
Source: 2015 Ponemon Global Cyber Impact Report, sponsored by Aon
In-Depth New Technology, Big Opportunities The benefits of Internet connections are hard to overstate. For businesses, the Internet of Things offers the promise of quantified everything. Employers will be able to track productivity and leverage metrics to uncover new efficiencies. With connected sensors underpinning every square inch of an organization’s footprint — once-siloed data sets can be integrated, correlated and cross-referenced — it will become easier to identify new efficiencies and deliver new value. See Also: Cyber Threats to Watch This Year The benefits are immense – but so, potentially, are the risks. “As we move into having smart workplaces and offices, you’re really talking about a technology backbone that’s driving an organization,” says Stephanie Snyder Tomlinson, a cyber insurance expert at Aon. “What impact can that have on a business? What are the potential losses to an organization if you have a network security breach that results in property damage or bodily injury?” Digital Threats Turn Physical An unfortunate side effect to some of the highest-profile recent cyber breaches is that many people have come to regard cybercrime as solely a privacy issue. It can be far more complex than that. “If there is a failure of network security or systems,” Snyder Tomlinson warns, “there could be a resultant business income loss. It could be intangible loss in terms of loss of data information assets or, especially as we move into relying more heavily on technology and the Internet of Things, it could be tangible loss, as well.” You don’t need to look very far to get a sense of the potential risks to property and other physical assets when the Internet of Things begins to help run a workplace. As organizations grow increasingly dependent on technology to run their businesses and offices, the attack surface for cybercriminals increases dramatically. Each new device represents an additional access point for hackers. The scenarios that could result can sound like something out of a science fiction film:- Does your building have computerized entry or elevator systems, with smartcard keys for access? Hackers could take control and lock down your building, trapping employees and visitors inside.
- Computer-controlled electricity or water supplies can be shut down, rendering working impossible.
- Connected thermostats are becoming increasingly common and could be taken over — shutting off heating in winter or air conditioning in summer, driving temperatures to unbearable levels and making your office unusable.
- Logistics servers managing orders and deliveries could be hacked, with real orders canceled, false orders placed or essential supplies redirected to the wrong locations, disrupting your supply chain.
- Factory robots could be set to destroy rather than create your products.
- HVAC systems in a company data center could be overridden, causing a rise in temperature that could render network servers inoperable.
- Fire alarm systems could be turned off just as real-world arsonists attack.
- Preparation – Identify and quantify your cyber risk exposures. Develop a breach response plan and business continuity plan. Consider taking out a cyber insurance policy, which can assist with the potential balance sheet impact of a breach.
- Practice – Speed of response can be vital to limit damage in the event of a breach. Identify the key stakeholders within the organization and perform a tabletop scenario exercise to ensure everyone knows the role they need to play should an incident occur.
- Execution – Engaging with appropriate vendors is critical to successful execution. An organization should have relationships with defense lawyers, a public relations firm and a computer forensics firm so that a firm can work with it to mitigate loss in the event of a breach.