Taking the easy way out, or cheaping out on preventative and mitigative measures are not the smart things to do.
APAC is home to 60% of the world’s megacities and that number is expected to climb to 62% over the next decade. This rapid urbanization is driving the need for the region to explore smart city developments to alleviate some of the urban challenges. However, while governments continue to leverage on the interconnectivity of smart cities to combat these pain points, these prized vaults of data amassed by the smart infrastructures inevitably place a huge bullseye target on ASEAN for cyberattackers.
Case in point, in March 2019, car manufacturer Toyota suffered a breach that leaked the personal data of over 3.1 million clients, and this was just the tip of the iceberg. Not only does this show security breaches are indiscriminate by industry or geographical location, it further illustrates organizations’ failure to understand and guard against the true threat to their data.
The absence of proper cybersecurity governance and framework means it is up to businesses to perform their due diligence to strategically ensure they are taking the proper steps to secure their data. What steps can companies take to better hone their risk consciousness? How can enterprises take an active approach to inspect their current security capabilities and stay one step ahead of the existing threats?
First step to recovery: Awareness
The key to solving any problem is to first identify and map out key areas of risks and variables that could expose the organization to vulnerabilities. Like a general preparing for an attack, organizations must first identify and decide which data assets require the highest level of protection and plan the protection accordingly. For example, in a bank, financial data would likely take precedence, while healthcare institutions will place priority on protecting patients’ confidential health records.
Holding the data fort
In times of a data breach, businesses tend to look to external factors as the first line of suspects—and they are not wrong. SolarWinds’ Cybersecurity APAC research revealed that external threats accounted for 43 % of all cybersecurity incidents experienced. To narrow down the areas of vulnerabilities and accurately identify and remove the perpetrators, businesses can incorporate the following security fundamentals:
- Strong antivirus
With the rapid advancement of malware, simply relying on signature-based scans is not enough. A strong antivirus, or even a full-blown endpoint protection built on collective intelligence, should be enforced to identify elements that look like malware, for example, attempts to edit a system registry.
- Timely patching
Unpatched software can be the biggest gate for cybercriminals to step through. Remember to keep patches current across all user bases to protect against software vulnerabilities.
- Diligent backup and disaster recovery
When it comes to protecting data, backup is crucial as it would help organizations get back on track with the least amount of time wasted. Search for something optimized for the cloud and remember to back up locally if you want a second copy for redundancy.
Beyond solely relying on the technical solutions, user training is equally, if not more, important. This is echoed by the research that highlighted 97% of workers felt ill-equipped to successfully implement or manage one or more cybersecurity tasks today given their current IT skillset. While many organizations see training as a way of checking a box, I would advise against falling into this trap as security trainings ensure your employees are able to leverage the solutions available to guard against threats.
When rotting develops from the core
Organizations often face high employee turnover rates and frequent job rotations in order to optimize staff utilization. Unfortunately, this results in poor control of employee access authorization as the company struggles to keep track of staff movement in real-time. This means that organizations are susceptible to the risk of current and former employees accidentally and/or deliberately leaking important data, because irrelevant employees may still retain their old privileges to confidential information. In fact, SolarWinds found that 65% of respondents attributed the largest portion of cybersecurity threats to internal users. To combat this, an access rights management system is necessary to help keep user privileges in check:
- Enlist the help of data owners (not just your IT Staff!) to set up and manage privileges
The data owners interact and utilize the assets on a frequent basis. Having them set up, allocate, and modify access rights would ensure no unauthorized access goes undetected, and those who require the access would be properly set up to perform their task.
- Leverage automated monitoring tools to alert status changes or unusual asset movements, which could be indicative of system compromises
- Regular process audits to weed out protocol inadequacies in security procedures
Prevention is better than cure
Even with the best laid defense, skilled cybercriminals can still break in. Often the measure of a good security system lies in how well it can detect and respond to threats. That is where a strong security information and event management (SIEM) tool steps in.
SIEM collects and aggregates log data generated throughout the organization’s technology infrastructure and simplifies them for processing. Furthermore, by relying on artificial intelligence to flag important security events, it notifies the team to investigate further, reducing the number of false positives and negatives, saving both cost and time over time.
Not if, but when
Despite new legislation necessitating greater commitment to data protection, data management and privacy, the increasingly complex data landscape will continue to breed vulnerabilities. It is no longer a matter of if but when an attack takes place and how quickly businesses can address and recover from the breach. Nonetheless, the wealth of data this digitalized world brings promises opportunities for businesses that can successfully navigate security challenges and make sense of their digital assets.