The security risks of taking a stand
Add BT as a preferred source
ORGANISATIONS face increasing internal and external pressure to take public stands on issues unrelated to their core business. Examples include a broad range of social, political, and global events, which seldom involve the business directly. While the merits or flaws of organisations engaging in sociopolitical discourse are arguable, the fact that doing so creates security risks is undebatable. The question is, how should chief information security officers (CISOs), chief information officers (CIOs), and other security leadership deal with the inevitable risks that arise from their company taking a public stand?
When an organisation chooses one side of a divisive topic, it inevitably alienates those who strongly disagree. Segments of the organisation’s customer base, employee pool, and professional connections will become disenfranchised.
Their disappointment with the organisation, when expressed in a healthy manner, may lead to people berating the company on social media, employee resignations, or calls for boycotts. When expressed in an unhealthy way, there is a risk that individuals or external organisations may decide to take direct action against the company through many means, including data exfiltration, denial of service, spamming or voice phishing. In fact, in 2019, The Times of India reported that ideological cyberattacks were outpacing physical attacks.
TRENDING NOW
CSE Global independent director quits after clashes with chairman Eugene Lai over board refresh
What’s wrong with Orchard Road? Experts weigh in on the street’s cachet and its future
‘I felt like dying’: Thai Singha beer scion speaks up after disclosure of alleged sexual abuse
Rare brutalist Singapore house opens to the public before changing hands
