Skip to main content

Why Should Every Organization Consider Cybersecurity in their Business Strategy?

These days business operation can't take place without using the technology and internet. Business must use computer network and system to perform their operations. Traditional methods of handling data and performing the job are already obsolete and workstation are digitalized. Information of an organization are being stored in the cloud and the type of information that any organization collects is increasing. Since, technology has become the part of business operation new strategy means more data, more information and more use of technology.


If the organization is collecting more information and storing the data, then the responsibly to keep that information security will increase. The organization must understand the current state of information security and potential risk to information after implementing the new business strategy. All the technical components like hardware, software, network configurations, must be reviewed to get information about security issues. Flaw on any one component means security threat to the critical information.


For example, a business is planning to move to the new country and to find out about their potential customer they might collect information about their interest and their information. The information they gather from the potential customer is stored in the database of the organization. Now, it is the responsibility of the organization to keep that information secure. There is always a risk to the information and threat are lying around us. If we don’t think about security while making plans and strategies, then we might not be able to achieve our goals.
Improper security plan will result in the failure of the organization and this is not a good strategy to run any business.

We should think about the potential security threat and the ways to secure it before implementing any strategies. Also, the strategies that we implement might create security loopholes in the system. In my opinion, security will influence an organization's strategy and strategy will impact their security. We can't isolate the impact of strategy on security and the implementation of strategy considering the security.

Let’s take the example of a store that only has a physical store and planning to go online and made a strategy to open their e-commerce website. To run their own e-commerce website, they need to store information of clients like their name, address, email, phone no. etc. Also, they need to securely process the transaction using credit cards or another payment gateway like PayPal. Now, they should make a strategy to store the information collected from the client securely. If they can’t guarantee the security of information collected from the customer, then they can’t be a success in their business. In this case, they first need to build a properly secure system that store information of customer and process the transaction securely. They might need to change their strategy to protect the data of the customer. Therefore, security will influence the strategy they make for their business.

On the other hand, strategy and plans can impact the security posture of the organization. We know that nothing is secure on the internet and every infrastructure has vulnerabilities. Implementation of our strategies might sometime give bad guys exposure to attack our system. Let’s take the example of a smartphone manufacturer company called OnePlus. OnePlus is an Android smartphone company whose strategy is to sell phones only from online store to make the smartphone cheaper by reducing the cost of the smartphone by avoiding the physical store. Their strategy is to sell the cheaper smartphone by reducing the operating cost of their business by avoiding any physical store. They started selling phones online but there were vulnerabilities in their payment system. They had announced that up to 40,000 customers credit card information was affected by the security breach and because of this, they need to shut down their payment gateway until the issue is fixed. From this example, we can see that our strategies might have impacted the security of our data and privacy. Therefore, strategies and securities should be considered as two sides of the same coins and we need to do proper research before making plans and strategies for our organization.

Popular posts from this blog

Why should we stop using SMS-based two-factor authentication?

 Today, securing an application is challenging as attackers are becoming increasingly sophisticated. A proper authentication system plays a significant role in application security, as, without one, the app’s vulnerability could allow a malicious person to gain unauthorized access. Poorly configured authentication systems and human error are the most common reasons for data breaches. Therefore, to address this issue, the concept of two-factor authentication (2FA) or multifactor authentication is applied. In addition to user ID and password, 2FA requires users to input a temporary code unique to them to verify their identity. This creates an extra layer of security by adding one more element to the authentication process. If a user’s login credentials are compromised, malicious actors won’t be able to access the resources since they would need to have both the login credentials and the 2FA code.  One of the most widely used methods of 2FA is an SMS-based code, where the user needs to en

What is Ransomware & How to Prevent it?

Hackers are looking for a new and easier way to make money by entering on other people's system and ransomware is one of the tools they use to make money by locking the computer of people and organization. In my previous article, I discussed cryptojacking malware and why it is a big threat to information security. On that article, you can read how and why bad guys are injecting code on people's computer to make money from that. Ransomware is another major threat to cyberspace that I would like to discuss this article. What is ransomware? Ransomware is a software that is designed to block access to any system, files or operating system until we pay a certain amount to the attacker. Most of the time the attacker will encrypt the files of the computer and they will provide the key to decrypt only after paying the amount they are demanding. Most of the ransomware attack will give very limited time to the victim to pay the demanded amount and if they fail to decrypt it within th

Triton: A Malware That can Kill Human

When we think of malware we think of a program that is designed to harm a computer device, servers or network. But these days bad guys are creating malware targetting the critical infrastructure which can deliberately kill people. Malware that is targetting critical infrastructure and human damage is not new in the cyberspace as there were few other cases before like Stuxnet but nowadays such malware is increasing at an alarming rate. Recently one malware was detected by an experienced cyber responder Julian Gutmanis which could pose a serious threat to human life. The malware was found on the server of the petrochemical plant in Saudi Arabia in the summer of 2017. The initial vector of malware infection is still unknown but it could be the result of a phishing attack. Hacker managed to deploy their malicious program on the plant's safety instrumented system so that they could have full control of the safety system of the plant. Hackers were able to control the plant's system