Skip to content
NGTEdu Logo

NGTEdu

A PRODUCT OF NGTECH.CO.IN

NGTEdu Logo

NGTEdu

  • Home
  • Cyber Attacks
  • Malware
  • Vulnerabilities
  • Data Breach
  • Home
  • Cyber Attacks
  • Exploring ESG Through a GRC Lens
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Exploring ESG Through a GRC Lens

4 years ago Tripwire Guest Authors
Exploring ESG Through a GRC Lens

Oftentimes, three-letter acronyms trend and become buzzwords. At other times, they act as catalysts by influencing the business environment in which an organization operates. Such acronyms include CSR (corporate social responsibility), GRC (governance, risk, and compliance), and the most recent one, ESG (environmental, social, and governance). These are important business concepts that drive investment considerations and organizations’ cybersecurity commitments to customers. A common factor amongst CSR, GRC, and ESG is the role of governance in steering an organization’s vision, mission, and operations. Governance provides a structure to improve decision making and utilization of resources to achieve objectives.  

Understanding ESG

Though ESG gained traction within the last 2 years and became a major investment consideration, it evolved from a 2004 initiative by the United Nations in cooperation with the International Finance Corporation (IFC) and the Swiss government to integrate environmental and social factors in corporate governance. The central idea of ESG as an investment framework is that by incorporating environmental and social policies in corporate decisions and processes, organizations are better positioned for a more sustainable and favorable market outcome. It is now mainstream for investors to assess environmental, social, and governance risks and opportunities in the selection of their investment portfolios. 

There are three main pillars in the ESG framework: environmental, social, and governance.

Environmental: This pillar tasks organizations to consider the effect of their products, services, and actions on the environment and encourages the implementation of policies and processes to reduce adverse impact. 

Social: This pillar focuses on an organization’s social responsibility to internal and external stakeholders, particularly its position on social issues such as diversity, equity, and inclusion, racial and gender justice, community involvement, and data protection. 

Governance: This pillar is the foundation of the ESG framework as it focuses on the systems, policies, and processes organizations have in place to govern operations, influence corporate culture, identify and address risk, and align with compliance and regulatory requirements. For instance, investment in cybersecurity controls is an example of governance action to ensure that the organization implements adequate customer data protection. 

ESG as a Risk Indicator

ESG is an approach to understanding internal and external factors that could pose risks to an organization’s opportunities to remain operational and sustainable. A fundamental focus of ESG is to identify such factors, assess their risks, and implement controls to mitigate the impact on the business.

During a conversation with a CRM vendor, I inquired about their business continuity and disaster recovery capabilities. I wanted to know if the vendor could quickly restore operations should a tornado or hurricane impact a location. This is not just an environmental challenge that organizations should consider, there is also a cybersecurity implication. For example, in the event of a ransomware attack, if the backup site is inaccessible because of hurricane or tornado damage, the business’ ability to recover from a disruption could be delayed.  

Prior to the popular adoption of cloud infrastructure, a good practice was to ensure that a cold or warm site was far from the main company location. A major reason for such practice was to minimize the susceptibility of both locations to similar geographical vulnerabilities, especially inclement weather. It is even more crucial to understand how cloud services and web application providers protect against environmental factors such as a tornado or hurricane. Dependence on vendor applications puts customers at risk if adequate contingency capabilities are not in place, including data centers that are built to withstand environmental disruption.  

Importance of Governance

Whether it is a decision to build a facility that can withstand structural damage caused by weather, or establish a socially responsible and cybersecurity-centric culture, governance is pivotal. As ransomware and other cyber threats continue to be successful, cybersecurity has become a governance responsibility. More than ever before, governance plays a principal role in protecting against cyber threats and other business risks. It is imperative that decision makers consider environmental, social, and governance challenges that could impact their ability to deliver critical mission objectives and remain profitable in an extremely competitive and saturated market.

Cybersecurity is Integral to Successful Implementation of ESG

Yes, cybersecurity is integral to all three pillars of ESG, playing a significant role in an organization’s successful ESG adoption. The relationship between cybersecurity and environmental factors transcends building environmentally sustainable facilities and ensuring alternate sites are unsusceptible to environmental disruption. With the proliferation of smart buildings and the Internet of Things (IoT), the integration of information systems and physical structures creates opportunities for cyber threat actors to disrupt critical infrastructure or transform IoTs into exploit bots that could amply a Distributed Denial of Service (DDoS) attack. 

Just like weaponizing IoTs, a successful unauthorized control of critical infrastructure components could also result in large-scale disruption and destruction. Such an attack is not imaginary, but very possible when cybersecurity controls are not properly implemented. In 2021, a Florida water treatment facility was successfully compromised due to outdated software and a weak password. The timely containment of the attack prevented potentially catastrophic results.

Social considerations are becoming mainstream cybersecurity conversations. Besides the importance of having a  diverse cybersecurity workforce, there has been an increase in socially motivated hacktivism. Misinformation and phishing attacks leverage social media platforms, making it more challenging for cybersecurity professionals to prevent such attacks. Successful ransomware attacks against critical infrastructure directly impact society. From the cost of meat going up because of an attack on a major meat seller, to the disruption of a major US fuel distributor, which created artificial scarcity and subsequent disruption of social life, social and psychological effects of cyber threats are becoming critical to an organization’s sustainability. Businesses which fail to protect customer data are not only faced with compliance fines, but they also lose existing customers and new opportunities. More than ever, customer trust is closely entwined with adequate protection of customer data. 

