So if responsibility for the safe-keeping of your data lies with you; you had best keep it safe.
Q: Should companies and governments go on the offence and fight back by attacking hackers? Or would it be better to continue focusing on prevention?
JH: In the industry we like to refer to this as "active defence," or "strike-back technology," and these can take the form of simply steps to distract a hacker to other more controversial tactics.
There are some actions that organisations can take by themselves like collaborate with research organisations and host their honeypot servers - these severs are designed in such a way that they look like real servers but don't have real data. This way, research organisations get access to the attack traffic from the hackers so that they can build more effective tools.
Also, there are multiple efforts underway where organisations and government are collaborating to fight back. There have been documented cases where companies in North America collaborated with FBI to track and bring down extremely large botnet operations. Since these networks are not country specific - it requires a very high level of cooperation and coordination between multiple countries to make the security more effective.
SR: It would be a good idea to leave that to the proper authorities. Companies have to focus on their bottom line in addition to keeping their network and data secure.
Q: With hackers increasing in numbers and launching more advanced attacks, it seems that companies need to continually increase their investment in security solutions (hardware and/or software). Does this mean that SMEs are at a disadvantage? In your opinion, what are the security solutions that every company should have?
SR: While SMEs are not at a disadvantage, they do have limited budgets and expertise to focus on building secure networks. That is why it is important to work with system integrators that have security expertise and understand the technology available to better protect networks. A good example is Unified Threat Management appliances or what's known as UTM. These are all-in-one appliances providing a breadth of coverage including Intrusion Prevention (IPS), Anti Virus (AV), SPAM blocking, Web security (URL filtering) and Data leakage protection (DLP) along with application control to manage user access to applications each day, such as Facebook, and the time they spend and the bandwidth they use. So these appliances not only protect, they also can improve productivity.
JH: Admittedly, the ability to spend more shoring up your network security would help, but that does not mean that SMEs are sitting ducks. There are many affordable enterprise grade security solutions that are available for the SME market. Barracuda Networks itself is one of the companies that puts a lot of time and effort into ensuring products are affordable and scalable for SMEs.
Sign up for CIO Asia eNewsletters.