It is necessary for companies to go above and beyond when securing their data. The issue with IT security is that it is hard to quantify the business value of keeping data secure and chief executives often under-estimate the impact an intrusion can have one the company's bottom line.
One of the weaknesses in almost every company's data security policy is not the network itself but the people who use it. Endpoint users can help hackers overcome all your defences simply by clicking on a link that they shouldn't have. More often than not these larger international companies will have decent security in place as long as they constantly communicate best practices to their employees effectively.
The smaller local organisations such as SMEs generally tend not to have advanced security strategies in place nor are they aware of the threats they are facing. Many seem content to think that they are too small to be targeted. Which is entirely untrue. Take for example the quite recent spate of ransom hacking that has been taking place in Australia. Hackers target SMEs with unsophisticated security, take over their databases, encrypt them and then hold the data ransom. More often than not these companies have no option but to pay to have their data released.
Quite a number of SMEs that I have spoken to believe that they don't have the budget to mount effective security solutions. They should evaluate their security risks and take appropriate precautions. If they are connecting to the Internet just to access the internet and do not host any data themselves, then they can use an enterprise grade firewall with capabilities to secure against most modern attacks.
In case, they host some data that external entities can access, then they would need to take care of protecting that as well. Another option would be to outsource their IT security needs to external vendors so they can rest at ease knowing that their incoming and outgoing sever traffic is being monitored 24x7.
How can local businesses change their strategy to cope with the new threats?
Being aware of the threats is an important first step. Given that SME's may not have the resources to have a full cyber security division, they can leverage the expertise being built by the government agencies or managed security services provider companies.
While outsourcing their security to third parties, the companies should be aware of what type of security is the third party offering. In many cases, we have seen that the hosting service providers either don't mention the level of security in their contracts or just provide the basic level of security which is really not sufficient for the types of attacks that are happening nowadays. This takes us back to step number one - be aware of the threats and ask your vendors what they are doing to protect you from that.
Sign up for CIO Asia eNewsletters.