Feeds

Q: What does risk mean to you?

The changing face of threat

  • alert
  • submit to reddit

Seven Steps to Software Security

All businesses face risk of some sort. Traditionally, the risks facing organisations have tended to range from incidents such as a fire in a building or production line, or environmental factors, such as damage sustained by flooding or storms. In past years, such physical risks made up nearly 100 per cent of the major risks faced by business.

Today, some feel that the risk of environmental or natural disaster is still important, but they now account for around 70 per cent of the risk faced by business. The remaining 30 per cent comes from non-manmade sources and much of this is accounted for by the changing nature of business.

One area in which business is changing is that it is becoming increasingly global, with companies looking to outsource non-core aspects of their business in order to gain access to lower cost resources. This places many in unfamiliar business surroundings with new risks, including those of government corruption, security and employee safety.

Not only are businesses facing risks from new sources, but new legal and industry-specific regulations are raising the bar on dealing with risk. These include legal regulations such as Sarbanes-Oxley, which places the onus on senior executives to personally vouch for the quality of the business information that it publishes and which looks set to be replicated across Europe, and industry regulations such as the food safety laws that come into effect in Europe in January 2005, which require greater disclosure of the provenance of all materials used in the production of food items right throughout the supply chain. Coming soon, the Basel II capital adequacy accord will force greater disclosure of the risk profiles of banks and other financial institutions.

However, recent surveys show that perceptions of risk vary widely within organisations and what executives care most about in terms of the risks that they face varies widely according to their area of expertise. A survey undertaken by MORI, on behalf of the UK Confederation of British Industries, asked chairmen, CEOs and other senior executives of UK companies about the greatest risks that their businesses face. The results are interesting, but in marked contrast to those released in 2004 by FM Global, a leading insurance and risk management organisation. The respondents to this survey were drawn from the ranks of CFOs and treasurers, risk management professionals, and investment professionals.

In the CBI survey, 57 per cent of chairmen and CEOs indicate that they are particularly worried about IT and computer network security - but this is in direct contrast to the FM Global survey, where just 11 per cent of risk managers, eight per cent of CFOs and treasurers and three per cent of investment professionals in Europe see risks to IT and telecommunications systems as being severe hazards facing their companies. There are differences among the professionals interviewed by FM Global for its 2004 survey - 72 per cent of CFOs, treasurers and risk managers see property-related threats as the most important threats facing their organisations, compared to just 19 per cent of European investment professionals.

Another marked contrast is that very few of the respondents to the FM Global survey view newer threats, such as sabotage or terrorism, as serious risks to their organisations. In contrast, one third of CEOs and chairmen responding to the CBI survey view terrorist action as the type of security threat causing the most worry, and one fifth cite environmental terrorism. Among these respondents, more mentioned the actions of animal rights activists as being a threat than the danger of fire or flood, especially among larger companies.

The greatest difference can be seen in how investment professionals assess the risks facing business. Whereas CFOs, treasurers and risk management professionals are more focused on property-related risks, 81 per cent of investment professionals point to non-property-related risks as being the most important. Within this category, pricing fluctuations were seen as important risks by 46 per cent of European investment professionals and government and regulatory requirements by 17 per cent. For risk managers, these were seen as important by just nine per cent and one per cent respectively.

But the one area in which respondents to both surveys appear to agree is that companies need to spend more on security than they did previously and that security is of such importance that it needs to be put under the supervision of the board of directors. However, many admit that there is still some way to go and the surveys show that doubts remain about the workability of security plans in practice as well as the ability to keep pace with newly emerging threats.

Taken together, these two surveys show that companies are thinking more seriously about security than they did previously, but gaps remain. In addition, some company officers appear to have their heads in the sand with regard to new risks that they face in their operations, including their ability to comply with new regulations. Industry observers such as investment professionals and analysts appear to be more tuned in as to the risks that these regulations pose to businesses. It is time for businesses to wake up now to the threats such regulations pose to their operations - before the first legal cases are tried.

Copyright © 2004, IT-Analysis.com

Related stories

Counting the cost of security training
Business frets over wireless security
Symantec drives security deep into enterprise

Mobile application security vulnerability report

More from The Register

next story
Yorkshire cops fail to grasp principle behind BT Fon Wi-Fi network
'Prevent people that are passing by to hook up to your network', pleads plod
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
NEW, SINISTER web tracking tech fingerprints your computer by making it draw
Have you been on YouPorn lately, perhaps? White House website?
LibreSSL RNG bug fix: What's all the forking fuss about, ask devs
Blow to bit-spitter 'tis but a flesh wound, claim team
Black Hat anti-Tor talk smashed by lawyers' wrecking ball
Unmasking hidden users is too hot for Carnegie-Mellon
Attackers raid SWISS BANKS with DNS and malware bombs
'Retefe' trojan uses clever spin on old attacks to grant total control of bank accounts
Manic malware Mayhem spreads through Linux, FreeBSD web servers
And how Google could cripple infection rate in a second
Don't look, Snowden: Security biz chases Tails with zero-day flaws alert
Exodus vows not to sell secrets of whistleblower's favorite OS
prev story

Whitepapers

Designing a Defense for Mobile Applications
Learn about the various considerations for defending mobile applications - from the application architecture itself to the myriad testing technologies.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Reducing security risks from open source software
Follow a few strategies and your organization can gain the full benefits of open source and the cloud without compromising the security of your applications.
Boost IT visibility and business value
How building a great service catalog relieves pressure points and demonstrates the value of IT service management.
Consolidation: the foundation for IT and business transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.