Caspar Herzberg |
Cybercrime costs the global economy an estimated market value of US$3 trillion, with 71% of companies admitting that they fell victim to successful cyberattacks in 2015. As a result, we can expect to see cybersecurity and the importance of having trusted software and systems continuing to be a top concern for business leaders due to its impact on corporate reputation, accountability of the senior management, and the bottom line.
This will particularly be a growing concern in the Asia Pacific region, where we expect to see rapid urbanisation and a growing middle class. There will be 4.7 billion internet users in 2025 and nearly half of them will come online between 2012 and 2025, comprised entirely from emerging economies, according to our Cyber 2025 Model report.
Further adding to the risk in the Asia Pacific region are factors such as a below par IT maturity and management, lack of cybersecurity skills and capabilities, low awareness around cybercrime, non-prioritisation on cybersecurity and heavy usage of non-genuine software (6 out of 10 computers in Asia-Pacific run on non-genuine software, according to the 2016 BSA Global Software Survey).
Here’s a checklist of what organisations need to ensure they have a robust cybersecurity posture to withstand and respond effectively to most cyberattacks and malware infections:
Keep your house in order: The question is not whether cybercriminals are going to attack, it’s just a matter of when. That said, the usage of IT assets which are old, unprotected, or are non-genuine in nature, substantially increase the chances for a cyberattack. For example, pirated and counterfeit software are known to come with embedded malware infections. The case for having a strong IT (software & hardware) asset procurement, usage, maintenance and periodic upgradation is more critical than ever before.
Start from within: The poor cyber hygiene of IT users, negligent employee behaviour or weak credentials/password protection within an organisation, adds a high degree of vulnerability for system compromise. With more and more personal devices being used at the workplace, the higher the chance they are infected, including unprotected interconnected devices (internet of things) which can be easy targets for cybercriminals to inflict damage, like the Mirai botnet attack.
Monitor all systems in real time: Invest in modern threat protection technologies to monitor, detect and remove common and advanced cyber threats in real time, and develop in-house expertise to undertake threat analytics. Some studies have suggested that the average time to discover a cyber threat from the time of infiltration in Asia-Pacific is in excess of 510 days, which far exceeds the global average rate of 140-200 days.
Trusted IT supply chain and regular review: Only use genuine, current and updated software – have a trusted supply chain across software, hardware, IOT, BYOD (bring your own device) and regularly review and assess cybersecurity investments and performance of both software and hardware deployment, including customer and vendor access to the corporate network.
Having a Big Data culture: Develop a big-data analytics culture involving data classification, multifactor authentication, encryption, rights management, machine learning for behavioural analytics and log analytics to spot user anomalies and irregular/suspicious patterns, which could provide potential clues in advance to prevent impending or ongoing security breaches.
Use a trusted public cloud: Contrary to the misconceptions, a trusted public cloud provider brings to the companies a hyper-scale and enterprise-grade data security and privacy protection. Today’s public cloud data centers provide the deepest data security capabilities in a centralised way, which is not replicable (or financially prohibitive) in an individual enterprise environment. However, choosing a provider which has a global standing on providing a comprehensive security compliance and privacy certifications for its cloud services and data centres, including being transparent about its commitments, is the key. On the other hand, using trusted cloud services also reduces IT, security and privacy management, maintenance and compliance costs to very low levels.
Cybersecurity cannot be a piecemeal effort and each organisation must have a 360-degree security framework. This includes having a comprehensive protect-detect-respond posture and commensurate investments and resources, coupled with regular assessment and review of its cybersecurity practices to protect its identity, data, apps, devices and infrastructure.
Keshav Dhakad is regional director of Microsoft Asia’s Digital Crimes Unit. View the original article here.