If you are concerned and would like more information on secondary web exposures contact us at info@naganresearchgroup.com

__________________________________________________________________________________

To learn more about cyber exposure management, you might want to join the online Cyber Exposure Management Course Series.

Here are the options:

Option 1. Understanding Cyber Exposure - For Beginners

Option 2. Advanced Cyber Exposure Management

– Part 1 - Identifying Cyber Exposures 

– Part 2 – Cyber Exposure Program Management

Option 3. A Bundle of all 3 courses - 35% off the original price - ...

(most cost effective option)



[i] We are using the term ‘business partner’ to mean your suppliers, vendors, customers, financiers, bankers, sub-contractors and the like. Anyone who you interact with and whom you depend on for your organization to operate.

Views: 153

Comment

You need to be a member of GlobalRisk community to add comments!

Join GlobalRisk community

Our Sponsors

Would you like to reach over 22,000 + Risk Professionals? 

REQUEST OUR MEDIA KIT

 

Advance Your Career - Take the Global Risk Academy Courses Below

Business Exchange

If your organization delivers products and services that bring value to our members, you are welcome to join our partnership program.

Companies are welcome to setup a business profile page in our Multimedia Business Directory. You will get full control of the page and can include cutting edge possibilities – videos, adverts, presentations, white papers, job offers, Press Releases, product information, company blog, news feeds and more.

CLICK HERE TO APPLY

Our Knowledge Partners

Request our MEDIA KIT

Badge

Loading…

Our Twitter feed

© 2017   Created by Boris Agranovich.   Powered by

Badges  |  Report an Issue  |  Terms of Service