The security risks of taking a stand
ORGANISATIONS face increasing internal and external pressure to take public stands on issues unrelated to their core business. Examples include a broad range of social, political, and global events, which seldom involve the business directly. While the merits or flaws of organisations engaging in sociopolitical discourse are arguable, the fact that doing so creates security risks is undebatable. The question is, how should chief information security officers (CISOs), chief information officers (CIOs), and other security leadership deal with the inevitable risks that arise from their company taking a public stand?
When an organisation chooses one side of a divisive topic, it inevitably alienates those who strongly disagree. Segments of the organisation’s customer base, employee pool, and professional connections will become disenfranchised.
Their disappointment with the organisation, when expressed in a healthy manner, may lead to people berating the company on social media, employee resignations, or calls for boycotts. When expressed in an unhealthy way, there is a risk that individuals or external organisations may decide to take direct action against the company through many means, including data exfiltration, denial of service, spamming or voice phishing. In fact, in 2019, The Times of India reported that ideological cyberattacks were outpacing physical attacks.
KEYWORDS IN THIS ARTICLE
BT is now on Telegram!
For daily updates on weekdays and specially selected content for the weekend. Subscribe to t.me/BizTimes
Columns
‘Competition for talent’ a poor excuse to keep key executives’ pay under wraps
OCBC should put its properties into a Reit and distribute the trust’s units to shareholders
Why a stronger US dollar is dangerous
An overstimulated US economy is asking for trouble
Too many property agents? Cap commissions on home sales
Time to study broadening of private market access