Have you ever watched one of those survival-in-the-wild type programmes? You know the ones we mean. There’s always a rugged guy showing you how to make fire with nothing more than your underpants and a sweet wrapper. Or telling you how to survive on a frozen mountain for two weeks with only a bottle of water and two cable ties. Why do we put ourselves through that? We live in suburbia. Surrounded by roads, convenience stores and cupboards full of warm clothes. The chances of us ever needing any of those skills are slim to none. Yet we sit glued to our screens, taking notes in case we’re ever stuck out in the Canadian Rockies armed with only a toothpick and our memories of the show.
Puzzlingly, we don’t pay nearly as much attention to the far more real dangers lurking a lot closer to home. The ones that have a fair to moderate chance of actually happening. Theft, floods, extended power outages and cyber attacks, to name but a few. The reason for our apparent nonchalance about these very real threats is, very possibly, our ignorance of the potential devastation they could cause. No one ever makes reality shows about how to cope if your office building keeps getting broken into. Or what it could mean to your company’s credibility if you fall victim to cybercrime. Yet both these scenarios are, sadly, increasingly likely. This is why a security risk assessment specialist is someone you want to be chatting with.
Great question. The scope of this type of work is pretty wide, but essentially, he assesses how vulnerable your personal and company security is. Then he guides you on how you can increase your situational awareness. This means you don’t ever have to know how to get out of a tricky situation because you’re never going to get into one in the first place. So go hang up your bungee cords and sticky tape and read on!
Risk assessments can either be quantitative or qualitative. In a quantitative assessment, potential threats are given numerical values, based on how likely it is that they will actually occur, and what impact that occurrence would have. Qualitative risk assessments, which are more commonly used, don’t use numerical probabilities, nor do they make loss predictions. The goal of a qualitative approach is simply to rank which risks pose the greatest danger were they to actually happen.
Both these approaches can be tackled using similar steps, the first of which is to understand exactly what assets you have, and of those, which are business critical. In other words, which assets, if lost, would spell the end of your company? To do this, you need to think about what your business’ key objectives are, and what assets you really need to help you achieve them.
The next step is to assess your greatest vulnerabilities and threats. Is your business located in an area prone to break-ins and other criminal activities, for example? Do you have enough cybersecurity measures in place to reduce the likelihood of sensitive data being accessed without authorisation?
And finally, what would happen to your business if each of the threats you’ve just outlined become realities? Would they have a high, medium or low impact? Think about a data breach, robbery or prolonged system downtime.
This largely depends on the type of industry you’re in, and the relevant compliance rules applicable to your business. An information security risk assessment, for example, will identify gaps in the architecture of your company’s IT structure, and how potentially hazardous those gaps could be.
Unless you have a high degree of knowledge in this area, it is highly advisable to hire a professional risk assessment specialist to conduct an assessment.
Since 1998, Vision Catcher has introduced and evolved best of breed solutions for IT, Cyber and Physical Security for many major Corporates throughout Southern Africa as well as internationally. And we can do the same for you. We ask the right questions so that we get the right answers. This means we can create risk-inspired solutions to protect your family, home and business. For true peace of mind, contact us today.