Understanding Risk in Cybersecurity from Both Organization and Human Perspective

It is important to understand cybersecurity from an organizational and human perspective. The risk that is addressed by cybersecurity can be seen from a big picture (organization), and then narrowed down to an individual (human).

Image-Source: Pixabay

Example: An organization such as Apple deals with a lot of personal data, that is stored on the cloud belonging to both the company itself, and all users of their products such as iPhone, iPad, or the Mac.

If it does happen that the organization is hit by an attack, then the impact will first affect the organization apple, and finally narrowed down to the individual (human) whose data has been stolen from the compromise.

The risk address by cybersecurity from both the organizational and human experience can be understood from:

  1. Privacy Risks:

    The risk impact which may occur from the loss of control over personal data, or even how the data is utilized, in the event of a possible breach by a threat actor. Confidentiality, Integrity or even availability can be affected all at the same time.

privacy-risk_cybersecurity.png

Description: Privacy can be compromised when we access malicious contents.

In 2014 lots of celebrity private pictures which were backed up on the iCloud, was leaked all over the internet. These pictures, might have been of memories or even fun events had during parties, that the celebrities might have kept for just their private view.

However, the compromise resulted into these pictures being leaked online, as the attackers had total control of all the files, the celebrities could not be able to ascertain how the attackers intended to use or where they desire to post these pictures. In this case, we can say the organization apple and the affected celebrities, have lost control over their personal data.

  1. Business Risks:

    This may result in the organization not trusted enough to provide hardened security over user’s data, thereby loosing its customers or even as a result of the disclosure to the public certain organization internal  business policies and information meant to be private. This will or may even affect not just the organization, but also team members working for the company.

Description: Loss of business due to customer loss of trust in the organization's Integrity and security.

In May 2023, Food distribution company Sysco, were hacked. This resulted to over hundreds of thousand data leaked to the public. The breach which consists of not only individuals’ personal data such as social security numbers, but also company’s data related to business operations and their employees.

The company data and employee data stolen from the breach includes information related to business operations, employee’s payroll, account numbers, and social security numbers.  Certainly, this will impact the business as customers turn out would be low, and it will also put the organization in a negative view to the public.

  1. Financial Risk:

    The financial risk resulting from funds stolen by hackers, with credentials and information gotten from the breach. Most common cases are BEC scams (Business Email Compromise), and are common with big organizations.

Also, indirect impacts which may be due to loss of customers confidence in conducting further business with the organization, resulting to low sales or even profit margins. In certain scenarios, the affected customers do sue the organization for lack of due diligence, in protecting their data. 

privacy-breached_by-Hacker.png

Description: phishing attack a common type of scheme commonly used by hackers.

Furthermore individual (human) who have been victims of phishing scams are also impacted by the loss of their savings.

  1. Professional Risk:

    This deals with affected individual careers or even the organization top executive itself due to the negative impact from the cyber-attacks. Cybersecurity engineers are at risk to loosing their job, if a cyberattack occurs under their watch, or if sensitive information about the past of an individual employed by a company gets to the public, the company might end up firing them in other to protect the organizations image.

professional_risk-sacked.jpg

In 2019 IHis Singapore sacked two employees and requested the CEO to pay a financial penalty over the SingHealth app Cyber-attack.  Information’s belonging to over 1.5 million Singaporean citizens were leaked including that of the prime minister of Singapore.  Such compromise did not only put the prime minister at risk, but also that of Singaporean citizens, as this infringed in the HIPAA Act of 1996.

  1. Personal Risks:

    We all have our private lives we do not want to see in the public or show to others. This may range from private conversations, down to even explicit photos between us and our loved ones.

 If such data gets leaked due to a compromise of the storage device or technology by hackers, it may result into damage of relationships or even cause harm to  families or the affected individual. In certain situations, if it is the CEO of a big cooperation, it certainly would impact the organization business image.

Sometime in 2020, the CEO of amazon (Jeff Bezos) private and explicit conversation between his wife’s best friend and him, sparking relationship rumors hit the internet. This brought a lot of tension in his marriage, and eventually resulted into his wife divorcing him.

  1. Physical Risks:

    Cyberattacks on IoT’s, critical infrastructures, and industrial facilities can be dangerous that loss of human lives on a global scale is inevitable. The importance of cybersecurity in protecting human lives cannot be underestimated.

physical-risk_poison.png

On January 15th 2021, it was reported that a hacker tried to poison a water treatment plant, that served part of the San Francisco Bay Area. The hacker used credentials of team viewer account belonging to past employees of the organization, to gain access to the water treatment system.

Upon gaining access to the system, the hacker deleted software programs that is responsible for treating the drinking water. Luckily the hack was detected the next day, and the company quickly changed the passwords and reinstalled the water treatment software application.

 

 

 

Put your comments below in the comment section on your thoughts about this.

Find this article and information helpful? Show some love and support  “Click-Here”
5 1 vote
Article Rating
Subscribe
Notify of
guest
0 Comments
Oldest
Newest Most Voted
Inline Feedbacks
View all comments