How much digital technology is required for your business to operate? Unless this document has traveled back in time, the chances are quite a lot. Now consider how much digital technology your vendors require to operate. The scope of technology grows quickly when you consider how vast the interconnected ecosystem of digital business really is. But digital business isn’t just about technology, it’s about information. For many companies, the information they handle is just as critical as the systems that process it, if not more so.
Both technology and information bring great value to business. Technology enables wider reach, faster operations, global scale, and process automation. Information allows for analytics, which in turn enables companies to better understand their customers, their products, and their work — in short it enables understanding. But along with this value, technology and information also bring risk to business. Servers failing, the network going down, the website malfunctioning, the order database getting lost or corrupted — the list of the ways technology failures can interrupt business goes on and on. But even more dangerous are the risks associated with information. Data breaches can expose sensitive customer information, proprietary business information (trade secrets), information gathered and aggregated for analytics, or corporate operating information such as emails and internal documents. Each of these types of information brings great value to the company, but if exposed to the internet or taken by attackers, can bring the entire company down instead.
This is because businesses run on trust. The relationship between a business and its customers is one grounded on the mutual trust that each party will fulfill their end of an agreed upon deal. For today’s digital businesses, this is also trust that information provided by (or gathered on) individuals will be safeguarded by the business so it can’t be used for any purposes other than those agreed to by the individual when he or she established a relationship with the business.
When this trust is broken, the image of the business as a single entity, the brand, is tarnished, sometimes irreparably, in the eyes of the customers. The business has failed to uphold its end of the deal, allowing the information granted to them in confidence to be accidentally exposed to untrusted third parties. To avoid this fate, businesses who rely on technology and information must start accounting for the risks they present. We call this cyber resilience.
But what does all of this mean in the real world? If you’ve been following the news in the last decade, you probably already know. The disparity in scale between the simple misconfigurations that can leave information exposed and the potential consequences of those misconfigurations can’t be overstated. Let’s examine a recent example where a minor operational oversight led to global consequences and see how cyber risk is created and how it affects organizations.