Step One in Improving Cyber Security: Risk Assessment

Although we’ve another 6 weeks left in the calendar year, 2017 is already being seen as one of the worst years for data breaches on record. Some notable highlights include:

It’s enough to take your breathe away. And if you’re looking for signs that security breaches are easing off, and we can finally take a sigh of relief — I’d suggesting holding your breath. PwC recently released their 2018 Information Security Survey, which surveyed more than 9,000 business and technology executives around the world.

Cyberattacks risk everything from monetary theft, privacy breach and brand reputation damage. Most troubling is that a significant number of organizations don’t even know that they’ve been breached.

Although the United States is reported to be the most affected region for attacks over the last year, Canada ranks a close second. In fact, in the coming year, ransomware attacks in Canada are forecasted to increase in small and medium sized businesses within legal and financial services sectors.

While some cyberattacks are the result of sophisticated hackers using new and advanced techniques, the majority of breaches are caused by basic security flaws that could be easily prevented with sound process control and governance on development and infrastructure operations. While many business and technology leaders still view security and innovation as opposing forces, controls and governance must be applied to minimize risk of exposing private customer data.

In my mind, organizations are setting themselves up for a significant fall by failing to adequately understand and prepare for the risks facing them. It’s time to take our heads out of the sand.

An information security assessment and audit is the very first step an organization must do to review technical systems, physical security, and policies that could lead to a data leak, ransomware or malware breach. It needs to take into account internal processes, the role of an increasingly mobile workforce, and working with third parties, such as agencies, suppliers and vendors.

Any company attempting to develop or implement a digital strategy without this knowledge will simply be setting their company up to join the growing list of companies that have compromised their reputation, future-growth — and — brought heightened regulatory attention, as well as possible litigation.

There are many IS Security assessments available, but if it is to have any impact, the risk assessment needs to be detailed.

I’m proud of the comprehensive Information Security Assessment that our team has developed. It takes into account multiple frameworks and standards, including: COBIT, ISO 27000 series, and the NIST Special Publication series.

Upon completing the assessment’s questions, your team can download a unique results report that is entirely customized to your organization’s needs. This document will help your team detect the security holes that could be making your company vulnerable, and will provide recommendations to take care of them before your issues become public.

Alternatively, our team can facilitate a Security Interview that will help you identify, document, and prioritize security risks.

Areas examined:

  • Organizational context
  • Risk identification
  • Risk Analysis
  • Risk Evaluation
  • Risk Treatment Strategies

During the Interview process, we’ll make notes of appropriate controls and measures relevant to your organization and include them as recommendations in our final delivery.

As 2017 draws to an end, take comfort in knowing that you’re being supported by the right solutions, that your business is safe, and will remain competitive and secure as we head into 2018.

Take the first step to improving your cybersecurity now:, or contact me directly ( to discuss in more detail our Security Assessment Interview offering.


Darko Antic, Chief Technology Strategist, K2 Digital

About the Poster

Lawrence Tepperman is the Founder and Managing Director of K2 Digital, a leading digital transformation services and solutions firm. He has more than 20 years of experience building companies through marketing, software solutions, and management consulting. He founded K2 Digital in 2012 in order to help companies realize the tremendous benefits of digital transformation before they are disrupted.