"Security can be a differentiator, a factor which improves an organisation's brand equity and gives it a competitive advantage," said Fortinet market development director, Southeast Asia and Hong Kong, Alvin Rodrigues. "Thus, security should not be an afterthought to business planning."
The cyber attacks on corporations such as Adobe, SONY and Target in recent years showed the impact of attacks and the importance of being prepared. These corporations were able to communicate corrective steps which helped preserve confidence and trust, while greatly reducing the negative impact on their company stock price.
"Building a business-aligned security framework helps organisations define its business critical assets and prioritise protection and counter measures against threats aimed at these assets," said Rodrigues. "Such a framework also creates a corporate awareness security culture. Such awareness is critical as humans are often the weakest link. A strong framework reinforces the notion that security is every employee's responsibility."
"With security threats becoming smarter, faster and more diverse than ever, constant rethinking of security strategy is required," said Ahnlab-Channel Solution technical director, ASEAN, Kamil Jumat. "Real-time behaviour analysis is increasingly critical as is multi-dimensional security which combines signature, signature-less and reputation feed methods to detect both known and unknown malware from entering the IT infrastructure."
All types of threats
Checkpoint Software Technologies SE manager, South Asia, Ginnwann Teo agreed stating that networks needed protection against all types of threats. This called for multi-layered security protection and a collaboration platform. "Many cyber security vendors carry out research individually for targeted attacks and provide unique intelligence," said Teo. "However, the data is spread out amongst vendors, making it complex to acquire and deploy. Collaboration is needed to combat attacks and this means accessible intelligence and proactive protection which are simple to operate and implement."
"Information security programmes must be aligned to business objectives and reflect business strategy," reiterated keynote speaker Sun Life Malaysia Assurance Berhad head of information security Elissa Cher Geik. "Senior management support is crucial in determining such programmes and ensuring a top-down approach towards security."
In determining the maturity of their programme, organisations need to develop a strategic approach. "Identify benchmarks which will determine the maturity of your security program but be realistic in determining your goals and be prepared for setbacks," said Cher. "Competitive and regulatory environment will also affect your maturity progress."
Cher concluded with the reminder that it was a challenge to stay at the highest maturity level. "Information security programmes can never stay static in this dynamic world. Technology and threats change too quickly," she said.
(A more complete event coverage feature will being published in Security special edition, which will be sent direct to subscribers to the print edition of Computerworld Malaysia.)
Sign up for CIO Asia eNewsletters.