Security Threats in Businesses

security measure Threats in BusinessesMusa Hajara MuhammadIntroductionThe crease environment is go a fast paced globalized economy that depends on learning and entropy carried via open channels. As a tune transcription, it is critical to maintain and cheer both physical and virtual property that is being owned against intruders, potence theft and other acts that could cause red ink of any form. Dominos, for example, one of the biggest pizza delivery ships caller go more or less a massive data breach where customer information was made public, hence resulting in loss of sales and customers. In todays global, digital world, data rules. Safeguarding intellectual property, pecuniary information, and a companys reputation is a crucial part of c be strategy. With the number of threats and the sophistication of struggles increasing, safeguarding becomes a formidable task.Businesses, both small and big are under massive attacks by external agents in raise to get credit card information and other confidential data which can be thrust a negative impact on the growth of the origin. However, this guarantor threats are non limited to attacks from the outside, exactly also from within the loaded (Business surety, 2013).A new-made survey shows that 80% of trade protection breaches are caused by insiders- most often employees, more than 20% of attacks on the incorporate WEB sites come from the inside, almost 30% of companies, experience more than 5 attacks from the inside every year. However, it has also been argued that having too much credentials whitethorn affect business processes. correspond to Cowan (2012), while there are various security solutions to help protect businesses from potential reputational or financial damage, a heavy investment in business security solutions whitethorn reach a counter-productive impact on the business. It can affect the corporate culture, flow of information and useable processes, leading to inefficiencies an d productivity loss (Cowan, 2012). On the other hand, being too permissive can have the same result, with employees able to access, share, lose or damage sensitive data too easily (Cowan, 2012).According to Cowan, business security needs to be tailored to each business depending on their respective risks and business objectives, that is, Security footsteps essential neither be so restrictive that they affect business processes, nor too relaxed and thereby causing harm (Cowan, 2012). The key is to weigh up all the risks and vuln date of referencebilities, potential consequences and controls, and then decide which information assets to protect and which can be accessed and shared openly without major consequences. Following a risk-based onset leave alone lead to business growth and spending the right wing amount of snip and money on the right take of protection in the right areas (Cowan, 2012).As a result of the negative issues of security threats to businesses, many companies t oday are adopting a corporate security strategy. unified securityidentifies and effectively mitigates or manages, at an archaean stage, any developments that may threaten the resilience and continued survival of a corporation. It is a corporate cash in ones chips that oversees and manages the close coordination of all functions within the company that are concerned with security, continuity and safety (Wikipedia, 2010). Core components of corporate security includes personal security, physical security, information security, corporate governance, compliance and ethics program, crime prevention and detection, ruse deterrence, investigations, risk management, business continuity, and crisis management (Wikipedia, 2010). While it takes effecting time planning to implement, Bordoloi (2012) argues that ontogeny an effective governance approach to corporate security results in five basic outcomesReduced risks and potential business impacts to an acceptable directStrategic alignment of security with the enterprise strategy and the formational objectivesBusiness value generated through the optimization of security investments with makeupal objectivesPreserved and increased market share out-of-pocket to the reputation for safeguarding information good utilization of security investments that support organizations objectives.Also Adhering to a good corporate security policy can assist senior management to help them make decisions and then pass the intrinsic actions to those in management positions. Al-Awadi Renaud (2008) argue that implementing an effective security solution can be complex and time consuming, stating that while it can silent a firm growth due to the resources involved, it is the key strategy for the sustainability of a firm in the 21st century. Al-Awadi Renaud (2008) identified five key factors for the successful murder of a business security strategy. They include awareness and training, budget, management support, tuition Security Polic y Enforcement and Adaptation and organization mission. unfavorable success factors for security policy implementationDhillon (1999) argues that, organizations must have ongoing education and training programs to fulfil the required outcome from the implementation of an information security policy. The 2002 security awareness index report cited by McKay (2003) concluded that organizations around the world are failing to make their employees aware of the security issues and the consequences. Hone Eloff (2002) excuse that the behaviour and attitudes of employees towards information security forget be more in line with secure behaviour if top management indorses concern, therefore it is elicited that the tone of security is set by the attitudes of those at the top of the organization (Hinde, 1998). Management wont act to support the information security unless they can see that it supports the organizations core business function (Blake, 2000).Hence they must be convinced of the i mportance of information security before they will to provide sufficient budget, and act to enforce the information security policy (Von Solms, 1999). Also, Bjorck (2002) describes budget as the financial facility which firstly rationally estimates the costs and secondly assesses the access required to the resources to achieve successful implementation of information security. Organizations require adequate funding (Doherty Fulford, 2005) to achieve effective information security. Budgets generally depend on the manner in which individuals investments translate to outcomes, but the impact of security investment often depends not exactly on the investors own decisions but also on the decisions of others (Anderson Moore, 2006, p.612 ). Lack of information security budgeting in organizations leads to under- investment in appropriate controls (Dinnie, 1999).Moreover, Fung et al. (2003) explains that a good security policy is the keystone to a sustainable business growth. There is no doubt that the adoption of a security policy is the initial measure that must be in place to minimize the threat of unacceptable use of any of the organizations information resources. And lastly, Siponen (2001) explains that in terms of security, organizations usually do nothing as dogged as nothing goes wrong, but when things do go wrong, they suddenly pay attention and a lot of swither is required to recover from the situation, even though sometimes full recovery is impossible. Some of the experts said that the organizations give notice goals and objectives are essential in implementing security policies and that having a culture of secure information in the organization will affect its success.ConclusionInformation is knowledge, and knowledge is power. Businesses are beginning to understand the need to demonstrate to customers that their information is being handled securely, especially in the light of numerous data breaches such as the NSA scandal. When customers are aware th at the information a firm possesses about them is highly secured, they tend to build confidence in such a firm, and invest even more. What has been discovered from the analysis above is that firms that are concerned about security are more likely to survive both internal and external threats posed to them. However, due to the complexity of implementing these security initiatives, certain schools of thought are of the opinion that it may take firms concerned with security time to grow. These thoughts have led to the emergence of security analysts, data managers, network and security engineers, and other security personnel who specialize in safe guarding company data and information from various mishaps.In recent years the amount of money wield into security firms around the world simply goes a long way to reiterate the fact that firms are getting keener about security investment. $15 million pumped into Cylance, $23 million into EndGame, and a whopping $50 million into FireEye are a few from the several(prenominal) investment deals reached with tech security companies. (Bryon Acohido, 2013).Investing in security can cost a company a large amount of its resources, but not adequately investing in securing its most priceless asset, which is information can cause a company to totally shut down in the cutting of any data exposure or loss. Alpex Consulting Africa Managing Director, Joseph Kibe, in Kenya said,Organizations have lost a lot of data and there must be a lot of losses incurred because of customers data being thrown outdoor(a) when information leaks to the wrong hands. The economy has to wake up and secure this informationif you walk into an insurance firm, a bank, or a hospital, is your information secure? That is what will determine who makes it For a successful security policy, organizations must institute security policies to prevent unauthorized access to their resources. Steps must be taken to command that employees get the required awareness and security training to make them aware of the security issues and the consequences of insecure behavior. Moreover, the results suggest the ethos of security must come from the top of the organization to encourage a serious attitude from employees and an lookout that they will comply with the organizations security policy rules and regulations.A point worthy of note is that, for a firm to think about security in the first instance, it must already have a enough amount of presence over the internet. This alone, can make a company gain more benefit and recognition due to its global presence. Most security breaches occur in the most developed of countries, and this is because of the take aim of advancement in technology, and also sophistication in cybercrime. A country who is just at the developing stage seldom experiences high level of security mishap. This goes a long way to say that the level of development in a country can be directly proportional the amount of cybercrime that oc curs in that country.Implementation of security wont be possible if a sufficient budget is not allocated. Clear organizational mission statements and goals result in positive employee behavior and positive attitudes towards securing the organizations information assets. Just like a car, building, or machine, information is an asset, and the most valuable in this era of information technology. Safeguarding such a valuable asset will in no way slow down the growth of a firm, but set it apart from its adversaries.ReferencesBordoloi, C. (2012) 5 Benefits of Proper IT Security validation URL http//www.enterprisecioforum.com/en/blogs/cj-bordoloi/5-benefits-proper-it-security-governance Accessed (23/06/2013)Bjorck, F., 2002. Implementing Information Security Management Systems An Empirical Study of Critical Success Factors.Wikipedia (2010) Corporate Security URLhttp//en.wikipedia.org/wiki/Corporate_security Accessed (23/06/2013)Dhillon, G., 1999. Managing and Controlling information pro cessing system Misuse. Information Management Computer Security, Vol. 7, no 4, pp. 171-175.Doherty, N. F. and Fulford, H., 2005. Do Information Security Policies Reduce the Incidence of Security Breaches An Exploratory Analysis. Information Resources Management Journal, Vol. 18, No. 2, pp. 21-39.DeviceLock (2012),Corporate security risks of the insiders attack URL http//www.devicelock.com/articles/detail.html?CODE=corporate_security Accessed (23/06/2013)Business Security (2013) Understanding Business Security URLhttp//www.businesssecurity.net/ Accessed (23/06/2013)Cole, E (2010) immenseness of cyber security to protect your business URL http//www.securityhaven.com/specialist/cyber-security-for-business.html Accessed (23/06/2013)Hone, K. Eloff, J.H.P. 2002. What makes an Effective Information Security Policy. Network Security, Vol. 20, No. 6,pp. 14-16.Fung, P., Kwok, L. Longley, D. 2003. Electronic Information Security Documentation. Australian Computer society,Vol. 21.Dinnie, G ., 1999. The Second Annual Global Information Security Survey. Information Management computersecurity, Vol. 7, No. 3, pp. 112-120.Hind, S. 2002. Security Surveys Spring Crop. Computers and Security, Vol. 21, No. 4, pp. 310-321.McKay, J. 2003. Pitching the Policy implementing IT Security Policy through Awareness. SANS Institute.Von Solms, R. 1999. Information Security Management Why Standards are Important. Information Management Computer Security, Vol. 7, No. 1, pp. 50-57.