IT-Governance and Why it is Important
Introduction: What is IT governance and why it is important? It is not enough for corporations to have IT systems and expect them to deliver strategic value to them. Instead, there needs to be a mechanism in place to regulate, monitor, and govern the value creation efforts of the IT systems. This governance mechanism of […]
Analyzing Business Decision Making Process
Continuous analysis of organizational decision-making process is essential to high quality and transparent decisions; otherwise a business runs with a prejudice: the notion that it is good at making decision, even if in reality it is not. And probably this is why both, decision makers and decision support system analysts try to get a profound […]
The Benefits of Automation for the Healthcare Sector
The Need for Automation of Healthcare Activities There are many benefits to healthcare providers through automation. Not only will the end to end processing of customer records would be made easier, automation would also result in the actualization of efficiencies and synergies across the entire value chain of activities that healthcare organizations provide. When we […]
Change and Risk Management in ERP Implementation
An ERP system is a process and not an end in itself. Perfunctory Implementing of ERP system will not boost efficiency. Reasons for failure of an ERP project such as lack of commitment from management and employees, lack of communication, knowledgeable employees not available for the project, are mostly organizational issues and have nothing to […]
Role of a Process Owner in a Six Sigma Project
The process owner is the person who is supposed to be in charge of the improved Six Sigma process. Since they are the one that have to run the process after it is improved, it is essential that play a role in the Six Sigma project. Although the process owners are not involved in the […]
It has become commonplace in contemporary organizations to have extensive IT (Information Technology) infrastructure and software and hardware assets. Indeed, with the wholesome adoption of IT by organizations, there is no organization worth its name that does not have an IT backbone no matter how small it is. This means that organizations cannot function without IT systems.
Further, IT has become crucial and critical to ensuring competitive advantage for organizations and there is no way in which business can be transacted without IT.
Having said that, it must be noted that having an IT system does not mean success or guaranteed outcomes unless organizations take steps to ensure that their Information Security protocols and procedures are well designed and their IT assets are protected and safeguarded against external and internal threats.
Indeed, with IT becoming pervasive, so are the multiple threats such as hacking by external actors, stealing of confidential and private information by internal actors including employees, cyber attacks that leave the IT infrastructure vulnerable to financial loss, and above all a pervasive threat of all these malign actors gaining access to the organizational IT systems and resorting to acts that can compromise the business of the organizations.
We have listed external and internal threats above. While it is well known that external threats manifest due to hackers and cybercriminals taking advantage of loopholes and vulnerabilities in the IT systems and infrastructure, it must also be noted that threats from within are something that are as dangerous as threats from outside.
Indeed, in recent years, there has been an increasing tendency for the cybercriminals to be assisted by internal actors within organizations who provide them with inside information and details about the organizational systems and IT infrastructure.
Moreover, it has also been found that more often than not, it is the insiders who enable the hackers from outside to break into the organizational IT systems and create chaos and wreak havoc.
On the other hand, one cannot completely ignore threats from hackers who are out to penetrate the IT systems not only with ulterior motives but also from competitors and other entities who have now taken to cyberspace as a means of extending their competitive games.
Indeed, if not anything, the threat from hackers who owe allegiance to rivals and peers is something that is slowly being recognized as a legitimate cause for concern among IS (Information Security) professionals.
Further, even entire countries and their intelligence agencies are now engaged in cyber hacking of their rival countries organizations in order to cause damage and economic loss to them. this is especially so in the context of the rivalry between the United States, China, and Russia wherein hackers from all countries who are aided and abetted by their backers from the commercial and national security interests hack into systems of their rivals so as to inflict damage and cause economic, financial, and reputational loss apart from causing disruptions to business.
Therefore, all these aspects mean that IS professionals in organizations have to foolproof their systems to safeguard them against these multiple threats and ensure that their IT assets and hardware as well as the IT infrastructure are protected. Indeed, with so many threats lurking in cyberspace, it is not uncommon for organizations and the IS departments to erect firewalls and restrict access to their systems from external sources.
This is also the reason why many organizations in recent years have taken steps that would curtail the internet usage of their employees so that they do not leave digital footprints in cyberspace that can be exploited by malign hackers and cybercriminals.
Another area of concern for IS professionals is the growing incidence of phishing and identity theft which is far more serious when it concerns the accounts of managers and senior executives apart from the leadership in their organizations.
While identity theft and phishing can cause losses to anyone and to organizations, where it affects the senior employees, it has the potential to seriously harm the organizational objectives as most of these employees would have highly classified and confidential information stored in their systems.
This is the reason why many IS professionals are now advocating secure and protected systems for the managers and senior leaders that are different and more walled than that used by rank and file employees.
Indeed, with so much concerns over these aspects, the IS professionals are also ensuring that above a certain level in the organizations, the IT and internet access is through dedicated and standalone lines rather than generic and companywide access that other employees have.
Finally, as the saying goes, prevention is better than cure and offense is the best form of defense, which means that IS professionals would be well advised to take steps to prevent rather than react to cyber breaches and to adopt aggressive postures against potential hackers as well as malign insiders instead of reacting after the breach or the hacking incident.
Further, it is also the case that things as mundane as writing down the passwords on papers that are left unattended and not locked away can also cause IS breaches. In addition, while one thinks that hacking is something that happens out there, as simple as visiting a website with inadequate security controls can also become the source of a major breach. In conclusion, it is worth remembering that carelessness and oversight are at the root of IS risks and hence, it is advisable to take measures to minimize these aspects.
Your email address will not be published. Required fields are marked *
Communication Systems and Groupware – Information System Concepts that Apply in All Functional Areas of Business
February 12, 2025
