This post was originally published here by UpGuard.
Technology and Information
How much digital technology is required for your business to operate? Unless this document has traveled back in time, the chances are quite a lot. Now consider how much digital technology your vendors require to operate. The scope of technology grows quickly when you consider how vast the interconnected ecosystem of digital business really is. But digital business isnāt just about technology, itās about information. For many companies, the information they handle is just as critical as the systems that process it, if not more so.
Both technology and information bring great value to business. Technology enables wider reach, faster operations, global scale, and process automation. Information allows for analytics, which in turn enables companies to better understand their customers, their products, and their workāāāin short it enables understanding. But along with this value, technology and information also bring risk to business. Servers failing, the network going down, the website malfunctioning, the order database getting lost or corruptedāāāthe list of the ways technology failures can interrupt business goes on and on. But even more dangerous are the risks associated with information. Data breaches can expose sensitive customer information, proprietary business information (trade secrets), information gathered and aggregated for analytics, or corporate operating information such as emails and internal documents. Each of these types of information brings great value to the company, but if exposed to the internet or taken byĀ attackers, can bring the entire company down instead.
Business andĀ Trust
This is because businessesĀ run on trust. The relationship between a business and its customers is one grounded on the mutual trust that each party will fulfill their end of an agreed upon deal. For todayās digital businesses, this is also trust that information provided by (or gathered on) individuals will be safeguarded by the business so it canāt be used for any purposes other than those agreed to by the individual when he or she established a relationship with the business.
When this trust is broken, the image of the business as a single entity, the brand, is tarnished, sometimes irreparably, in the eyes of the customers. The business has failed to uphold its end of the deal, allowing the information granted to them in confidence to be accidentally exposed to untrusted third parties. To avoid this fate, businesses who rely on technology and information must start accounting for the risks they present. We call thisĀ cyber resilience.
Whatās happened soĀ far?
But what does all of this mean in the real world? If youāve been following the news in the last decade, you probably already know. The disparity in scale between the simple misconfigurations that can leave information exposed and the potential consequences of those misconfigurations canāt be overstated. Letās examine a recent example where a minor operational oversight led toĀ global consequencesĀ and see howĀ cyber riskĀ is created and how itĀ affects organizations.
Ā
