The presence of companies from all sectors in the network continues to grow. Nowadays, almost any product or service is susceptible to be sold or promoted online , and companies are increasingly aware of the diffusion capacity that can offer and in fact, in 2015 75% of Spanish companies already had a page own web.
Sell online through ecommerce, have a corporate website where to show the main lines of action of a company or have a constant presence in social networks to communicate with their customers are some of the different incursions into the network that have the most Business projects.
The network is already an important part of the commercial and marketing strategy of large and small companies, which manage to increase their visibility or their turnover thanks to a communication channel that only a decade ago was almost unthinkable.
However, the online presence of companies, as well as opportunities, entails new risks, such as exposing themselves to the possibility of suffering a cyberattack.
CALIBRATING THE RISKS OF SUFFERING A CYBER ATTACK
At the same time that we define an online marketing or sales strategy, the companies with presence in the network must also know the risks to which they are exposed by hosting their website on a server, storing their data in the cloud or making economic transactions of the company telematically, among other examples.
The growth of the network as a sales, management or dissemination channel for companies has also coincided with an increase in illegal practices such as cyber attacks or cyber attacks to undermine the image of a company or subtract data and user passwords or confidential information. But do companies have enough mechanisms and prevention systems to protect themselves from network threats?
The certain thing is that, at the same time that a company defines its strategy in the network, it must also include in it the cyber risks that it faces and implement measures to protect it from any cyber attack that, in fact, could suppose an important breach to the online strategy or to the image of the company and even, in very extreme cases, to its own existence.
In this line he deepens the study ” Cyber Risk Appetite: Defining and Understanding Risk in the Modern Enterprise “, prepared by the RSA, the security division of EMC.
The starting point for any company should be the measurement of the cyber risk to which it is exposed. We do not refer only to the most known attacks, in search of data, keys or files, but there are many other risks that can affect the technical infrastructure of the organization.
Probably the companies fix their main attention to the cyber risks that come from outside the company as indicated above.
However, in addition to calibrating all possible external attacks on computer systems and company information on the network, it is also important to know what internal actions may expose the organization to the risk of possible attacks.
We refer, for example, to the error of an employee who leaves a system unavailable, or who converts an encrypted or secure information into vulnerable information and more exposed to external attacks.
We can also consider as internal actions those carried out by companies subcontracted by our organization to manage computer systems, servers, email accounts or information in the cloud, for example. It is important to know all the processes they carry out in order to minimize any risk from outside.