Opportunities to collaborate
Security is an issue that transcends boundaries, and both Tims and Slater raise then the need for enterprises today to work with other organisations in the area.
Security should not be seen as competitive, they note. "Most organisations believe they are better off than their competitors, [and] opportunities to collaborate may be missed."
Tims likens the need to creating partnership with professional services. "You've got different angles on the problems, why don't you share that knowledge, leverage that experience for the greater good?"
Slater says these conversations can be off the record, applying the Chatham House Rule. "You're a CIO, you're an executive level person," says Slater. "You know inherently what is competitive and what isn't competitive. You can make that decision.
"Do seek advice, counsel and conversation with your peers, your peer CIOs... even competitors.
"Don't be an island."
Asset rich, security challenged
The main steps companies can take is understanding their data and which of these attackers might find useful or gain something from , says Graeme Neilson, chief information security officer at Aura. "If you have data that is sensitive, where is that kept?"
As for lack of executive support for having a comprehensive security program, Neilson points out some businesses are purely driven by ROI for projects.
Neilson approaches this discussion by pointing to the concept of something familiar to executives: The physical security for corporate headquarters, with some areas requiring different security mechanisms. "Pretty much every company understands that if they don't have those controls, people will come in and bad things will happen."
Information security should be viewed in the same mode, he says. "If you don't secure your website, people will break into it and vandalise it or steal information from you. You have to assume that will happen if you don't secure it."
Yet, he states, a lot of business are not approaching information security this way. "It goes back to identifying your assets," he says, and which are "business critical". "What would happen if these were stolen, modified or deleted? If that ends your business, you need to spend money on security. That is not a difficult argument."
Sign up for CIO Asia eNewsletters.