On the positive side, it is clear that Asian businesses are well aware of the security risks inherent in doing business today and amplified by M&A and other leadership changes. The PwC Global State of Information Security® Survey 2014 put Asia in the top security spot again with an 85% year-on-year increase in security spending and good progress on the adoption of security measures such as intrusion-detection technologies. On average, security spending is a significant part of the overall IT spend, with higher spending by companies that invest more in research and intellectual property and by organizations concerned with health and public safety, such as hospitals and emergency services.
CIO security checklist
Addressing these challenges, here are my top three action items for executives in Asia to consider when assessing their security provisions.
Understand your security posture
To what risk level is your organization exposed? What technologies, policies, procedures and controls protect you from threats? How effective is this technical and non-technical security infrastructure?Do you regularly review firewalls and logs, searching for evidence of a breach?
With a clear picture of your business risks and resources, you'll be better able to identify and prioritize next steps. Your approach to security must evolve as threats, technologies, supply chains and regulations change. In the past, security protocols were primarily risk-based; then they became rules-based. Today, they are becoming increasingly anomaly-based, using business intelligence technologies to detect unusual system activity.
Periodic reassessment of your security posture, including regular security assessments and threat analysis, will help you determine how your current systems need to be improved. A security assessment may highlight a gap in your defences or discover an undetected breach. Given the pace at which the security landscape is changing, it will certainly uncover some room for improvement.
Integrate security into decision making
What are the security implications of your business development projects and growth strategies? What is the monetary value of security? Is proactive risk management stifled by a focus on compliance?
Providing the CIO with a seat at the strategy development table will help your business identify security threats and data-driven business opportunities. It should ensure that proper security is in place before new policies (such as BYOD) are deployed, and it may help youdrive cultural change to prevent security breaches and prioritize planning to mitigate the impact of cyber-attacks.
Select the right security technologies, policies, tools and partners
What do you need to keep pace with escalating security risks? Can you consolidate your basic security solutions and invest more wisely? How are you supporting employees and third-party partners to protect your business data and intellectual property?
Sign up for CIO Asia eNewsletters.