Protect your digital assets and govern your cyber risks
Digitalization is a worldwide accelerating trend and represents an opportunity for companies. Indeed, it influences markets, environment, individuals and society. Today, it is easier to start administrative procedures online, to book appointments online or to facilitate business management with enterprise resource planning (ERP) software, but the digitalization goes further. The creation of NFTs (non-fungible tokens) has set the web ablaze. These digital objects such as a video, artwork, image or audio file are associated with a digital identity and attached to one or more owners. In March 2021, the American artist Beeple sold his digital work “Everyday: The First Five Thousand Days” for $69.3 million. Through digitization, humanity has created the 5th dimension: the metaverse, a fictional virtual world. And this frenzy continues when we look at the news. The group NIKE has just bought the NFT-based digital fashion brand RTFKT. Digital assets investments offer new market perspectives and become very interesting for companies.
Therefore, the proportion and value of intangible assets, including digital assets, continue to grow strongly in organizations. It is becoming difficult to assess them, to estimate their value and to protect them.
The existence of multiple digital assets
Cryptocurrencies are not the only digital assets
In the words of Jamie Hopkins, ” So even if you don’t own Bitcoin or another popular cryptocurrency, you likely own a digital currency. And really, digital currencies are just the tip of the iceberg to your treasure trove of digital assets.” At first sight, this statement doesn’t shed some light on the topic.
What Jamie Hopkins means is that we all have a credit card, a customer account or a loyalty card. The rewards offered by a service provider are not insured or guaranteed by the federation, but they do have some value if they are used at the service provider. However, the value of these rewards is not constant and cannot be directly converted into Swiss francs.
Value of digital assets
And that’s only a part of your digital assets. Now let’s talk about your emails, social networks, your company website, your software, the applications you use, which necessarily have a financial value that is determined by supply and demand. If you are a car dealership group, your database contains qualified contacts of craftsmen who have purchased or are interested in a van. This information could interest a tool manufacturer.
Mastering your information security system
Therefore, it’s complex to estimate this value and to evaluate all the digital assets you or your company own. Moreover, the trend of BYOD (Bring Your Own Device) and the use of connected objects are growing in the current epidemic context. It is becoming more and more difficult for IT managers to control their end-to-end information system.
New technology brings us great benefits, but it means our data and applications are now spread across multiple sites, many of them are not part of our organization’s infrastructure. In this complex, interconnected and digitally dependent world, no one can view its security as an isolated issue. Thus, if processes to manage them or governance are not put in place, your digital assets will be exposed to cyber-attacks.
Cyber risks threaten your digital assets
The consequences of cybercrime
An underground cybercrime economy has emerged as we see criminal organizations shifting from their usual activities toward cyber criminality as the cost/benefit becomes more interesting. The professionalization of threat sources has led to increased sophistication of offensive technical tools, some of which are automated and deployed on a large scale for maximum impact, while others are carefully tailored to specific valuable targets and to evade detection and attribution. As a consequence, organizations are more exposed to digital security incidents. It can have far-reaching economic consequences for organizations: disruption of operations, financial loss, lawsuits, legal fees resulting from non-compliance, loss of confidential or personal data, reputational damage, loss of intellectual property or trade secrets, loss of trust among their customers, employees, shareholders and partner
Monitoring your “cyber supply chain”
The increasingly high cyber risk to organizations can go so far as to jeopardize their survival and that of their stakeholders. Indeed, these risks are not limited to the organization alone, but also concern the stakeholders in the value chain with whom they are shared. This is what is called the “cyber supply-chain”. A cyber-attack may affect several companies simultaneously or a company might be used as an entry point to another one.
Set up a mature governance
The challenge of digitalization
Whatever the sector of activity, the size and location, all companies are concerned and must reconsider their business model from the point of view of new technologies. However, they are not equal when it comes to this change. The opportunities and cyber risks are strongly correlated with the sector, the size, the financial resources and the know-how of the company. In fact, an e-commerce reseller will not have the same issues as a construction company, but cyber risks are not inexistent and should not be neglected.
Cybersecurity: a technical subject with economic issue
Cybersecurity used to be only a “technical” subject. Nowadays, Boards are increasingly in need to demonstrate to investors and the public that cyber risks are managed, not only from a technical standpoint but also from a governance and financial perspective. Not to mention that Board members are also becoming personally responsible for such issues. Indeed, the evolution of cyber risk in the organization now commits the responsibility of the executive with regard to its management and treatment and this responsibility is accentuated by regulations. However, the involvement of all employees and stakeholders should not be overlooked as this is the main entry point for cyber issues. It becomes mandatory to be able to demonstrate a mature governance process that gives good insurance on the sustainability of the activities.
Download our white paper to learn more about cyber governance. We’ll explain how to get the best of an information security management system.