Global cyber security threats continue to evolve with greater volume and sophistication than ever before. Even so, it is possible to confidently protect your business from the impact of current and future cyber attacks if you are proactive and give security the prominence it demands within your organisation. In practical terms, this means understanding your risk profile, elevating and expanding the role of the information security officer, and strengthening your security ecosystem.
Asia's vulnerability to cyber crime is rising as Internet and telecommunications penetration grows across the region. South Korea, China and India are now among the world's top 10 countries for malware infections,[i] while computers in Sri Lanka, India and Malaysia are more likely to be infected by a computer virus than those in the United States, with Indonesia not far behind.[ii]
All organisations need to have a holistic understanding of their risk profile including their ability to detect, resist, and respond to cyber security threats. Fortunately, today's businesses can take advantage of highly accurate data on the threats and problems that security events can create thanks to increased threat intelligence and network visibility. The loss of data and business disruption arising from a cyber attack can cost millions of dollars, severely damage an organisation's reputation, and embroil it in complex compliance issues. Globally, malicious security breaches cost organisations an average of $840,000 in 2012 and typically took 80 days to detect and more than four months to resolve.[iii] The one thing we can count on is that tomorrow's threats will be just as relentless, but evermore sophisticated.
While the threats do loom large, we need to put them into perspective. Cyber security is simply the cost of doing business in a connected world.
Every organisation today must be proactive about the security of its data and networks, including all the various connection points into those assets through mobile devices or cloud applications. Constant vigilance is required and every part of the IT infrastructure needs appropriate protection. From your service provider's global telecommunications network to the corporate data centre, the sales manager's laptop and the intern's mobile phone, you cannot avoid the tyranny of the weakest link. But nothing compares to the business risk and financial costs of not being prepared.
Even small companies now have access to advanced technologies and expert advice and can rely on managed security service providers (MSSP) to outsource the heavy lifting of network protection. For most, however, a mindset change is also required: moving from crisis-response mode to more strategic risk management.
Organisations with a proactive approach to security make it an enterprise-wide priority.
Sign up for CIO Asia eNewsletters.