Evaluating Your Risk: A Hazard Analysis Process is Key to Focusing Resources on Risk Reduction
At the recent tech fair on the LTx data center campus infrastructure subject matter experts presented on various data center and cloud issues. George Giangi of Preparedness Consulting offered a presentation entitled “Assessing Your Organization’s IT Risk Profile.” The following are some of the highlights of George’s helpful and informative presentation.
Human Error Causes Breaches: The 2022 Verizon Data Breach Investigations Report indicated that the human element is a substantial cause of data breaches, while ransomware is topping the list of attack types. Neither finding is a surprise, and both are in line with other studies in recent years. The study found that employees are seven times more likely to make a mistake rather than engage in a malicious act. 80% of breaches involved some form of human element and use of stolen credentials remains the highest threat vector.
Isolate Your Cyber Vulnerabilities: What can an enterprise’s technology decisionmakers do to protect themselves? George suggested evaluating all the potential cyber vulnerabilities. Risk factors include phishing, ransomware, website hacks, data breaches, vendor-related security events, server loss, and other potential risk events.
All decision-makers know of those factors, but have they considered how deep the damage can be internally and gone through an organized evaluation of data center and infrastructure risk? George asked, “does your company’s Business Continuity plan truly address the impact of all potential IT hazards?” as well as “Does it drill down to each department’s reliance on IT?”
Hazard Analysis is Critical: George issued a challenge by asking “how prepared is your facility for IT hazards?” He introduced a process of hazard analysis for ascertaining how prepared your facility is for IT hazards.
A well-constructed hazard analysis can identify IT risk that the facility is prone to experience. Hazards can be ranked based on probability, consequences, facility response capability, offsite response capability, and detection time. The analysis allows you to arrive at a risk score for each hazard.
Proper Focus of Talent and Budget: Risk scores from the hazard analysis allows you to focus your talent and budget on areas of greatest vulnerability. By working on protective measures and workaround procedures you can quickly and effectively reduce the risk for those hazards before moving on to the next. Questions to ask about each area include:
· What can you do today to prevent the hazards from occurring?
· What can you do today to accelerate detection time of the individual hazard?
· What can you do today to better respond to the hazards?
· What can you do today to better recover from the hazards?
IT Vulnerabilities in the Crosshairs: Another area of potential risk are IT vulnerabilities. These include employee cyber practices, the organizations security patch update practices, and data backup practices. The company’s password policy is always worth evaluating, along with the use of corporate laptops offsite by employees, particularly with so many more employees working offsite than was the case years ago. Understanding your ability to detect a cyber attack is also a worthy exercise, as is an IT Gap analysis.
Big Steps Toward Determining Your Organizational Risk Profile: Think of the knowledge you’ll obtain by taking these steps. The process will yield a much higher understanding of your organizational risk profile, your strengths, and what you must work on.
More information: For more information or for an introduction to George Giangi of Preparedness Consulting, please email us at sales@directltx.com