Virtually all cyber exposure programs today are directed at addressing the cyber exposures an organization faces from its own resources and activities and from outside sources. This is necessary but not sufficient.
Why? Because most organizations also face secondary cyber exposures that they are neither aware of nor prepared to address. For example, many organizations do not manage, or own their own properties but inhabit facility space managed by someone else. That someone, generally a building manager, is responsible for facilitating building services (HVAC, elevators, water, sewage, electricity, and the like). Most of these building managers are investing heavily in various devices and systems, under the common category of the Internet of Things commonly called IoT, to allow them to be more effective managers. All with an eye to improve their costs and provide improved performance to their clients. Unfortunately if the building managers do not pay attention to their building’s cyber exposures inherent in IoT, the buildings will become targets of cyber predators. The implication of this is that if such an attack occurs the occupants of their facilities will suffer a disruption that they were unaware was even possible and for which they are unprepared.
So what should you do? The following are some suggested steps
i. critical secondary exposures – those which, if an event occurred, would materially affect your organization,
ii. moderate secondary exposures – those which would affect your organization but not materially,
iii. modest secondary exposures – those which would only affect minor aspects of you organizations operation,
iv. nominal secondary exposure – those which even if , even if a cyber event occurred, the impact on your organization would be minimal.
If you want to have a secure cyber eco-system you need to care about your secondary cyber exposures and have a program underway to address them, or suffer when the unexpected occurs.
If you are concerned and would like more information on secondary web exposures contact us at firstname.lastname@example.org
To learn more about cyber exposure management, you might want to join the online Cyber Exposure Management Course Series.
Here are the options:
Option 2. Advanced Cyber Exposure Management
(most cost effective option)
[i] We are using the term ‘business partner’ to mean your suppliers, vendors, customers, financiers, bankers, sub-contractors and the like. Anyone who you interact with and whom you depend on for your organization to operate.