It could be argued that nothing has done more to impact globalization than the Internet but that growth is not without significant risk. As trading partners exchange information along the super-highway, they are vulnerable to cyber threats due to their growing reliance on inter-connectivity on both trusted and untrustworthy systems. Unfortunately, too many businesses focus on hardening their own perimeters and fail to obtain assurances that their partners have adequate safeguards.
Internet impact on globalization
Today, the Web is transforming commerce. New technologies continually hit the market that make it simpler and cheaper for companies and customers to transact business, and for streamlined business-to-business trade operations.
Virtually all industries have benefited from advances in Internet technologies that speed up the delivery of data packets and enhance security. Without question, the Internet powers the economic, cultural and political components of globalization.
Globalization risks
With robust Internet connectivity resulting from increased demand, the Internet-connected world is a vast hunting ground for cyber criminals of all skill levels. The ease of access to malicious software allows anyone with even a little know-how to easily download and use the tools in mischievous or criminal ways.
The prevalence of hacking tools means security threats come in many forms, from innumerable sources, and pose a threat to assets such as intellectual property, trade secrets, bank accounts, financial data and so on. In other words, every item of information stored on a computer connected to the Internet.
In addition, the Internet of Things (IoT), the growing network of machine-to-machine communication built on cloud computing and networks of sensors that collect and exchange data, will impact consumers and businesses and extend their vulnerabilities even more.
Securing the cyber connections
Businesses recognize the importance of securing their data and are working to broaden awareness of the issue throughout their organizations through employee training programs designed to educate personnel about online areas of attack and phishing. Information technology policies and procedures are being updated to reflect the burgeoning types of cyber-attacks and insider threats.
As businesses tighten security to protect against new threats, questions about cross-border partners and service providers surface:
Does the partner have the minimum controls in place?
Does the partner operate in an information security culture?
Are applicable laws and/or industry regulations in the partner’s country taken into consideration?
If personal, identifiable information is to be shared, is reasonable due diligence conducted to determine the partner’s ability to meet privacy requirements?
Are partners required to maintain written security policies and procedures?
There are obvious challenges in assessing a partner’s cybersecurity defenses and incident response capabilities especially when there are no industry trade associations or government agencies that offer guidelines for best practices and audits to its membership or constituents. Thus, in most cases, businesses must vet each other and agree on a certain level of risk tolerance.
The following are basic action steps that should be followed when executing a partner agreement:
Involve IT security early on to assess a potential partner’s security protocols and standards;
Become familiar with the partner’s country’s trade associations, laws and regulations; and confirm the existence of:
IT security policies
Business continuity & disaster recovery plans
Acceptable use policies
Adequate employee background checks
Recurring external vulnerability assessments
Information classification
Retention and destruction policy
Policies, procedures and systems in place to monitor and detect attacks and intrusions.
The level of interconnectivity between businesses continues to increase with advances in information technology and places more demands on companies to ensure its resources are protected. This includes guarding information assets stored and transmitted internally and with trading partners.
Cross-border trading partners, especially Mexico and the U.S., need to be diligent due to the numerous occurrences of breaches or attacks that occur on one side of the border and have devastating effects on the other side.
The attacks on Sony Corporation through PlayStation® and later the movie division wreaked havoc not only on their reputation but on their operations, sales and overall functionality. Fortunately, a solid crisis management plan provided a rapid recovery but not after severe ill effects.
The lesson to be learned is “trust but verify” and ensure technology teams on both sides of the partnership are diligent in their knowledge of data protection, cyber security and the tools to support a trusted environment.
