Majority of organisations seem to believe the above statement. They do not believe they have data that can be of any importance to attackers, some actually thought a security breach cannot affect their businesses operation. They believe as long as they have their data backed up somewhere, they can always restore their info and continue operations.
Their systems and solutions are built around functionality, their most concern is for the systems to be up 99.999% of the time, running smoothly without a glitch. While this is intrinsically important for the business operations, the security posture of these systems are equally important. The awareness in information security is rapidly evolving and organisations are waking to up the realizations that cyber attack is not a dark myth from the underworld of scruffy geeks and nerds, it is an imperative challenge that arrived with the new age of information technology. Despite all these awareness programs and training, most businesses do not give much consideration to information security. They seem to believe financial organisations and governmental bodies that deal with ‘sensitive’ data are at risks, this drives them to adopt complacent approach to security if at all any.
Businesses need to realize the threat of cyber attack is not limited to organisations that process or store ‘sensitive’ data, attackers are not just motivated by financial greed or criminal activities. There are several organisations with even non profitable operations being attacked; political organisations, charities, environmental bodies and so on. Motives for taking down or compromising systems by attackers varies, hacktivists are out there propagating their agenda by attacking various organisations with opposing views to theirs, there are business competitors taking their competitions away from the traditional campaigns and adverts by resulting to lunching cyber attacks at their competitors, stealing trade secrets, undermining business operations just to name a few. Businesses claiming not be faced by any of the issues above may believed it is free of cyber attacks, well that is not entirely true. This is because your system can be recruited to be an accessory to cyber attacks, attackers can use your network as a pivot point to lunch various attacks on their targets; this is usually done for several reasons but a major reason is to evade capture by attack investigators. After a security breach, attack investigators make use of discreet information left behind by attackers to track them, by leveraging another network as a springboard for their attacks it will be more challenging for investigators to truly narrow down the source of attacks.
Information security is a concern for every organisations, it should be an intrinsic aspect of business processes and operations. It should not be adopted with a peripheral approach or just an extension of the IT department. The increasing awareness is certainly one of the ways to ensure these are realized.