The world is in the midst of massive technological change. Unprecedented breakthroughs are bringing the physical and digital worlds closer than ever before. Complex technologies, such as big data, analytics, machine learning, artificial intelligence and the Internet of Things (IoT), promise to open up a world of unparalleled growth opportunities. The other side of the coin is that the risk of confidential data being maliciously collected, stored and disseminated is on the rise with these technologies. Cybersecurity attacks are also increasingly becoming more common and sophisticated.
The IoT revolution is integrating technology even more deeply into the way businesses function today. IoT for businesses can include devices such as GPS, alarm systems, web cameras, Point-of-Sale systems or even the security locks that are used to secure physical doors. While these facilitate the day-to-day business operations, IoT devices are inherently weak on built-in security, leaving serious vulnerabilities in the ecosystem.
Alarmingly, according to our survey The State of Cybersecurity in Asia-Pacific, the biggest cybersecurity challenge for organisations in the region is the lack of awareness among employees. Business owners on the other hand, hesitate to strengthen their cybersecurity capabilities. This is true especially for smaller firms, where they often do not have dedicated technical experts, or budgets to allocate for advanced cybersecurity tools.
Proactive, rather than reactive
In the aforementioned survey, 77% respondents in the financial sector from India indicate that their organisations place more importance on detection of and response to cyberthreats rather than prevention.
This “detect and respond” approach seems to be the de facto strategy for firms when it comes to cybersecurity, but this is inadequate in an environment where companies, big or small, are sitting on large amounts of data which are constantly exposed to the risks of a breach. Further, policymakers around the world are waking up to the grave threat that cybercrime poses to data security and are coming up with legislation like the EU’s General Data Protection Regulation (GDPR).
Businesses that get their security right generally do so because security is prioritised in their business from the beginning, rather than treated as an afterthought. The responsibility of ensuring a sound cybersecurity strategy should not be relegated to the IT department – rather, a strong security posture can only be upheld if everyone in the organisation immerse themselves into the security conversation and do their part in managing security of their devices – before a breach or attack happens. This means that cybersecurity must be understood at the board or management level as a business enabler and strategic imperative, rather than a tactical necessity.
No doubt, threat management is an advanced discipline that requires people with the right experience, knowledge and skills to make sense of the complex data. This information may come from multiple interconnected sources, which can be a challenging task for even the largest enterprises to take on in-house. Collaborating with a cybersecurity tools provider may be the most logical solution, although companies should keep in mind that a good security approach is one that finds the balance between the amount of risk that the company is willing to embrace versus the budget that is available to spend on security tools and methodologies.
For some, this may even include the consideration of purchasing cyber insurance, which however, is not a replacement for a robust information security programme. Strong security controls and a comprehensive information security programme are prerequisites for purchasing cyber insurance.
Of course, any good cybersecurity strategy has to go hand-in-hand with ensuring that employees are kept up to date on how to protect their devices. Employees are often the first line of defence against cyberattacks, though they could also be the weakest link in the cybersecurity chain. Given the rapidly evolving nature of the cyberthreat landscape, businesses need to commit to an ongoing, constant and consistent programme for cybersecurity education to better equip all employees with the necessary skills to build better defences against such attacks.
A secure path to success
Equipping a company with the right tools and educating employees on cybersecurity may seem like a daunting task but the alternative can even mean being put out of business. Companies need to understand the severity of attacks and data breaches, and how such incidents can be hard to recover from. Taking a preventative approach is no longer an option but a necessity in today’s digital age. Enterprises that place cybersecurity at the heart of their decision making are likely to be the ones that thrive to make it to the next era.
By Anil Bhasin, Regional Vice President – India and SAARC, Palo Alto Networks