Continuous evolution of the society and the technologies applicable in everyday personal and professional life has led to the emergence of new security threats and challenges to social, business, governmental and educational institutions and organizations. The more the measures taken to increase security, the more the threats to security evolve and become more sophisticated (Ghosh et al. 2004). In fact, emerging security trends have become central to decision making processes in most organizations due to the fact that any organization could be directly or indirectly affected, compromising its operation and the security of its employees and customers.
In this essay, I have chosen to analyze emerging security trends and how they may affect Heartland Financial USA since being an organization that offers a diverse range of services including banking, mortgage, wealth management, insurance and consumer finance services in many locations, the organization experiences a unique set of security challenges, many of which are not very consequential in most industries. At the end, I will discuss the role of risk and cost-benefit analysis in the decision-making process.
Heartland Financial, like almost all other organizations operating in the modern era, utilizes modern information systems to manage client, employee and organizational data. Its operations span across 73 different locations in the country, and all are networked for the purpose of information sharing, distribution processing and client efficiency (Lieberman Software Corporation, 2010). This brings in a problem that has affected most organizations since the advent of the information age: network intrusion and cybercrime.
Even though cybercrime is not a new threat to security, the seriousness with which it should be addressed has tremendously increased due to evolution in ICT technology. The internet has spread far and wide with the number of users exponentially increasing. The number of criminals perpetuating crime in cyberspace is correspondingly increasing, especially after the invention of high-speed (ultra-broadband) internet communication.
Malware like worms, viruses, spyware and Trojan horses have been used in the past to wreck havoc in organizational databases, but their structure and intent is changing with time. Blended internet threats which have multiple propagation mechanisms are on the increase, bearing more risks as time goes by (Bauer & van Eeten, 2009). Blended threats pose a serious risk to Heartland Financial in that they can destroy its organizational database and steal customer information which is supposed to be private and confidential.
When names, account and credit card numbers passwords and addresses of customers and employees land in the hands of cybercriminals, they are used to perpetuate felonies like online fraud, identity theft and espionage (Lieberman Software Corporation, 2010). The problem with Heartland Financial was that it had set identical passwords in all access points to its network. Malware could easily implant itself in the network and illegally access information with criminal intent.
To protect itself, its customers and its employees, Heartland Financial employed internet security software to secure access to its databases. Since network intrusion occurs mainly when privileged account access points are left open due to human error (like failure to log out), the system installed managed all passwords to access points by randomly changing them and notifying authorized users of the same (Lieberman Software Corporation, 2010). This strategy is very good as it also reduces the probability of internal threats orchestrated by disloyal or disgruntled employees.
Virulent cyber attacks have also been orchestrated to maliciously cripple networks thus inhibiting routine operations of an organization and inconveniencing customers. Since cybercriminals are modifying their strategies very fast, it is of paramount importance that Heartland Financial keeps reviewing its preparedness to future threats. The mobile internet revolution is causing major security concerns for financial institutions all over the world. Very powerful devices are being manufactured with always-on internet capabilities and extensive data storage capacities.
People are accessing their accounts and portfolios on the go, but the worrying trend is the rate at which these devices (internet enabled mobile phones, Personal Digital Assistants and laptops) are being stolen or misplaced (Bauer & van Eeten, 2009). With continued innovation in the mobile telephone and portable communication and data storage devices, the number of people using these technologies is expected to continue growing; and so will the threats to security.
Heartland Financial can protect itself and its customers by advising them to practice due measures while carrying sensitive information in mobile phones, laptops and PDAs. Such measures would include encrypting the files, activating security code or Personal Identification Number (PIN) identifier requests before the information can be accessed and reporting any stolen or misplaced devices to relevant authorities including its management (Bauer & van Eeten, 2009).
Employees should also be educated on safe use of portable information tools and advised not to carry passwords, sensitive organizational information and identity records carelessly since these are the ones required by criminals to mastermind felonies. Criminals are exploiting the power of being in possession of large amounts of personal information and are therefore willing to pay handsomely just to get loads of consumer data (Ghosh et al. , 2004).
The use of Universal Serial Bus (USB) storage devices should be disallowed in the organization, and file sharing and transfer should be done only through the secure network established. Physical threats are also evolving, posing serious threats to security in the future. Global terrorism has mutating in the wake of the war on terrorism. Political and religious unrest, civil riots, robberies, wars and espionage and many other eventualities have a very big potential of undermining the security of an organization.
Nobody is entirely safe, but measures need to be put in place to minimize the risks that could emanate from such eventualities in the future. With regard to the safety of organizations and their staff, stringent measures should be taken to prevent criminals from accessing infrastructure like buildings and data storage safe-houses. Such measures may include installing explosive detectors at building entrances, enforcing security checks on everyone going in or out of the building and placing the entire place on video surveillance 24 hours a day (Ghosh et al. 2004).
Customer and organizational data should be stored in strongholds and backup copies made just in case the original ones are destroyed either by terrorist attacks, riots or burglary attacks. All the above are emerging security issues that could affect Heartland Financial as a business organization having infrastructure, human resources and clients. Part of the role of the management is to address these risks while making policy to run the company efficiently and to maximize profits (Shapira, 2002).
All the recommended steps all involve some form of direct or indirect investment on the part of the organization; and this is where risk and cost-benefit analysis become integrated into the organizational decision-making process. Cost-benefit analysis is the process of qualitatively evaluating a process to explicitly weigh the total costs of implementing it against the total benefits that can be amassed from its implementation (Shapira, 2002). Of course according to business principles, the benefits of a project which is executed only once may be reaped over a long time.
On its part, risk is the possibility of incurring an unforeseen misfortune or a loss. Both aspects need a very special attention in the decision making process within an organization. Referring back to the case of Heartland Financial, the measures it had to take were of course a follow-up to a decision the management reached. The decision to outsource the services of internet security experts was founded on the fact that the information system at Heartland Financial was facing a risk from hackers and other online criminal acts.
There must have been deliberations on the cost of utilizing the services of Lieberman Software which installed the Enterprise Random Password Manager software in all branches of their network; and the benefits the process was going to bring. By incurring the cost of installing an expert security system, Heartland Financial reduced the threats emanating from the internet targeting its organizational data as well as the personal details of its customers. If no action had been taken, Heartland Financial would be prone to cyber attacks which would most likely cost a lot than the intervention did.
The decision also enhanced the trust its customers had in it, prompting them to continue using their services. The decision may therefore be assumed to have been based on the premise that it would be multi-dimensionally beneficial to the organization in the long run (Shapira, 2002). Alternatively, choosing to use technological tools like networking was in itself a risk brought about by the need for innovation (Shapira, 2002). The organization perpetually assumed the responsibility of protecting its resources from threats which may result from such a decision.
In conclusion, the more the society arms itself against criminal attacks, the more criminals improve their methods of effecting threats. Organizations are continuously faced with new challenges in their endeavor to cater for the security requirements of their installations, employees and customers. With security trends shifting with time, we are likely to see risk analysis play an increasingly significant role in decision-making. Measures to counter emerging threats however should not be left to the organization; they should be a matter of compliance.