With the population becoming more digitally-savvy and businesses more connected, more data is being stored and exchanged in the virtual realm. Therein lies the risk of cyber-threats as an important gating factor to success. The recent SWIFT cyber-heist saw US$81 million loss of funds across countries including Vietnam and Bangladesh, illustrating the need for strong and effective cybersecurity in both personal and business sectors. Cybersecurity risks entail much more than just data breaches and privacy issues; they also include intellectual property theft, cyber extortion, and the chain effects of business interruptions and reputational damage.
Designing your Business' Cyber-Defense Blueprint
1. Research. In a new environment, organisations need to especially look out for existing governance and regulations as well as the business drivers unique to each market. Cybersecurity readiness starts with having a comprehensive understanding of both internal and external vulnerabilities that can affect any business, such as how hackers can gain unwarranted entry including their different methods and motives. An effective cybersecurity strategy cannot work in isolation. Improve public-private-partnership and know the governance and regulatory bodies that you can seek help or guidance from such as Indonesia's Cyber Security Agency (BCN).
2. Identify. Next, identifying the different types of cyber fraud schemes and common threats - from phishing and spoofing scams, social engineering, malware, systems hacking, pharming, to everything in between - is key. This will provide an indication of the security maturity in the country.
3. Inform and Educate. Then, businesses should develop a security policy that is ingrained into their corporate culture. Keeping employees regularly informed of cybersecurity risks is one way to fortify the overall IT security strategy, as some security breaches can be due to 'human error' such as employees' oversight. The policy must seep through every process and the decision of the business. Organisations should also educate employees about the warning signs, safe practices, and responses to a suspected takeover.
4. Verify. Businesses should verify financial requests and confirm details preferably face-to-face or via the phone, instead of relying on emails to converse through any financial transaction. They should also use a two-step verification process to ensure tighter security in approving outgoing funds. This will help protect them from any information leaks, hacks or loss.
5. Protect. Cybersecurity has always been a technological battle between organisations and threat actors, Businesses should always ensure they have the necessary and most updated technology, processes and procedures to secure and control access to critical information before taking the plunge. In addition, organisations should bridge the gap between digital and physical cybersecurity controls (access, biometric, etc.) that would streamline security operations while strengthening the overall defense.
6. Detect & Automate. Leverage analytics and the corresponding wealth of threat intelligence from internal and external sources to drive programmed responses, both reactive and proactive, in the face of actual or threatened attacks.
Sign up for CIO Asia eNewsletters.