Medium-sized companies in particular are under enormous pressure: the number of cyber attacks reaches new highs almost every day. At the same time, the need to regulate is growing. How can risks be managed efficiently without paralyzing the entire management of a company?
In mid-February, the Federal Office for Information Security (BSI) in Bonn sounded the alarm – once again, as so often in recent times. Companies and public institutions in Germany were also damaged in a large-scale global wave of cyber attacks using blackmail software. “According to the current state of knowledge, there seems to be a mid-three-digit number of people affected in Germany,” said the BSI. The gateway for the hacker attack were open flanks in outdated software.
“The threat level is higher than ever”
Unfortunately only one example of so many from recent times. “Cyber attacks on companies are the order of the day, the threat level is higher than ever,” warns the BSI. Attacks are increasing, especially from Russia, which is using cyber attacks as a new form of warfare against “the West”. Company management must be aware of this and make cyber security an integral part of risk management.
Gerhard Schabhüser, Vice President of the BSI: “Cyber security means protecting corporate assets, and cyber security in the supply chain can protect entire industries. More than ever, information security is a basic requirement for sustainable, secure digitization – especially in companies.”
The IT experts at neto consulting have been preaching for a long time that cyber security is a central, if not the central, management discipline these days. The consulting company is one of the leading addresses for advice and support on topics such as the organization of IT security and its processes in the field of cyber security.
IT security guidelines are just the tip of the iceberg
The neto consulting consultants pay particular attention to uncovering weak points. The focus is on the analysis of the various guidelines and their implementation. Too often SMBs resort to Excel or other manual solutions to monitor their compliance – and too often it’s users who are the gateways.
The Rosenheim consulting company offers its customers governance, risk and compliance from a single source. Because the corset of external and internal risks, but also growing requirements and regulations, is becoming ever tighter, especially for medium-sized companies. The entire topic of “Governance, Risk and Compliance” – GRC for short – is becoming increasingly important for companies. “Governance” describes the way in which executives, management or even the members of the supervisory board run a company. “Risk management” includes dealing with all conceivable potential risks – from financial risks to the immensely growing IT risks. “Compliance” defines the power of a company to comply with existing laws, guidelines, rules and standards at all times.
Governance, risk and compliance under one roof
But this dance on equal weddings ties up resources – in many companies and cases too many resources. Therefore, the idea was developed to interlink and automate the three aspects of governance, risk and compliance using smart software.
The result was the product “embedded GRC(“eGRC” for short) from Goriscon GmbH, which, like neto consulting, belongs to the M71 Group: The program enables companies of all sizes and industries to implement IT-supported processes in a targeted and efficient manner in different areas –
from information security to data protection and risk management.
The program relies on clear dashboards and, thanks to the integrated workflow and the provision of ready-to-use templates, significantly reduces centralization and implementation.