Businesses in Asia should take cues from gaming as the way players approach a game can be applied to the real-world to help companies harness the power of cloud computing, Rik Ferguson, VP Security Research, Trend Micro, told delegates at the CLOUDSEC 2017 in Singapore today (22 August 2017).
Just as how players need to gain experience points in order to do well in a game, businesses need to do the same. They can do so by first understanding the market forces (eg. EU's General Data Protection Regulation), technology landscape and the threat landscape affecting them as they adopt the cloud, said Ferguson.
Since the digital world exposes organisations to more cyberthreats, organisations need to provide the right training to employees to reduce the risk of becoming a victim of a cyberattack.
"Most cyberattacks target employees as humans are usually the weakest link. As such, cybersecurity trainings should be cyclical. Organisations today should also consider going beyond traditional IT orientations and sandbox employees (i.e. expose them in real-life scenarios in a safe environment such as phishing your own employees)," advised Ferguson.
Step 2: Gear up
Once organisations have garnered experience points, they should then secure their journey to the cloud. Despite the many security solutions available in the market today, Ferguson reminded delegates that there is no silver bullet. Organisations thus need to be strategic and find security solutions and strategies that fit their needs.
Agreeing with him, Simon Piff, vice president of IT Security Practice, IDC Asia/Pacific, highlighted that companies need to understand their own environment in order to protect the business.
For instance, organisations need to understand what are their crown jewels (eg. core intellectual property or personable identifiable information of customers), as well as know how well-equipped they are to protect those 'treasures' from persistent threats, he added.
Only by having these knowledge will more organisations be able to take a proactive approach to cybersecurity, unlike the current state in which 84 percent of businesses in APeJ are in stage 1 and 2 of IDC's IT Security MaturityScape Benchmark Report, meaning that they are mostly reactive.
Step 3: Changing your game play
As businesses adopt cloud, IT teams and organisations need to change their approach to and perception of cybersecurity.
"IT teams need to re-evaluate 'best practices' that have been built over time; they should no longer be the department of no," advised Ferguson. They should also "acknowledge security holes, the lack of security training etc" in their organisations in order to take the right steps to improve their security, he added.
Sign up for CIO Asia eNewsletters.