Security is a priority more than ever for chief information officers (CIOs) in Asia and around the world as the number of hacker and DDos (distributed denial of service) attacks and other cybercrimes continue to rise.
Compounding this already daunting situation are constant reports of new vulnerability and privacy issues, raising concern among enterprises and users about data safety in the digital economy.
In Asia Pacific, more than half of IT (information technology) decision makers think DDoS attacks in particular are becoming increasingly effective at subverting IT security measures, according to BT’s recent DDoS Research.
The report said four in 10 IT decision makers are not convinced that their organisation has a response plan to counteract DDoS attacks.
Also, about 80 percent are not convinced that their organisation allocates enough resources to counteract these attacks, with all Hong Kong respondents showing lack of confidence in this aspect.
Industry data affirms this alarming phenomenon.
A report by PricewaterhouseCoopers indicates that cyberattack incidences have risen 48 percent yearly and are expected to get worse.
Every day, there are more than 100,000 attacks.
As a result, spending on security solutions is expected to double from US$74.5 billion this year to US$170 billion by 2020, according to InfoSecurity Magazine, and Asia Pacific will be among the top spenders in the world.
Besides knowing how to optimise investments on security and stepping up controls and compliance, a new perspective is needed to better manage security risks facing Asian enterprises.
These days, it is not enough to just look at the problem and put a corresponding solution to it.
Security in the digital era has become a more complicated issue and requires a more holistic approach.
Asian enterprises already do a lot to secure the digital backbone of their business.
However, it often still happens in bits and pieces and some gaps occur.
For instance, we tend to look at what is coming inbound towards our networks but it’s also important to look at the outbound part, what we share with the outside world and our behavior in general.
Traffic between systems
But looking at threats from inbound as well as in-between networks is equally important.
The internet is filled with “background noise” that we try to filter and many organizations don’t do good egress traffic filtering from one network to another.
Performing an analysis of your outbound traffic is an interesting exercise.
You might be surprised by what you find. If you have never done it before, do some trend analyses on your egress traffic only.
It remains important to watch the traffic destined to your network but it’s equally important to spend some quality time analysing the traffic leaving your network and even expand this to include traffic flows between your internal systems.
That’s one way of having a more holistic security perspective.
Security by design
Another important aspect to consider is standardization of cybersecurity and privacy standards as explained in a report by the European Union Agency for Network and Information Security, Privacy And Data Protection By Design.
Security by design is a growing best practice as security is often overlooked.
An effective approach would include building applications with security in mind from the very early stages, adding security in the end points, looking at the overall picture and behavior and identifying what happens in all directions of network traffic.
CIOs need a holistic strategy and connect all the pieces together — people, policies, protection and preparedness at all levels while balancing risk management and the keeping up with future demands of the evolving digital economy.
– Contact us at [email protected]