Any company has specific trade or production secrets and intellectual property that is definitely worth protecting. Nowadays, computer hacking or careless users are not paying attention to processes and procedures that can pose serious threats to company’s data and information (Burgess, 2014). Since nowadays cyber-attacks become more sophisticated and complex, there is no single approach to risk management in cyber security. However, it is important to establish basic components that must be incorporated into any cyber-security risk management approach (Martin & Shepard, 2013). Refsdal, Solhaug and St?len (2015) also outline the main processes of risk management, as communication and consultation of cyber-risk, cyber-risk assessment, and monitoring and review of cyber-risk. According to Chaudary and Hamilton (2015), an effective cyber-security risk management effort must include effective framework, end-to-end scope, thorough risk assessment and threat modeling, proactive incident response planning and dedicated cyber-security resources. Any of the associated risks in the cyberspace could be prevented or eliminated in a special way. In this paper, I shall analyze possible management methods of the associated risks of malicious attacks, such as Trojan, worms, spyware, and data loss.
According to the survey by Ponemon Institute LLC, the average total cost of data breach in 2014 increased up to $3.5 million, a 15% increase from 2013. However, average losses and costs from cyberattack could be much higher in the video game development company (Chaudhary & Hamilton, 2015). Risk management, control identification, and selection processes are important, specifically in this company, since video gaming development is a highly profitable business. Due to this fact, it is important to finish all the orders on time, and malicious attacks are a threat not only to the company’s products, but also to deadlines the games are fulfilled. Besides irreparable damage viruses can cause to computers, they can hack the intellectual property of the company. That is why, cyber security is an issue of high importance to the company. Moreover, competitors on the market are able to organize malicious attacks, in order to get access to specific codes of games and game models. Taking into consideration the significance of data in this company, risk avoidance and mitigation are the only methods of risk management that should be pursued. While risk acceptance will lead to the loss of essential information, data and, consequently, money, it is essential to do everything possible to prevent the possible cyber-threats. In fact, cybersecurity is focused on preventing attacks and controlling the access with passwords, firewalls, and similar measures (Chaudhary & Hamilton, 2015).
Since Trojans, worms and spyware can access the computer in similar ways with the help of its users, it is important to take action to prevent them. One of the preventive risk management strategies can be the creation of corporate crisis management team that will conduct a plan of action to deal with the potential cyber-attacks (Burgess, 2014). Another step is cyber-awareness of employees. According to Burgess (2014), companies with security-aware users are less likely to be the victims of cyber attacks or data loss, since it is harder for the attackers to make employees install the tricky malware. That is why, it is important to provide proper cyber education for all of the company’s employees and inform them why it is important not to open suspicious emails, regularly change passwords to emails or not use social media from work computers, run local system scanner once a day. Preventive action is the best treatment of any of the malicious programs. In order to deal with malware, all the security software should be up-to-date and functioning, so there is a strong necessity to develop a plan of upgrade, scanning and eliminating all the suspicious activities on computers. Network packets and flows should be monitored for suspicious behavior. Besides, email gateways should be checking the spear-phishing emails (McLellan, 2013).
Potential controls, such as administrative, preventative and detective. All the workers are obliged to change their passwords and not be allowed to use forums, social media from their PC at work, as a part of administrative control; such preventive actions will decrease the possibility of downloading worms or spyware via Facebook, for example. Incoming and outbound emails should be thoroughly inspected, as well as web and file-share traffic in real time (McLellan, 2013). One of the preventative controls is installation of spy software on employees’ PC. This will help to randomly check the activities and find out the resource of possible malicious activities. Moreover, it will help to control daily activities of the company’s employees and instantly detect if any suspicious software is installed on any of the computers. System security scanning should be also conducted. Computers of all the employees should be randomly checked every 12 hours for availability of downloaded executive files that can pose threats. Timely license upgrade of security software and keeping the firewall up is a detective and preventative controls.
Data loss is one of the threats that video game developer can encounter. It can happen due to viruses and physical hardware breakage (McLellan, 2013). Elimination of this problem is technically challenging. In such a way, in this situation, data recovery from the hard drive will only be possible with the assistance of an experienced specialist and application of specific hardware and software. In order to avoid data loss, such preventive action as files and system backup should be implemented as an obligatory procedure. Data backup should be maintained regularly, so in case of hard drive breakage, it is possible to retrieve the information. Nowadays, cloud services are often used for data information storage.
It is important to carry out a detailed analysis of the detected threats and attacks, in order to be able to forecast future cyber threats for the company (McLellan, 2013). In other words, analysis will help to develop a plan that includes new tools and software, possible system and process changes and adjustments for greater protection, as well as changes in personnel, that is all actions that will enable the organization to effectively respond, in case of breach.
With regards to potential cyber attacks to be conducted by hackers onto the video games development company, there is a risk-response planning, as well as security strategy a company should pursue, in order to prevent or eliminate cyber threats. I advice to choose the preventive strategy of risk management by creating the risk management team, introducing the obligatory cyber-safety guidelines for all company employees, as well as obligatory cyber hygiene education for all the computer users in the company. Moreover, the risk management team is the one to control and conduct regular security checks, data backup and cloud system usage to save the files. Since the company deals with development of video games, preserving conspiracy of information is of high importance to pursue company’s goals. Thus, I recommend choosing administrative, detective and preventive controls to ensure high levels of cyber security. Typically, the preventive actions and security controls can be divided into the following groups:
- User-involved (creation of cyber management team and conduct cyber hygiene education for end users)
- Careful planning (create a plan for regular PC checks)
- Software-involved (install all the necessary security software, such as antivirus and firewalls, gateways, controls of timely databases upgrade and scanning schedules)
- Control (conduct regular data backups and hardware checks)
- Reporting (analysis and detailed reports on the existing threats that the company had to deal with)
This text was written by Bryan Morrell who is a writing editor at https://essaysprofessors.com