Increasingly, government-related agencies are also getting involved in the security scenario: either as perpetrators or victims of cyber attacks. Are there lessons in the government's defence approach that enterprises can learn from?
Organised crime, sabotage, espionage, terrorism, civil disobedience and the theft of intellectual property are issues that have moved from the physical world to the digital one because the reliance and ubiquity of the Internet has made cyber attacks on people, networks and systems both possible and effective.
Today, all the data and systems we have exposed to the Internet have produced new opportunities for malicious attacks. These opportunities have likewise produced an associated class of attackers who are often well-funded, motivated and innovative. They conduct reconnaissance, are more operationally proficient, frequently use custom, never before seen malware and will often do whatever they can to mask and hide their activity.
Whether or not cyber attacks are politically and socially motivated, they cause damage far beyond the single intended victim. Even though information security continues to evolve in sophistication, attacking networks and stealing confidential or classified information has arguably become easier thanks to popular new technologies that have introduced loopholes in enterprise security.
Current conditions have spurred organisations to become smarter by adding advanced technological intelligence into their online defences, which in turn requires new infrastructures capable of using sophisticated analytics to scale visibility across broad data sets, both diverse and complementary, in real time.
How do you see Asian companies approaching security vis-à-vis their Western counterparts?
Considering the global onset of cloud, mobile and social media, the key difference in security approaches is the attitude and commitment a company has in maintaining its security posture, regardless of wherever it operates in the world.
While many organisations remain in crisis response mode, some have moved beyond a reactive stance and are taking steps to reduce future risk. These forward-thinking companies see themselves as more mature in their security-related capabilities and better prepared to meet new threats.
Companies with advanced and competent security profiles share a few distinguishing traits. These include: clear recognition of the strategic importance of information security in the organisation and anticipation of increased spending on security over the next few years. Its business leaders are increasingly concerned about security issues, with mobile security a major focus due to the high rate of mobile workforces and wireless device adoption. Their attention has also shifted towards risk management and reducing future risk, and less on managing only current threats and regulatory issues.
As such, these traits illustrate the security maturity of an organisation as well as its ability to handle or avoid a breach. For instance, because the senior management recognises the need for a coordinated approach to security, advanced companies are more likely to have a dedicated security head with a strategic and enterprise-wide purview. Security issues are not ad-hoc topics but a regular part of business discussions. This, in turns, builds a more pervasive risk awareness across the business, where all employees take a proactive role in protecting their organisation. On the other hand, companies lacking a dedicated security leader suggest a more fragmented and tactical approach to security.
Sign up for CIO Asia eNewsletters.