CMLP 2.8_English: Cyber Security Incidents

Cyber-attacks can cause significant and protracted disruption to operations and, in compromising or acquiring information, have the potential to severely damage an organization’s reputation. While, historically, cyber-attack risk and the focus of security approaches have been associated with critical national infrastructure, governments and financial institutions, cyber-attacks are increasingly agnostic, and no organizations or sectors are immune. Cyber security poses significant challenges for organizations. Attackers are diverse, ranging across hacktivists, those carrying out acts of espionage, disgruntled former employees, organized and opportunist criminality, extremist groups. Attackers also employ a wide range of tactics to exploit vulnerable points within an organization’s security architecture, albeit the attack ‘vectors’ are typically similar: social engineering, malware, hacking. In some cases, the threat may be compounded by the distributed nature of an organization’s operations. For those who work globally, and where their people necessarily work in areas where fundamental network security may be weak, alongside a diverse range of partners and counterparts, and where the reliance on mobile devices and wireless communications, vulnerability to cyber-attacks is greatly increased. The ability of organizations to demonstrably protect themselves from cyber-attack is of central importance to their reputation for sound management and governance.