SEC 6060 Week 1 Discussion
docx
keyboard_arrow_up
School
Wilmington University *
*We aren’t endorsed by this school
Course
6060
Subject
Information Systems
Date
Jan 9, 2024
Type
docx
Pages
2
Uploaded by Admys
As per my understanding, Cyber Risks or Cyber Threats have been the fastest growing major threats to businesses, their data, and their financial success today. As technology evolves and changes, cybercriminals use it to infiltrate and steal organizational data and assets.
Cyber security risk or cyber threat is the possibility of loss or damage arising from the information or communication systems of an organization. Cyber-attacks or data breaches are two examples of cyber risks that are frequently reported. Loss of data or currency, including theft
of intellectual property, loss of performance, and reputational damage.
Why is Cyber Security needed for an organization?
Cybersecurity is making sure your organizations knowledge is safe from attacks from both internal and external bad actors. Every Organization should implement a team of technologies which look after the practices that area used to protect networks, computers, programs, and data from unauthorized access. The main goal of cybersecurity strategy is to ensure Confidentiality, Data Integrity, and Availability.
The cyber security governance and risk management program should be implemented that is appropriate to the size of the business. Cybersecurity risk should be considered as a significant business risk by management. and reputational risk with appropriate measurement criteria and controlled and managed outcomes.
Recent Cyber Incident’s Impact on Company Revenue, Profit, and Brand:
A recent supply-chain attack targeting a zero-day vulnerability in Kaseya’s remote monitoring and management software had a major impact on multiple managed service providers (MSPs) and downstream to their customers who outsourced their IT operations. The impact led to over 60 MSPs and 1000 businesses in 17 countries using the on-premise Kaseya platform to immediately shut down their servers due to the proliferation of ransomware. REvil, the cyber crime group, claimed responsibility asking for a $70M USD ransom paid in bitcoin. Although the immediate impact on Kaseya’s revenue and profit is unknown, the reputation of Kaseya’s platform has certainly been damaged. Kaseya often comes as part of a comprehensive Managed Detection and Response (MDR) solution from MSPs, and now many managed service providers are likely considering another software to perform the remote management and monitoring (RMM) of their on-premise network devices.
In addition to the impact on Kaseya’s brand, 800 grocery stores in Sweden and local governments in Maryland who used Kaseya were also victims of the ransomware attack. With the average grocery store making approximately $38,000 a day, a one-day closure of 800 stores would cost $30M to the Swedish supermarket company alone. The attack’s broad reach led the Whitehouse to hold meetings discussing a more global response to the Russian-based criminal group
Differences, Similarities and overlap with in BCP, DR and IR:
Business Continuity Plan: A plan to maintain continuity in the enterprise operations in any circumstances.
Disaster Recovery: A plan for having access to required resources or data and infrastructure after
any disaster.
Incident Response: IR is an attempt to quickly identify an attack, mitigate its impact, prevent damage, and eliminate the cause to reduce the risk of future incidents.
As BCP, DR & IR have something in common or, the similarity is that they are proactive strategic measures and plans implemented in an organization to counter disasters, emergencies, and unplanned events. As soon as an incident occurs or is imminent, the organization is ready, and its primary processes and operations will not be affected during the occurrence of the incident. The difference is that a disaster recovery plan is implemented as soon as an incident has
occurred and aims to restore all information systems and infrastructure, while business continuity
is a general plan that always ensures that business processes to be continuous with no effect are maintained during and even after an unfortunate Incident. In general, incident response allows your organization to handle an incident. During the incident, business continuity will keep your business going, while disaster recovery builds the recovery process to get it back to normal situation. The overlap in every one of these three is the way that they are related, and one can be utilized as the component of another. Moreover, the Incident Response and the Disaster Recovery are now and then considered as key components of a Business Continuity Plan.
References:
Business Continuity vs. Disaster Recovery: 5 Key Differences
. (2021, April 26). UCF Online.
https://www.ucf.edu/online/leadership-management/news/business-continuity-vs-
disaster-recovery/
Links to an external site.
Cybersecurity Is Critical for all Organizations – Large and Small
. (2022, July 28). IFAC.
https://www.ifac.org/knowledge-gateway/preparing-future-ready-professionals/discussion/
cybersecurity-critical-all-organizations-large-and-small
Links to an external site.
Perlroth, N. (2021, September 2).
Kaseya, the tech Firm hit by Ransomware, gets the key to unlock its customers' data.
The New York Times.
https://www.nytimes.com/live/2021/07/22/business/economy-stock-market-
news#kaseya-ransomware-decryptor.
Links to an external site.
What is Cyber Risk? Definition & Examples
. (2021, November 10). SecurityScorecard.
https://securityscorecard.com/blog/what-is-cyber-risk-definition-
examples
Links to an external site.
Whittaker, Z. (2021, July 6).
Kaseya hack Floods hundreds of companies with ransomware
. TechCrunch.
https://techcrunch.com/2021/07/05/kaseya-hack-flood-ransomware/.
Links to an external site.
Your preview ends here
Eager to read complete document? Join bartleby learn and gain access to the full version
- Access to all documents
- Unlimited textbook solutions
- 24/7 expert homework help