The social implication of cybersecurity has led to a new scientific investigation known as social cybersecurity. Social Cybersecurity is an emerging field of study which explores the relationship between cyber-mediated environments and human behavior, sociocultural structures, and political systems. The focus areas of this study are “social media and cyber-attacks, cyber team training, and threat prediction”.   

An organization’s commitment to cybersecurity is reflected in its governance and business operations. Appropriate funding as well as enabling a culture of compliance and cybersecurity are tangible evidence to show that such an organization is committed to the ESG framework.  

 GRC Helps Organizations to Achieve ESG

Although ESG is an emerging framework, implementing it may be exigent. However, organizations with an existing GRC process can quickly adapt and reap the benefit of implementing ESG controls. According to OCEG, GRC is the “integrated collection of capabilities that enable an organization to reliably achieve objectives, address uncertainty and act with integrity”.

A well-established GRC effectuates the right risk management program to identify environmental, social, and compliance risks that could adversely impact the organization. Effectively mitigating ESG risks requires the implementation of appropriate controls. For instance, environmental risks which pose threats to critical infrastructure could be effectively managed with an intuitive industrial control system. Social cybersecurity risks could cause serious business disruption; hence, implementing a robust cybersecurity program enhances preventive and responsive controls.        

Demonstrating compliance is an integral component of ESG and GRC. Non-compliance with regulations or sustainability expectations could cause financial, economic, and social repercussions. It is important for organizations to implement a compliance program that provides reassurance to internal and external stakeholders that a company can be trusted.  

ESG has come to stay, and its influence will continue to grow. Beyond the buzzword, organizations that embrace the framework will reap the benefit of successful implementation. Organizations do not need to wait till they fully grasp the scope of the framework, they can leverage current GRC process to align with their ESG objectives to achieve sustainability and profitability.  

About the Author: Funso Richard is an Information Security Officer at a healthcare company and a GRC Thought Leader. He writes on business risk, cybersecurity strategy, and governance.   

Editor’s Note: The opinions expressed in this guest author article are solely those of the contributor, and do not necessarily reflect those of Tripwire, Inc.

The post ” Exploring ESG Through a GRC Lens” appeared first on TripWire

Source:TripWire – Tripwire Guest Authors

Tags: Cloud, Critical Severity, Encryption, Exploit, Finance, Google, Goverment, Malware, Medium Severity, Phishing, Ransomware, TripWire

Continue Reading

Previous Researchers Discover Nearly 3,200 Mobile Apps Leaking Twitter API Keys
Next LockBit Ransomware Abuses Windows Defender to Deploy Cobalt Strike Payload

More Stories

  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users

7 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Vulnerabilities

OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link

9 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach

Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos

9 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats

13 hours ago [email protected] (The Hacker News)
  • Critical Vulnerability
  • Cyber Attacks
  • Data Breach

Securing the Mid-Market Across the Complete Threat Lifecycle

13 hours ago [email protected] (The Hacker News)
  • Cyber Attacks
  • Data Breach
  • Malware
  • Vulnerabilities

Notepad++ Official Update Mechanism Hijacked to Deliver Malware to Select Users

16 hours ago [email protected] (The Hacker News)

Recent Posts

  • Researchers Find 341 Malicious ClawHub Skills Stealing Data from OpenClaw Users
  • OpenClaw Bug Enables One-Click Remote Code Execution via Malicious Link
  • Microsoft Begins NTLM Phase-Out With Three-Stage Plan to Move Windows to Kerberos
  • ⚡ Weekly Recap: Proxy Botnet, Office Zero-Day, MongoDB Ransoms, AI Hijacks & New Threats
  • Securing the Mid-Market Across the Complete Threat Lifecycle

Tags

Android APT Bug CERT Cloud Compliance Coronavirus COVID-19 Critical Severity Encryption Exploit Facebook Finance Google Google Chrome Goverment Hacker Hacker News High Severity Instagram iPhone Java Linux Low Severity Malware Medium Severity Microsoft Moderate Severity Mozzila Firefox Oracle Patch Tuesday Phishing Privacy QuickHeal Ransomware RAT Sim The Hacker News Threatpost TikTok TripWire VMWARE Vulnerability Whatsapp Zoom
Copyright © 2020 All rights reserved | NGTEdu.com
This website uses cookies to improve your experience. We'll assume you're ok with this, but you can opt-out if you wish. Read More here.Cookie settingsACCEPT
Privacy & Cookies Policy

Privacy Overview

This website uses cookies to improve your experience while you navigate through the website. Out of these cookies, the cookies that are categorized as necessary are stored on your browser as they are essential for the working of basic functionalities of the website. We also use third-party cookies that help us analyze and understand how you use this website. These cookies will be stored in your browser only with your consent. You also have the option to opt-out of these cookies. But opting out of some of these cookies may have an effect on your browsing experience.
Necessary
Always Enabled
Necessary cookies are absolutely essential for the website to function properly. This category only includes cookies that ensures basic functionalities and security features of the website. These cookies do not store any personal information.
Non-necessary
Any cookies that may not be particularly necessary for the website to function and is used specifically to collect user personal data via analytics, ads, other embedded contents are termed as non-necessary cookies. It is mandatory to procure user consent prior to running these cookies on your website.
SAVE & ACCEPT